Publications

We’ve had quite a number of published papers and articles over the years, you can find links to most of them below:

 

Title/Link Date Published

2009

The full paper presented at the 2009 Virus Bulletin Conference, entitled:

‘Virtual Machines for Real Malware Capture and Analysis’
is available in PDF (Adobe Acrobat) format.

This paper will show how useful virtual machines are to security professionals, using VMware as a working platform. It will also discuss ways to use VMware to not only analyse what a new malware does, but also how to set up virtual machines and networks to capture malware. It will also discuss a selection of known anti-vm malware [including Conficker] and the ways they detect that they are running in a virtual machine.

September 2009

Have You Been Confickered?

March 2009

2008

The full paper written for the 2008 Virus Bulletin Conference, entitled:

Malware Forensics : Detecting the Unknown
is available in PDF (Adobe Acrobat) format.

This paper covers how to deal with a system/network which may be infected by new or currently unknown malware.

This paper will look at what tricks, tools and techniques you can use to help establish the true state of the ‘suspect’ system. It will focus on a step by step approach of what tools to use, what to look for and what to do with any suspicious files. It will also discuss the use of forensic tools in such a
scenario, as a last port of call. The paper will draw on real scenarios where new [undetected] malware has been responsible for ‘odd’ system or network behaviour.

This is an updated version of the EICAR 2008 paper.

Oct 2008

The full paper written for the 2008 EICAR Conference, entitled:

 

‘Where To Now: Detecting The Unknown?’
is available in PDF (Adobe Acrobat) format.

 

This paper covers how to deal with a system/network which may be infected by new or currently unknown malware.

This paper will look at what tricks, tools and techniques you can use to help establish the true state of the ‘suspect’ system. It will focus on a step by step approach of what tools to use, what to look for and what to do with any suspicious files. It will also discuss the use of forensic tools in such a
scenario, as a last port of call. The paper will draw on real scenarios where new [undetected] malware has been responsible for ‘odd’ system or network behaviour.

May 2008
2007: The Year of the Social Engineer? – Virus Bulletin January 2008

2007

Book Review: Birds of a Feather… – Virus Bulletin November 2007

The full paper written for the 2007 Virus Bulletin Conference, entitled:

 

‘The Journey, So Far: Trends, Graphs and Statistics’
is available in PDF (Adobe Acrobat) format.

 

This covers malware, right from the initial ideas of ‘self reproducing machines’, at the end of the 1940s up to the end of July 2007 when malware [and its use] has become a commercial business. The paper includes lots of data, including malware firsts, trends and statistics. It looks at not only the birth and development of malware over the years, but also the birth and development of anti-malware tools and techniques.

September 2007
HaTeMaiL EMAIL! – Virus Bulletin July 2007
Book Review: Let’s Kick Some Bot! – Virus Bulletin June 2007
An African A-F-F-air… – Virus Bulletin April 2007
A Phish With A Sting In The Tail – Virus Bulletin March 2007

2006

The full paper written for the 2006 Virus Bulletin Conference, entitled:

‘Rootkits – Risks, Issues and Prevention’
is available in PDF (Adobe Acrobat) format.

This covers what rootkits are, and more importantly, what they are not. The risks and other issues they bring to corporations, academia and home users alike. The paper also suggests a number of ways to address these risks and issues. These range from simple methodologies through to technological solutions and tools.

October 2006

The full paper written for the 2006 EICAR Conference, entitled:

‘Spyware: Risks, Issues and Prevention’
is available in PDF (Adobe Acrobat) format.

This covers what spyware is, the risks and other issues spyware brings to corporations, academia and home users alike. The paper also suggests a number of ways to address these risks and issues. These range from simple methodologies through to technological solutions and tools.

May 2006

2005

Zo-To-Business – Virus Bulletin October 2005

The full paper written for the 2005 Virus Bulletin Conference, entitled:

‘Bots and Botnets – Risks, Issues and Prevention’
is available in PDF (Adobe Acrobat) format.

This covers how Bot and Botnets work, the risks and other issues they bring to corporations, academia and home users alike. The paper also suggests a number of ways to address these risks and issues. These range from simple methodologies through to technological solutions and tools.

October 2005

The full paper written for the 2005 EICAR Conference, entitled:

‘Anti-Malware Tools: Intrusion Detection Systems’
is available in PDF (Adobe Acrobat) format.

This covers how SNORT can be used to detect malware (viruses, worms, trojans) as well as the more usual network threats that IDS is normally used to detect.

May 2005

2004

Malware in a Pig Pen – Part 2, Virus Bulletin November 2004
Malware in a Pig Pen – Part 1, Virus Bulletin October 2004

The full paper written for the 2004 Virus Bulletin Conference, entitled:

‘Canning More Than SPAM With Bayesian Filtering’
is available in PDF (Adobe Acrobat) format.

This covers how Bayesian Filtering can be used to detect not just SPAM but also scams and malware (viruses, worms, trojans).

September 2004

 

The full paper written for the 2004 Open University – Combating Vandalism in Cyberspace Conference, entitled:

Mind Wars: Attack of the Memes’
 is available in PDF (Adobe Acrobat) format.

This covers the impact of Hoaxes, Scams, Chain E-Mail, Urban Legends, etc. on companies and suggests ways to help control or eliminate the effects they have on network/e-mail resources and staff productivity. This is an updated version of my VB2001 paper.

March 2004

2003

 

The full paper written for the  2003 Virus Bulletin Conference, entitled:

Worm Charming: Taking SMB Lure to the Next Level’
 is available in PDF (Adobe Acrobat) format.

This covers the use of, and how to improve the effectiveness of SMB Lure, both for the benefit of corporate and other institutions, as well as for anti-virus and other security companies.

September 2003

 

You are the Weakest Link, Goodbye! – Passwords, Malware and You, Virus Bulletin July 2003

 

Out of Africa… – Virus Bulletin May 2003

 

Are You Being [Opa]Serv[ed]? – Virus Bulletin January 2003

2002

The full paper written for the 2002 Virus Bulletin Conference, entitled:

 

‘When Worlds Collide’
is available in PDF (Adobe Acrobat) format.

The first part of this paper investigates the differences in the way security issues are approached in both camps (Security and Anti-Virus). 

The second part of this paper looks at the new ‘Blended’ or ‘Automated hacking’ worms (such as CodeRed, Nimda, Goner and Gokar) and other malware, which are starting to appear. This will require closer co-operation (or strategic partnerships) with others in different camps (AV or Security) to tackle these new complex threats.

September 2002

You are the Weakest Link, Goodbye! – Malware Social Engineering Comes of Age, Virus Bulletin March 2002

2001

 

The full paper written for the 2001 Virus Bulletin Conference, entitled:

 

‘Hoaxes and Other Electronic Ephemera’
is available in PDF (Adobe Acrobat) format.

This covers the impact of Hoaxes, Scams, Chain E-Mail, Urban Legends, etc. on companies and suggests ways to help control or eliminate the effects they have on network/e-mail resources and staff productivity.

September 2001

2000

 

Safe Hex in the 21st Century – Part 2, Virus Bulletin July 2000

 

Safe Hex in the 21st Century – Part 1, Virus Bulletin June 2000

 

Lotus Notes – Part 2, Virus Bulletin February 2000

 

Lotus Notes – Part 1, Virus Bulletin January 2000

1999

 

The full paper written for the Compsec ’99 International Conference, entitled:

 

‘Implementing Anti-Virus (Anti-Malware) Controls in the Corporate Arena’
is available in PDF (Adobe Acrobat) format.

This paper offers guidance for setting an anti-malware policy for your company and cover a number of emerging threats and suggests strategies to help combat them.

November 1999

 

The full paper written for the 1999 Virus Bulletin Conference, entitled:

 

‘Viruses & Lotus Notes – Have Virus Writers Finally Met Their Match?’
is available in PDF (Adobe Acrobat) format.

This covers Lotus Notes and Domino and how to use the in-built security to help minimise malware attacks.

September 1999

1997

 

The full paper written for the 1997 Virus Bulletin Conference, entitled:

 

FAT32 – a new problem for anti-virus or viruses?
is available in PDF (Adobe Acrobat) format.

This covers the impact of FAT32 (Part of Windows 95B/98) on computer viruses and anti-virus software.

September 1997

1996

 

The full paper written for the 1996 Virus Bulletin Conference  entitled:

‘Anti-virus in the Corporate Arena’
is available in PDF (Adobe Acrobat) format.

This paper covers how anti-virus software works, and offers guidance for setting an anti-virus policy for your company.

September 1996

All Virus Bulletin articles and papers are also copyrighted by Virus Bulletin

(except the VB2003, VB2004, VB2005, VB2006, VB2007, VB2008 and VB2009 papers which are copyrighted by IBM,
the VB2002 Paper is copyrighted by both IBM and Virus Bulletin).

All Virus Bulletin articles offered here were kindly supplied by Virus Bulletin and are used with their permission.