Bulletin

The Bulletin is an indispensable source of reference for anyone concerned with the prevention, detection and removal of computer threats, including but not limited to malware and spam.

Between 1989 and 2014, VB published the monthly, subscriber-based Virus Bulletin magazine. The Bulletin is a continuation of that publication, but with more frequent releases - the Bulletin is available free of charge and requires no registration.

On a regular basis (at least once a month), the Bulletin provides:

  • Thought-provoking news and opinions from respected members of the security industry.
  • Detailed analyses of the latest threats.
  • Feature-length articles exploring new developments and techniques in the global threat landscape.
  • Updates on the latest global cybercrime strategies.
  • Comparative reviews featuring the unique VB100 and VBSpam award schemes.

Some of our recent articles:

Dylib hijacking on OS X

DLL hijacking is a well known class of attack which, until now, was believed only to affect Windows. However, in this paper, Patrick Wardle shows that OS X is similarly vulnerable to dynamic library hijack attacks.

Windows 10 patching process may leave enterprises vulnerable to zero-day attacks

Microsoft recently announced its new patch roll-out strategy for the latest incarnation of the Windows operating system. Aryeh Goretsky considers how the Windows 10 patching process might affect both the enterprise and the home user.

VB2014 paper: Leaving our ZIP undone: how to abuse ZIP to deliver malware apps

Both Android and Java malware, delivered via ZIP-based packages, have reached high volumes in the wild, and continue to grow at a rapid rate. In his VB2014 paper, Gregory Panakkal explores the ZIP file format, focusing specifically on APK files as handled by the Android OS. He also explores new malformations that can be applied to APK files to break typical AV engine unarchiving, thus bypassing content scanning, while keeping the APK valid for the Android OS.

Script in a lossy stream

Dénes Óvári describes a PoC file that demonstrates a new way to store data in PDF files.

VB2014 paper: The pluginer - Caphaw

Caphaw, also known as Shylock, has been a quiet, yet persistent player on the botnet scene since 2011. It stands in great contrast to most botnet malware in that it was released with complete functionality rather than being released into the wild while still in the testing phase. The bold nature of the campaign (an easily identifiable entry point code sequence) was backed up by Caphaw’s intricately designed code structure which made it hard for analysts to create a complete profile of its malicious behaviour with various obfuscation and anti-sandbox techniques. In their VB2014 paper, Micky Pun and Neo Tan discuss the technical aspects of handling the anti-reversing strategies devised by the malware writer and evaluate how Caphaw could become a permanent fixture in the botnet scene in the future.

VB100 comparative review on Windows 7 SP1 64-bit

The latest VB100 comparative on the evergreen Windows 7 resulted in a pleasingly high success rate with just a few products failing to make the grade for certification - John Hawes has the details.


Archive issues

Browse the archives of Virus Bulletin magazine here (free of charge).

Reprints

VB offers a reprint service to companies wishing to purchase professionally printed glossy style copies of articles from the Bulletin or PDF excerpts from the VB100 and VBSpam comparative reviews.