An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.

Throwback Thursday: The Number of the Beasts

The Virus Bulletin Virus Prevalence Table, which ran from 1992 until 2013, gave users a regular snapshot of what was really going on in the virus world, recording the number of incidents of each virus reported to VB in the preceding month. In August…

Read more  

All Your Meetings Are Belong to Us: Remote Code Execution in Apache OpenMeetings

During an audit of the Apache OpenMeetings program code, Andreas Lindh came across two vulnerabilities which, with some additional trickery, would allow for an unauthenticated attacker to gain remote code execution on the system, with knowledge of an…

Read more  

Throwback Thursday: 'In the Beginning was the Word...'

Word and Excel’s internal file formats used to be something in which few were interested – but the appearance of macro viruses in the mid 90s changed all that, as Andrew Krukov explains.

Read more  

Throwback Thursday: Hash Woes

In 2004, the entire crypto community was abuzz with the news that a group of Chinese researchers had demonstrated flaws in a whole set of hash functions - VB took a closer look to clarify the situation and draw lessons from the incident.

Read more  

VB2015 paper: Mobile Banking Fraud via SMS in North America: Who’s Doing it and How

Nearly every day, cybercriminals are using scams over mobile messaging to execute several types of money-stealing mobile attacks on North American banks. This paper will use real-world data obtained from various mobile operators showing cybercriminal…

Read more  

Throwback Thursday: Viruses on the Internet

In August 1996, Sarah Gordon explored attitudes to virus distribution facilitated by the Internet, predicting that our increased reliance on the Internet for communication, and the retrieval of information from untrusted systems, would bring more…

Read more  

VB2015 paper: VolatilityBot: Malicious Code Extraction Made by and for Security Researchers

VolatilityBot is a new automation tool for researchers which cuts all the guesswork and manual tasks out of the binary extraction phase of malware analysis. Not only does it automatically extract the executable (exe), but it also fetches all new…

Read more  

VB2015 paper: Will Android Trojans, Worms or Rootkits Survive in SEAndroid and Containerization?

William Lee (Sophos)
Rowland Yu (Sophos)

Android 5.0 is trying to set itself up as a safe corporate mobile operating system by touting SEAndroid and containerization. The enforcement of SEAndroid and containerization has been changing the way OEMs and security vendors respond to security…

Read more  

Throwback Thursday: The Thin Blue Line

In 1994, UK Fraud Squad detectives started making inroads into the most puzzling 'Whodunnit' since the Great Train Robbery. Had an outbreak of computer crime swept Britain? No, it was all part of a police training program.

Read more  

VB2015 paper: Effectively testing APT defences: defining threats, addressing objections to testing, and suggesting some practical approaches

Simon PG Edwards (Dennis Technology Labs)
Richard Ford (Florida Institute of Technology)
Gabor Szappanos (Sophos)

As targeted attacks gain more attention, and protection developers pay more attention to the implementation of new defensive technologies, the need arises for the testing of product efficacy with respect to this new kind of threat. However, compared…

Read more  

Search the Bulletin

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.