Latest Posts | Page 130


Want to impress friends with eccentric ways to send SMS messages? This article is for you. As a matter of fact - and closer to the official goal - this article can also help analysts spot unexpected SMS sending in malware. SMS for Java-kiddies Sending SMS from a Java ME midlet is simple enough for any kid :) Import the MessageConnection and TextMessage package: import javax.wireless.messaging.MessageConnection; import javax.wireless.messaging.TextMessage; Instantiate a MessageConnection object and a TextMessage object of type TEXT_MESSAGE.... [Read More]
by RSS Axelle Apvrille  |  Jun 07, 2010  |  Filed in: Security Research
Earlier this month I was at EICAR 2010, a very nice conference, with interesting technical talks and nice people to discuss with. I can't resist posting a few brief notes and comments on the talks I enjoyed the most: Parasitics: The Next generation - Vitaly Zaytsev, Josh Phillips, Abishek Karnik The authors note that viruses are better and better protected against reverse engineering and, in their talk, they mainly presented a recent trend, which consists in using a Virtual Machine (in the "Java" sense of the word, not the "VMWare" one)... [Read More]
by RSS Axelle Apvrille  |  Jun 04, 2010  |  Filed in: Security Research
The security industry is full of some of the best innovators that enterprise technology has ever seen. Security requires rapid, well-executed innovation due to the ever-changing threats from the hacker community. Without security innovation, companies and individuals sit defenseless against new threats from cyber criminals. However, there has been a looming dark threat to security innovators -- Trend Micro has a long history of aggressively pursuing competitors with what has turned out to be considered an invalid patent. The good news is that a... [Read More]
by RSS Patrick Bedwell  |  Jun 02, 2010  |  Filed in: Security Research
Our May 2010 Threat Landscape Report has been posted, here's a recap of activity from the report: Over the past year we have frequently discussed the rise of PDF-based attacks via exploits that attack software vulnerabilities, and drop malware when a malicious document is being read. These documents are favored in targeted attack scenarios, since documents go hand-in-hand with social engineering. However, in late April 2010 we saw a new PDF exploit being circulated in high volume through an ongoing spam campaign. The vulnerability, first... [Read More]
by RSS Derek Manky  |  Jun 01, 2010  |  Filed in: Security Research
Tags:
Fortinet is conducting a 2010 network security survey. Completing the 15 multiple choice questions automatically enters takers into a drawing for a chance to win one of three new Apple iPads. By taking this survey, you are helping us better understand what the users see as significant trends that are occurring in the security industry. While your answers will remain anonymous, we ask for your email at the end of the survey so that you can be notified should you be one of the three lucky iPad winners. Winners will be announced in August. Questions... [Read More]
by RSS Rick Popko  |  May 26, 2010  |  Filed in: Security Research
Waiting for the next transit flight is usually particularly boring, except in a very few circumstances. I was lucky, as this is what happened while I was on my way to CONFIDENCE 2010 in Krakow: I am always amused by such errors, especially when they occur in others' code and in unexpected situations. In that particular case, I wonder what happened to nsclient++.exe (a 'secure' monitoring daemon) - apart from obviously a NULL pointer issue - and how this error message is supposed to be of any help to passengers. Well, of course, maybe this was... [Read More]
by RSS Axelle Apvrille  |  May 25, 2010  |  Filed in: Security Research
It's a little known fact that the month of May is actually Zombie Awareness Month. While many pay homage with movie marathons and even reenacting zombie activities (well, some zombie activities) during pub crawls and horror conventions, we thought we’d give you some life-saving details on how to stop a different kind of zombie… The Zombie Computer! While an infected zombie computer won't eat your brains for sustenance, they can still inflict a great deal of pain and misery to computer users. A zombie computer allows an unauthorized person... [Read More]
by RSS Rick Popko  |  May 20, 2010  |  Filed in: Security Research
Some time ago, we came across a new Windows Mobile Trojan dialer named WinCE/Terdial!tr.dial. Under the cover of a FPS game (Antiterrorist 3D) or a Windows Mobile codec package (codecpack.cab), this Trojan actually has the victim's phone call international premium rate phone numbers (IPRN), i.e phone numbers for which a given service is provided and, of course, higher prices are charged ;). More information is available in our Virus Encyclopedia, or just search the web for numerous alerts on the matter. On my side, I have been playing Sherlock... [Read More]
by RSS Axelle Apvrille  |  May 17, 2010  |  Filed in: Security Research
[Read More]
by RSS Rick Popko  |  May 12, 2010  |  Filed in: Security Research
Recently, Facebook unveiled its strategy to conquer the web. The company introduced a new kind of plugin deemed "Social Plugins", essentially allowing third-party "partner" sites to access your Facebook profile information upon visiting them -- in order to "improve your experience". While the idea is great, from a webmaster's point of view, there are obvious privacy concerns for Facebook users. The first week, about 50,000 third parties websites had already integrated it. It adds up to the recent changes at Facebook's policies, implying that... [Read More]
by RSS David Maciejak  |  May 12, 2010  |  Filed in: Security Research