Bulletin

An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.

Neurevt botnet: new generation

Neurevt first appeared over a year ago – its many components cover a large number of the most popular malicious functionalities, including downloading malware, DDoS attacks and website sniffing. He Xu discusses the major changes that have been…

Read more  

Anatomy of Turla exploits

Elevation of privilege (EoP) vulnerabilities can allow a program to run arbitrary code, regardless of that program’s current permission level – as a result, they draw a lot of attention from malware authors. Wayne Low describes two of the EoP…

Read more  

A grown-up industry

Martijn Grooten (Virus Bulletin)

‘We plan to increase our scope further and look even more at other areas of IT security.’ Martijn Grooten

Read more  

On cyber investigations. Case study: a money transfer system robbery

The current information landscape is pretty lacking when it comes to information about cyber investigations. Most reports on cybercrime cover only the results of an investigation, omitting the process, the investigative techniques and the specific…

Read more  

Greetz from academe: film at eleven

In the latest of his ‘Greetz from Academe’ series, highlighting some of the work going on in academic circles, John Aycock looks at PREC: practical root exploit containment for Android devices.

Read more  

The curse of Necurs, part 1

The Necurs rootkit is composed of a kernel-mode driver and a user-mode component. The rootkit makes use of some very powerful techniques, but fortunately it also has some chinks in its armour. Peter Ferrie describes its strengths and weaknesses.

Read more  

Tofsee botnet

The spam botnet Tofsee can be divided into three components: loader, core module and plug-ins. Ryan Mi describes how the components communicate with the C&C server, and how they work with one another.

Read more  

Back to VBA

Gabor Szappanos (Sophos)

Last month’s issue of Virus Bulletin featured a detailed analysis of the Polarbot (a.k.a. Solarbot) trojan. The article covered just about everything you could ever want to know about it – except for one thing: how does a computer end up being…

Read more  

Is the security industry up to the new challenges to come?

Working both as a product manager and as an IT security expert and evangelist for an IT security company, Sorin Mustaca has seen that, with the technologies and products that we have available, we can't mitigate all the attack vectors used by today’s…

Read more  

Threat intelligence sharing: tying one hand behind our backs

‘We will need to collaborate and implement standardized threat data sharing.' Chad Loeven

Read more  

Search the Bulletin


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.