Bulletin

An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.

IcoScript: using webmail to control malware

Win32.Trojan.IcoScript.A is a classic remote administration tool, but it has a particular way of communicating with its control server. It is very modular and it abuses popular web platforms (such as Yahoo and Gmail) for command and control…

Read more  

Bird's nest

Usually, prepending viruses are relatively easy to clean and remove – just cut off the prepended virus and, in theory, the host file should be restored. However, in the case of prepending file infector Neshta, simply cutting the virus off will not do…

Read more  

Mayhem – a hidden threat for *nix web servers

Evgeny Sidorov (Yandex)
Konstantin Otrashkevich (Yandex)

Andrew Kovalev and colleagues describe ‘Mayhem’ – a new kind of malware for *nix web servers that has the functions of a traditional Windows bot, but which can act under restricted privileges in the system.

Read more  

API-EPO

Most file infectors attempt to avoid heuristic detection by implementing an EPO (entry-point obscuring) technique. Raul Alvarez takes a close look at W32/Daum - a simple file infector, but which uses a unique EPO methodology.

Read more  

Not old enough to be forgotten: the new chic of Visual Basic 6

Marion Marschalek (Cyphort)

Marion Marschalek looks at the unusual case of Miuref samples that use two different runtime packers to protect against being analysed: one binary being wrapped in a C++ protector, and another in a Visual Basic 6 wrapper.

Read more  

Obfuscation in Android malware, and how to fight back

Axelle Apvrille (Fortinet)

Axelle Apvrille and Ruchna Nigam take an in-depth look at obfuscation techniques encountered while analysing Android malware - including both use of off-the-shelf products and custom obfuscation techniques.

Read more  

Learning about Bflient through sample analysis

The Bflient worm was first discovered more than four years ago. Meng Su and Dong Xie study recent variants of the malware and show how its flexible module-handling mechanism allows it to adjust functionalities at will.

Read more  

VBA is not dead!

Gabor Szappanos (Sophos)

In the past five years, macro malware could be considered practically extinct – thanks mostly to the security improvements introduced into Microsoft Office products. However, in recent months, a resurgence of malicious VBA macros has been observed –…

Read more  

Inside the iOS/AdThief malware

Axelle Apvrille (Fortinet)

The discovery of new iOS malware is generally pretty hot news for an anti-virus analyst. In March 2014, Claud Xiao discovered iOS/AdThief, a piece of malware which hijacks advertisement revenues and redirects them to the attacker. Axelle Apvrille…

Read more  

The curse of Necurs, part 3

In the first and second parts of his series on the Necurs rootkit, Peter Ferrie looked at what it does to hook the system. In part 3, he takes a look at what those hooks actually do.

Read more  

Search the Bulletin


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.