An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.

LokiBot: dissecting the C&C panel deployments

Aditya K Sood

First advertised as an information stealer and keylogger when it appeared in underground forums in 2015, LokiBot has added various capabilities over the years and has affected many users worldwide. This paper analyses the URL structure of the LokiBot…

Read more  

VB2019 paper: The cake is a lie! Uncovering the secret world of malware-like cheats in video games

Santiago Pontiroli (Kaspersky)

With more than 2.5 billion gamers from all over the world, it’s no wonder that at least a fraction of them would bring into action additional tools to gain an unfair advantage over their opponents in the virtual world. This is one of the many reasons…

Read more  

VB2019 paper: Rich Headers: leveraging this mysterious artifact of the PE format

Peter Kálnai (ESET)
Michal Poslušný (ESET)

Ever since the release of Visual Studio 97 SP3, Microsoft has placed an undocumented chunk of data between the DOS and PE headers of every native Portable Executable (PE) binary produced by its linker without any possibility to opt out. The data…

Read more  

VB2019 paper: Medical IoT for diabetes and cybercrime

Axelle Apvrille (Fortinet)
Aamir Lakhani (Fortinet)

This paper evaluates the threats diabetic patients face when they use smart glucose monitoring devices.

Read more  

VB2019 paper: Spoofing in the reeds with Rietspoof

Jan Sirmer (Avast Software)
Adolf Streda (Avast Software)
Luigino Camastra (Avast Software)

Rietspoof is a piece of malware that is multi-staged, using different file types throughout its infection chain. It contains several types of stages – both extractors and downloaders; the fourth stage also contains support for remote-control…

Read more  

Behind the scenes of GandCrab’s operation

AhnLab Security Analysis Team (AhnLab)

The GandCrab ransomware was active from January 2018 to May 2019. During its active state, numerous variants were distributed worldwide, causing much damage. This report examines the battle that went on between security vendor AhnLab and the GandCrab…

Read more  

VB2019 paper: King of the hill: nation-state counterintelligence for victim deconfliction

Juan Andres Guerrero-Saade (Chronicle)

While allied organizations engage in a bureaucratic process of victim deconfliction, adversarial organizations have turned to embedding anti-virus-like techniques into their malware in order to do the same. This paper focuses on in-the-wild examples…

Read more  

VB2019 paper: Catch me if you can: detection of injection exploitation by validating query and API integrity

Abhishek Singh (Prismo Systems)
Ramesh Mani (Prismo Systems)

Injection flaws are one of the topmost risks and have ruled as such for a decade. The research community has extensively discussed exploitation details for SQL, NoSQL, OS command and LDAP injection exploits. This paper will dive into the technical…

Read more  

VB2019 paper: Never before had Stierlitz been so close to failure (or: what is a Soviet super-spy doing in a popular bundleware for Mac?)

Sergei Shevchenko (Sophos)

This paper looks at a popular macOS bundleware that employs some surprising techniques. Not only does it employ anti-debugging, strings/API encryption and Mach-O runtime decompression techniques, its developers went as far as embedding a full…

Read more  

VB2019 paper: Exploring the Chinese DDoS threat landscape

Nacho Sanmillan (Intezer)

Chinese threat actors have been shown to be predominant in the DDoS ecosystem, there being a high volume of known cross-platform DDoS botnets with alleged Chinese origin operating in Linux as well as Windows systems and exercising long-term…

Read more  

Search the Bulletin

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.