An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.

VB2019 paper: Exploring Emotet, an elaborate everyday enigma

Luca Nagy (Sophos)

Since its appearance more than five years ago, the Emotet trojan has been – and remains – the most notorious and costly active malware. This paper discusses the reverse engineering of its components, as well as the capabilities and features of…

Read more  

VB2019 paper: Shinigami’s revenge: the long tail of the Ryuk malware

Gabriela Nicolao (Deloitte)
Luciano Martins (Deloitte)

Ryuk is a ransomware family that, unlike regular ransomware, is tied to targeted campaigns where extortion may occur days or weeks after an initial infection. Ryuk was first observed in August 2018 and remains active as of July 2019. This paper…

Read more  

VB2019 paper: Geost botnet. The story of the discovery of a new Android banking trojan from an OpSec error

Sebastian García (Stratosphere Laboratory and Czech Technical University in Prague)
Maria Jose Erquiaga (Stratosphere Laboratory and UNCUYO University)
Anna Shirokova (Avast Software)

Maintaining a good operational security (OpSec) is difficult because it increases the cost of work and decreases the speed of actions. This is true both for security analysts and for attackers. This VB2019 paper describes a botnet, known as Geost,…

Read more  

Guest article: Threat analysis report Save Yourself malware

Reason Labs

VB2019 Platinum partner Reason Cybersecurity presents a threat analysis report on the Save Yourself malware.

Read more  

VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles

Peter Kálnai (ESET)
Michal Poslušný (ESET)

The number of incidents attributed to the Lazarus Group, a.k.a. Hidden Cobra, has grown rapidly since its estimated establishment in 2009. In this paper, ESET researchers Peter Kalnai and Michal Poslusny look at various cells within the group, that…

Read more  

VB2018 paper: Fake News, Inc.

Andrew Brandt (Sophos)

As the world grapples with massive disinformation campaigns waged by the intelligence agencies of hostile nations, we should not forget that such activities are not limited to the purview of the Bears or Pandas of the world, and that even relatively…

Read more  

Alternative communication channel over NTP

Nikolaos Tsapakis (independent researcher)

Nikolaos Tsapakis explores Network Time Protocol (NTP) as an alternative communication channel, providing practical examples, code, and the basic theory behind the idea.

Read more  

VB2018 paper: Under the hood: the automotive challenge

Inbar Raz (Argus Cyber Security)

In an average five-year-old car, there are about 30 different computers on board. In an average new car, there are double that number, and in some cases up to 100. That’s the size of network an average SMB would have, only there’s no CIO/CISO, and…

Read more  

VB2018 paper: Android app deobfuscation using static-dynamic cooperation

Yoni Moses (Check Point)
Yaniv Mordekhay (Check Point)

Malicious Android applications are quite common, and can even be found from time to time in the Google Play Store. Thus, a lot of work has been done in both industry and academia on Android app analysis, and in particular, static code analysis. One…

Read more  

VB2018 paper: Anatomy of an attack: detecting and defeating CRASHOVERRIDE

Joe Slowik (Dragos)

CRASHOVERRIDE is the first publicly known malware designed to impact electric grid operations. Reviewing previously unavailable data covering logs, forensics, and various incident information, in this paper Joe Slowik outlines the CRASHOVERRIDE…

Read more  

Search the Bulletin

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.