An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.
According to the Online Trust Alliance, almost 10 billion ad impressions were compromised by malvertising in 2012 and malvertising incidents increased by more than 250% from Q1 2010 to Q2 2010. In this article, Bianca Stanescu and colleagues look at…
Read morePython obfuscation is relatively rare. In the latest of his ‘Greetz from academe’ series, highlighting some of the work going on in academic circles, John Aycock takes a look at a research paper in which the authors reverse engineered a 'hardened'…
Read moreNeurevt is a relatively new HTTP bot that already has a lot of functionalities along with an extendable and flexible infrastructure. Zhongchun Huo takes a detailed look at its infrastructure, communication protocol and encryption scheme.
Read moreWhen one has a nice idea – such as a tricky method for encoding data – it is common to take that idea and improve on it. It is rare to see someone take such an idea and degenerate it, but that’s exactly what we see in W32/Tussie.B. Peter Ferrie…
Read morePeter Ferrie revisits W32/Lerock and its so-called ‘virtual code’ - which, despite some updates and tweaks still lends itself to simple detection by anti virus software.
Read moreWe have seen hundreds, if not thousands, of variations of Zeus in the wild. The main goal of the malware does not vary, yet different functionalities have been added over time. Raul Alvarez takes a detailed look at some of those functionalities and…
Read moreLysa Myers (ESET)
It has often been said that the reason the general public does not take IT security seriously is that there has not been a sufficiently serious IT security disaster to make them take notice. But have leaks about the NSA given us the ‘cyber-Chernobyl’…
Read moreJohn Aycock considers Internet censuses and a tool that can scan almost the entire IPv4 address space in search of the answer to a given census question in less than 45 minutes.
Read moreRunning an iframe injector on a compromised virtual hosting server can easily result in the infection of hundreds of web servers in just a few seconds. Aditya Sood and colleagues look at the design of a basic injector: NiFramer.
Read moreUK banks' cyber defences put to the test in large-scale simulated attack.
Read more