An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.
Win32.Trojan.IcoScript.A is a classic remote administration tool, but it has a particular way of communicating with its control server. It is very modular and it abuses popular web platforms (such as Yahoo and Gmail) for command and control…
Read moreUsually, prepending viruses are relatively easy to clean and remove – just cut off the prepended virus and, in theory, the host file should be restored. However, in the case of prepending file infector Neshta, simply cutting the virus off will not do…
Read moreEvgeny Sidorov (Yandex)
Konstantin Otrashkevich (Yandex)
Andrew Kovalev and colleagues describe ‘Mayhem’ – a new kind of malware for *nix web servers that has the functions of a traditional Windows bot, but which can act under restricted privileges in the system.
Read moreMost file infectors attempt to avoid heuristic detection by implementing an EPO (entry-point obscuring) technique. Raul Alvarez takes a close look at W32/Daum - a simple file infector, but which uses a unique EPO methodology.
Read moreMarion Marschalek (Cyphort)
Marion Marschalek looks at the unusual case of Miuref samples that use two different runtime packers to protect against being analysed: one binary being wrapped in a C++ protector, and another in a Visual Basic 6 wrapper.
Read moreAxelle Apvrille (Fortinet)
Axelle Apvrille and Ruchna Nigam take an in-depth look at obfuscation techniques encountered while analysing Android malware - including both use of off-the-shelf products and custom obfuscation techniques.
Read moreThe Bflient worm was first discovered more than four years ago. Meng Su and Dong Xie study recent variants of the malware and show how its flexible module-handling mechanism allows it to adjust functionalities at will.
Read moreGabor Szappanos (Sophos)
In the past five years, macro malware could be considered practically extinct – thanks mostly to the security improvements introduced into Microsoft Office products. However, in recent months, a resurgence of malicious VBA macros has been observed –…
Read moreAxelle Apvrille (Fortinet)
The discovery of new iOS malware is generally pretty hot news for an anti-virus analyst. In March 2014, Claud Xiao discovered iOS/AdThief, a piece of malware which hijacks advertisement revenues and redirects them to the attacker. Axelle Apvrille…
Read moreIn the first and second parts of his series on the Necurs rootkit, Peter Ferrie looked at what it does to hook the system. In part 3, he takes a look at what those hooks actually do.
Read more