Virus Bulletin issue archive

The Bulletin is an indispensable source of reference for anyone concerned with the prevention, detection and removal of computer threats, including but not limited to malware and spam.

Between 1989 and 2014, VB published the monthly, subscriber-based Virus Bulletin magazine. The Bulletin is a continuation of that publication, but with more frequent releases - the Bulletin is available free of charge and requires no registration.

Virus Bulletin - December 2012

BYOD and the mobile security maturity model (comment); New tricks ship with Zeus packer (malware analysis); Compromised library (malware analysis); A journey into the Sirefef packer: a research case study (feature); Part 2: Interaction with a black hole (feature); VB100 comparative on Windows 8 Pro (comparative review)

view issue as HTML | PDF
view comparative as HTML | PDF

Virus Bulletin - November 2012

The cost of being scared safe (comment); Six flags over Texas (conference report); Is our viruses learning? (malware analysis); Ramnit bot (malware analysis); Dissecting Winlocker - ransomware goes centralized (malware analysis); Tracking the 2012 Sasfis campaign (feature); November 2012 VBSpam comparative review (comparative review)

view issue as HTML | PDF
view comparative as HTML | PDF

Virus Bulletin - October 2012

Is AV the old dog? (comment); Cridex botnet preview (malware analysis); Filename: BUGGY.COD.E (malware analysis); Inside a Black Hole: Part 1 (feature); Code injection via return-oriented programming (feature); Unpacking x64 PE+ binaries part 3: IDA, graphs and binary instrumentation (tutorial); Trojan Horse (book review); Operation Desolation (book review)

view issue as HTML | PDF
view comparative as HTML | PDF

Virus Bulletin - September 2012

Threat prevalence: your breach will have to wait (comment); 'Lahf'ing all the way (malware analysis); URLZone reloaded: new evolution (malware analysis); Pinterest scams - under the hood (feature); A global treaty on online threats (or the challenges of (inter)national cooperation) (feature); Unpacking x64 PE+ binaries part 2: using WinDbg (tutorial)

view issue as HTML | PDF
view comparative as HTML | PDF

Virus Bulletin - August 2012

IP addresses and privacy-sensitive data: a different point of view (comment); ZAccess detailed analysis (malware analysis); Inside the ICE IX bot, descendent of Zeus (malware analysis); Tussling with Tussie (malware analysis); Garbage collection (feature)

view issue as HTML | PDF
view comparative as HTML | PDF

Virus Bulletin - July 2012

Where should security reside? (comment); Noteven close (malware analysis); Tiny modularity (malware analysis); Malicious PDFs served by exploit kits (feature); Unpacking x64 PE+ binaries: introduction part 1 (tutorial); Quick reference for manual unpacking II (tutorial)

view issue as HTML | PDF
view comparative as HTML | PDF

Virus Bulletin - June 2012

Botnets in the browser (comment); So, enter stage right (malware analysis); Andromeda botnet (malware analysis); Automatically detecting spam at the cloud level using text fingerprints (technical feature); Malware design strategies for circumventing detection and prevention controls - part two (technical feature); Understanding the domains involved in malicious activity on Facebook (technical feature); EICAR 2012 (conference report)

view issue as HTML | PDF
view comparative as HTML | PDF

Virus Bulletin - May 2012

AV: Mind the gap (comment); evilMule in kernel mode - an analysis of the network functionality (malware analysis); Like a bat out of hell (malware analysis); Malware design strategies for circumventing detection and prevention controls - part one (technical feature); Mobile banking vulnerability: Android repackaging threat (technical feature); VBSpam comparative review

view issue as HTML | PDF
view comparative as HTML | PDF

Virus Bulletin - April 2012

Is Android simply Windows all over again? (comment); 'Amfibee'-ous vehicle (malware analysis); Zombifying targets using phishing campaigns (malware analysis); Quick reference for manual unpacking (tutorial); Francophile phishers (feature)

view issue as HTML | PDF
view comparative as HTML | PDF

Virus Bulletin - March 2012

Why you need to hack yourself (comment); Not 'Mifeve'-ourite thing (malware analysis); DroidDream mobile malware (malware analysis); What is DMARC and should you care? (spotlight); NCSC: public-private cooperation is key (spotlight)

view issue as HTML | PDF
view comparative as HTML | PDF

Virus Bulletin - February 2012

Living the meme (comment); If Svar is the answer... (malware analysis); Static analysis of mobile malware (tutorial); And the devil is six: the security consequences of the switch to IPv6 (feature); Behind enemy lines: reporting from the CCC 28C3 Congress (conference report)

view issue as HTML | PDF
view comparative as HTML | PDF

Virus Bulletin - January 2012

MUTE: the rebirth of centralized sharing (comment); This Sig doesn't run (malware analysis); Dissecting the NGR bot framework: IRC botnets die hard (malware analysis); The top 10 spam, malware and cybersecurity stories of 2011 (feature); Challenges for the London Action Plan (spotlight)

view issue as HTML | PDF
view comparative as HTML | PDF

 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.