An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.

Dexofuzzy: Android malware similarity clustering method using opcode sequence

Shinho Lee (ESTsecurity)
Wookhyun Jung (ESTsecurity)
Sangwon Kim (ESTsecurity)
Jihyun Lee (ESTsecurity)
Jun-Seob Kim (ESTsecurity)

This paper proposes the use of the ‘Dalvik EXecutable Opcode Fuzzy’ (‘Dexofuzzy’) hash to find similar malware variants without the need for an analyst to have systematic or mathematical knowledge.

Read more  

VB2019 paper: We need to talk – opening a discussion about ethics in infosec

Ivan Kwiatkowski (Kaspersky)

Several professionals defend the notion that technology and ethics have nothing to do with each other. This paper presents various schools of thought pertaining to the philosophy of justice, and explores how they could help us solve some of the…

Read more  

VB2019 paper: Inside Magecart: the history behind the covert card-skimming assault on the e-Commerce industry

Yonathan Klijnsma (RiskIQ)

Magecart is an umbrella term given to at least 12 cybercrime groups that are placing digital credit card skimmers on compromised e-commerce sites at an unprecedented rate and with frightening success. This paper presents a timeline of the Magecart…

Read more  

VB2019 paper: Exploring Emotet, an elaborate everyday enigma

Luca Nagy (Sophos)

Since its appearance more than five years ago, the Emotet trojan has been – and remains – the most notorious and costly active malware. This paper discusses the reverse engineering of its components, as well as the capabilities and features of…

Read more  

VB2019 paper: Shinigami’s revenge: the long tail of the Ryuk malware

Gabriela Nicolao (Deloitte)
Luciano Martins (Deloitte)

Ryuk is a ransomware family that, unlike regular ransomware, is tied to targeted campaigns where extortion may occur days or weeks after an initial infection. Ryuk was first observed in August 2018 and remains active as of July 2019. This paper…

Read more  

VB2019 paper: Geost botnet. The story of the discovery of a new Android banking trojan from an OpSec error

Sebastian García (Stratosphere Laboratory and Czech Technical University in Prague)
Maria Jose Erquiaga (Stratosphere Laboratory and UNCUYO University)
Anna Shirokova (Avast Software)

Maintaining a good operational security (OpSec) is difficult because it increases the cost of work and decreases the speed of actions. This is true both for security analysts and for attackers. This VB2019 paper describes a botnet, known as Geost,…

Read more  

Guest article: Threat analysis report Save Yourself malware

Reason Labs

VB2019 Platinum partner Reason Cybersecurity presents a threat analysis report on the Save Yourself malware.

Read more  

VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles

Peter Kálnai (ESET)
Michal Poslušný (ESET)

The number of incidents attributed to the Lazarus Group, a.k.a. Hidden Cobra, has grown rapidly since its estimated establishment in 2009. In this paper, ESET researchers Peter Kalnai and Michal Poslusny look at various cells within the group, that…

Read more  

VB2018 paper: Fake News, Inc.

Andrew Brandt (Sophos)

As the world grapples with massive disinformation campaigns waged by the intelligence agencies of hostile nations, we should not forget that such activities are not limited to the purview of the Bears or Pandas of the world, and that even relatively…

Read more  

Alternative communication channel over NTP

Nikolaos Tsapakis (independent researcher)

Nikolaos Tsapakis explores Network Time Protocol (NTP) as an alternative communication channel, providing practical examples, code, and the basic theory behind the idea.

Read more  

Search the Bulletin

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.