Latest Posts | Page 130


More often than not, malware stealthily infects systems and lifts valuable data long before it is ever detected, let alone eliminated. That said, it's not surprising that some of the most pernicious threats often go underestimated, or are dismissed altogether. But what happens when the opposite is true, when fear and panic surrounding malware come to a dramatic crescendo - so much so that users place valuable resources and security dollars into fighting a costly, but non-existent, threat? That was a hard lesson to learn for one Commerce Department... [Read More]
by RSS Stefanie Hoffman  |  Aug 01, 2013  |  Filed in: Business and Technology
Spam has plagued e-mail users since its inception. Users obtain a brand new e-mail address only to be pummeled with spam and phishing campaigns usually within a matter of hours. Without fail, cybercriminals seem to have access to a never-ending supply of e-mail addresses and other personally identifying information to fuel spam, phishing and malware activities. That isn't by accident. One of the ways cybercriminals can tap into that bottomless well of personally identifying information is through a Directory Harvesting Attack (DHA). "A DHA... [Read More]
by RSS Stefanie Hoffman  |  Jul 31, 2013  |  Filed in:
Up to now, mobile malware were certainly growing, but still minor compared to PC malware. Well, this is about to change. We have recently acknowledged a mobile malware getting in our top 10 virus activity, where usually there were only PC malware. The (sad) winner is Android/Plankton.B!tr, with a record prevalence of 4.42% (note: prevalence is the number of new hits in a given time frame divided by the number of fortigates reporting during that same interval of time). This would currently rank it as the 6th most active virus - PC malware included.... [Read More]
by RSS Axelle Apvrille  |  Jul 29, 2013  |  Filed in: Security Research
It's everywhere in the news, and I couldn't resist trying to figure out how it works. I think I roughly found out but we'll have to wait for Karsten Nohl's presentation at BlackHat to see if I was right :) Getting ciphertexts Mobile phones are capable of receiving OTA (Over The Air) commands ('update', 'get status'...) in the form of SMS messages sent by their service provider. Fortunately, those messages support encryption and integrity checks. More specifically, the secure packet header specifies the algorithm and key set identifier to use... [Read More]
by RSS Axelle Apvrille  |  Jul 24, 2013  |  Filed in: Security Research
Story Around the end of June, I found a new Kelihos binary that was being pushed to all the proxy peers from Kelihos' job servers. At that time, I assumed the binary was just a typical bug fix build. But on July 14th, my Kelihos tracker stopped getting new peers. I then realized the update in late June was a new build which changed the communication protocol and encryption scheme. So, I took some days to reverse this new Kelihos build. First Look After successfully unpacking the build, I found it was compiled with the Crypto++ library which... [Read More]
by RSS Kyle Yang  |  Jul 18, 2013  |  Filed in: Security Research
Yesterday Oracle released a whopping 89 fixes to many of their products, 27 of which could allow remote code execution. In Eric Maurice's post (Mr. Maurice is Oracle's Director of Software Security Assurance), he outlines some of the most important fixes: - 6 fixes target Oracle Database, one of which allows remote exploitation without any authentication. CVE-2013-3751 goes into detail about the exploit. - 21 fixes target Oracle Fusion Middleware, of which 16 allow remote unauthenticated exploit. Some of these are related to CVE-2013-2461, which... [Read More]
by RSS Richard Henderson  |  Jul 17, 2013  |  Filed in: Industry Trends
Popular social media/sharing site Tumblr posted a quick note on their official blog indicating that their iOS app wasn't using SSL to pass login and password details when their users were logging in via the app. An astute reader of popular tech news site The Register initially reported the issue. What does this mean for you? If you've used Tumblr's app on your iPhone, iPad or iPod Touch anywhere other than at home - say a public WiFi hotspot at the airport or elsewhere - it's entirely possible that someone sniffing that network could have captured... [Read More]
by RSS Richard Henderson  |  Jul 17, 2013  |  Filed in: Industry Trends
Recently I received this SMS on my mobile phone. Basically, it tells me I have to call back 018377xxxx to collect a parcel. As this phone number is not premium and I was indeed waiting for a parcel, I nearly fell in for the trick. Figure 1. SMS scam received on the phone. It says: "E-Relay Hello, your parcel Ref: M794610 is waiting for you since July 8th, 2013. More details at 018377xxxx" I guess that AV analysts get suspicious about everything, and I checked it on a search engine. I quickly found out that plenty of other victims were complaining... [Read More]
by RSS Axelle Apvrille  |  Jul 17, 2013  |  Filed in: Security Research
Patch management is as fundamental to your security posture and health of your network as changing the oil on your car. It's also as easy to overlook until it's too late. Simply defined, patch management is the process of repairing security flaws and vulnerabilities found in various IT infrastructure discovered after the components have been released on the market. Organizations with dedicated IT management and security teams sport network administrators that oversee patch distribution and other management activities via Web-based interface. A... [Read More]
by RSS Stefanie Hoffman  |  Jul 16, 2013  |  Filed in: Industry Trends
Shortly after 10:00am Jun 25th 2013, many government websites from South Korea were not accessible. It was actually caused by the malware performing ddos attack on 2 major DNS servers (ns.gcc.go.kr and ns2.gcc.go.kr). Original Attack Vector During the investigation, we managed to find the original attack sample which was served by a compromised website at that time (simdisk.co.kr). The downloaded file named SimDisk_setup.exe turned out to be a self-extracting RAR file. In this SFX RAR file were sitting 2 files: Simdiskup.exe file SimDiskup.exe... [Read More]
by RSS Kyle Yang  |  Jul 14, 2013  |  Filed in: Security Research