Bulletin

An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.

Inside the ICE IX bot, descendent of Zeus

Aditya Sood and colleagues present an analysis of ICE IX bot, a descendent of the Zeus bot which demonstrates how one bot can give rise to another.

Read more  

Tussling with Tussie

There are multiple ways to hide the decoder, such as by forcing Windows to apply a relocation delta, or by using obscure instruction side effects. Now, W32/Tussie shows us a way to hide the encoded data. Peter Ferrie has the details.

Read more  

ZAccess detailed analysis

Neo Tan (Fortinet)
Kyle Yang (Fortinet)

Recently, we have seen a new trend in ZAccess: less is more. In around March 2012, the aggressive self-defence technique had disappeared from some variants, and in June 2012, the whole rootkit was removed, making it a completely user-mode piece of…

Read more  

IP addresses and privacy-sensitive data: a different point of view

‘[In] the digital realm ... we tread very carefully and avoid reporting [incidents] for fear of divulging sensitive data, i.e. the IP address.' Wout de Natris.

Read more  

Researchers discover extent of data collected by iPhone apps

Researchers find that an alarming number of iOS apps access data without the user’s permission.

Read more  

VB welcomes

VB welcomes newest member of the team.

Read more  

Tiny modularity

Researchers have found a small piece of malware capable of doing just as much as its bigger brothers. Raul Alvarez looks at the structure of the malware, its code injections and modular execution and describes how the tiny ‘Tinba’is capable of doing…

Read more  

Unpacking x64 PE+ binaries: introduction part 1

Aleksander Czarnowski describes some of the main differences between the PE and PE+ file formats from the perspective of the binary unpacking process.

Read more  

Noteven close

Code virtualization is a popular technique for making malware difficult to reverse engineer and analyse. W32/Noteven uses the technique, but has such a buggy interpreter that it's a wonder the code works at all. Peter Ferrie has the details.

Read more  

Where should security reside?

‘It seems logical that, in the future, security must move closer to the information.' Greg Day, Symantec.

Read more  
Previous1...4546474849...114Next

Search the Bulletin


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.