Bulletin

An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.

VB2015 paper: Ubiquity, Security and You – Malware, Security and the Internet of Things

Heather Goudey (Independent researcher)
Jasmine Sesso (Microsoft)

This paper looks at the state of the AV industry in the context of the Internet of Things (IoT) in 2015, then drills down into the specific security implications faced, as well as, the current approaches taken to address them. We examine the…

Read more  

VB2015 paper: Solving the (In)security of Home Networked Devices

Pavel Sramek (Avast Software)
Martin Smarda (Avast Software)

In the past few years, not a VB conference has gone by without a talk about someone hacking the devices they have at home. Be it routers, NAS-es or ‘smart’ TVs, there has always been one thing in common: the vendors have ignored the problems and…

Read more  

How It Works: Steganography Hides Malware in Image Files

Digital steganography is a method of concealing a file, message, image or video within another file, message, image or video. The technique is used by a piece of malware popularly known as Stegoloader (or W32/Gatak), a trojan or downloader for…

Read more  

VB2015 paper: Anonymity is King

Anthony Joe Melgarejo (Trend Micro)

After a series of takedowns of command and control (C&C) servers related to notorious banking and ransom malware such as GameOver Zeus, CryptoLocker and Citadel, cybercriminals started to look for innovative ways to make their infrastructure…

Read more  

Throwback Thursday: The Number of the Beasts

The Virus Bulletin Virus Prevalence Table, which ran from 1992 until 2013, gave users a regular snapshot of what was really going on in the virus world, recording the number of incidents of each virus reported to VB in the preceding month. In August…

Read more  

All Your Meetings Are Belong to Us: Remote Code Execution in Apache OpenMeetings

During an audit of the Apache OpenMeetings program code, Andreas Lindh came across two vulnerabilities which, with some additional trickery, would allow for an unauthenticated attacker to gain remote code execution on the system, with knowledge of an…

Read more  

Throwback Thursday: 'In the Beginning was the Word...'

Word and Excel’s internal file formats used to be something in which few were interested – but the appearance of macro viruses in the mid 90s changed all that, as Andrew Krukov explains.

Read more  

Throwback Thursday: Hash Woes

In 2004, the entire crypto community was abuzz with the news that a group of Chinese researchers had demonstrated flaws in a whole set of hash functions - VB took a closer look to clarify the situation and draw lessons from the incident.

Read more  

VB2015 paper: Mobile Banking Fraud via SMS in North America: Who’s Doing it and How

Nearly every day, cybercriminals are using scams over mobile messaging to execute several types of money-stealing mobile attacks on North American banks. This paper will use real-world data obtained from various mobile operators showing cybercriminal…

Read more  

Throwback Thursday: Viruses on the Internet

In August 1996, Sarah Gordon explored attitudes to virus distribution facilitated by the Internet, predicting that our increased reliance on the Internet for communication, and the retrieval of information from untrusted systems, would bring more…

Read more  

Search the Bulletin