An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.

Throwback Thursday: One_Half: The Lieutenant Commander?

In October 1994, a new multi-partite virus appeared, using some of the techniques developed by the Dark Avenger in Commander_Bomber. As if this were not enough, the One_Half virus could also encrypt vital parts of the fixed disk. Eugene Kaspersky…

Read more  

VB2015 paper: Dare ‘DEVIL’: beyond your senses with Dex Visualizer

Jun Yong Park (AhnLab)

Given the rapid growth of Android applications and malware, the use of behaviour-based methods is one of the most promising approaches for malware detection. Many security researchers are struggling with how to determine malicious behaviours and…

Read more  

VB2015 paper: Ubiquity, Security and You – Malware, Security and the Internet of Things

Heather Goudey (Independent researcher)
Jasmine Sesso (Microsoft)

This paper looks at the state of the AV industry in the context of the Internet of Things (IoT) in 2015, then drills down into the specific security implications faced, as well as, the current approaches taken to address them. We examine the…

Read more  

VB2015 paper: Solving the (In)security of Home Networked Devices

Pavel Sramek (Avast Software)
Martin Smarda (Avast Software)

In the past few years, not a VB conference has gone by without a talk about someone hacking the devices they have at home. Be it routers, NAS-es or ‘smart’ TVs, there has always been one thing in common: the vendors have ignored the problems and…

Read more  

How It Works: Steganography Hides Malware in Image Files

Digital steganography is a method of concealing a file, message, image or video within another file, message, image or video. The technique is used by a piece of malware popularly known as Stegoloader (or W32/Gatak), a trojan or downloader for…

Read more  

VB2015 paper: Anonymity is King

Anthony Joe Melgarejo (Trend Micro)

After a series of takedowns of command and control (C&C) servers related to notorious banking and ransom malware such as GameOver Zeus, CryptoLocker and Citadel, cybercriminals started to look for innovative ways to make their infrastructure…

Read more  

Throwback Thursday: The Number of the Beasts

The Virus Bulletin Virus Prevalence Table, which ran from 1992 until 2013, gave users a regular snapshot of what was really going on in the virus world, recording the number of incidents of each virus reported to VB in the preceding month. In August…

Read more  

All Your Meetings Are Belong to Us: Remote Code Execution in Apache OpenMeetings

During an audit of the Apache OpenMeetings program code, Andreas Lindh came across two vulnerabilities which, with some additional trickery, would allow for an unauthenticated attacker to gain remote code execution on the system, with knowledge of an…

Read more  

Throwback Thursday: 'In the Beginning was the Word...'

Word and Excel’s internal file formats used to be something in which few were interested – but the appearance of macro viruses in the mid 90s changed all that, as Andrew Krukov explains.

Read more  

Throwback Thursday: Hash Woes

In 2004, the entire crypto community was abuzz with the news that a group of Chinese researchers had demonstrated flaws in a whole set of hash functions - VB took a closer look to clarify the situation and draw lessons from the incident.

Read more  

Search the Bulletin

Bulletin Archive