Bulletin

An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.

New Keylogger on the Block

Gabor Szappanos (Sophos)

This paper provides an overview of the KeyBase trojan, both the keylogger itself and the server-side management component. Additionally, we will look at an example of when this trojan was used.

Read more  

VB2015 paper: DDoS Trojan: A Malicious Concept that Conquered the ELF Format

In their VB2015 paper, Peter Kálnai and Jaromír Hořejší look at the current state of DDoS trojans forming covert botnets on unsuspecting systems. The paper provides a technical analysis of the most important malware families, with a specific focus on…

Read more  

VB2015 paper: The Kobayashi Maru dilemma

Morton Swimmer (Trend Micro)
Nick FitzGerald (Independent researcher)
Andrew Lee (ESET)

How do you win a game when the rules don’t let you? You change the rules! In the computer security field, one possible game-changer is aggressively fighting back. Star Trek’s fictional James T. Kirk changed the Kobayashi Maru simulation from a no-win…

Read more  

VB2015 paper: Attack on the Drones

Oleg Petrovsky (HP)

This paper analyses various popular multi-rotor unmanned aerial vehicle (UAV) configurations and controllers for susceptibility to known and proof-of-concept security attacks. The study includes analysis of existing malicious attack claims and their…

Read more  

VB2015 paper: Speaking Dyreza Protocol. Advantages of 'Learning' a New Language

Alexandru Maximciuc (Bitdefender)
Cristina Vatamanu (Bitdefender)

Most malware families are capable of evading detection and ensuring long persistence on infected machines through their update mechanisms. However, if one is able to reverse engineer such a sample and simulate C&C communication, invaluable…

Read more  

Throwback Thursday: Finnish Sprayer: Electronic Graffiti

Finnish Sprayer was first found in Finland in December 1993, and quickly spread throughout the country. It was not long before it was found in Sweden, Russia and Estonia, and it may well have spread even further. Mikko Hyppönen analyses this typical…

Read more  

Throwback Thursday: Hypponen, that Data Fellow

A career in IT was almost inevitable for Mikko Hyppönen’ - even before his birth, his mother was working at the Finland State Computing Centre. She brought her two sons up in the world of IT, ensuring a computer was always among their toys. In 1994,…

Read more  

VB2015 paper: Economic Sanctions on Malware

Financial pressure can be a proactive and potentially very effective tool in making our computer ecosystems safer. By cleverly employing various trust metrics and technologies such as digital signing, watermarking, and public-key infrastructure in…

Read more  

Throwback Thursday: One_Half: The Lieutenant Commander?

In October 1994, a new multi-partite virus appeared, using some of the techniques developed by the Dark Avenger in Commander_Bomber. As if this were not enough, the One_Half virus could also encrypt vital parts of the fixed disk. Eugene Kaspersky…

Read more  

VB2015 paper: Dare ‘DEVIL’: beyond your senses with Dex Visualizer

Jun Yong Park (AhnLab)

Given the rapid growth of Android applications and malware, the use of behaviour-based methods is one of the most promising approaches for malware detection. Many security researchers are struggling with how to determine malicious behaviours and…

Read more  

Search the Bulletin