Latest Posts | Page 130


Missed those talks at VB2011? A few notes on a first set of talks I attended. A look at the cybercrime ecosystem and the way it works, Dmitry Bestuzhev On the underground market, it is possible to find plenty of things such as clones of real ID documents (shipping with your own picture) and even with real biometric information. You can also find real policeman cards. To access the undergroutnd market, you should however be a 'certified' cybercriminal. There are geographic differences between cybercriminals. In Europe, cybercriminals make quite... [Read More]
by RSS Axelle Apvrille  |  Oct 12, 2011  |  Filed in: Security Research
Tags: vb2011
EASE stands for Experimental ActionScript Emulator, and besides being a pun of debatable quality, it is the in-house tool we at FortiGuard use to analyse malicious Flash samples, unpack obfuscated code (if applicable), and automatically detect heap spraying and JIT spraying (two techniques essential to bypass DEP/ASLR when exploiting a vulnerability). Adobe Flash being nearly ubiquitous today, this is quite a useful tool for analysts and security researchers alike. Now for the bad news, which actually lays in its very name: It's experimental.... [Read More]
by RSS Guillaume Lovet  |  Oct 06, 2011  |  Filed in: Security Research
The latest version of FortiClient Lite is now available for download on both 32-bit and 64-bit systems. In addition to an intuitive user interface and robust malware detection, two new features have been added: Parental Controls Blocks websites hosting malicious code and explicit material. Real time ratings from FortiGuard Labs for the latest site categorizations. Parental control settings can be locked for administrative access. Site violations may be viewed and cleared by administrator. Virtual Private Networking (VPN) Quick and... [Read More]
by RSS Derek Manky  |  Oct 05, 2011  |  Filed in: Security Research
Tags:
QR code with a link to Riskware/Jifake!Android A long time ago, more than 2 years ago actually, I blogged about the dangers of QR codes: "virus gangs could use this technology to have the end-user follow malicious links or send messages to premium numbers" and, this is exactly what happened a few days ago, when Denis Maslennikov found a QR code leading to a mobile malware, named Jifake, that sends SMS messages to a premium number. I told you so, and I couldn't resist telling you ;) QR codes are very handy, but they're an incredible vector... [Read More]
by RSS Axelle Apvrille  |  Oct 03, 2011  |  Filed in: Security Research
Fortinet senior security strategist**, **Derek Manky, talks about the latest threats posed by “Anonymous,” Microsoft’s help in taking down the Waledac botnet and new malware discovered on Android phones. [Read More]
by RSS Rick Popko  |  Oct 01, 2011  |  Filed in: Security Research
Tags:
I have been in Buenos Aires attending the ekoParty security conference, which has recently exploded in popularity. This year saw more than 1,000 attendees. ekoParty is a premier technical conference in Latin America (think Defcon/Blackhat) that showcases presenters from around the world, with the bulk of them local to Argentina. The conference runs three days and wrapped up this year with local Juliano Rizzo and vietnamese colleague Thai Doung demonstrating their BEAST (Browser Exploit Against SSL / TLS) tool {more to come here shortly}. I presented... [Read More]
by RSS Rick Popko  |  Sep 23, 2011  |  Filed in: Security Research
Tags:
Yes, you have probably heard the news: a new variant of Spitmo - Zitmo/ZeuS's counterpart for SpyEye, which previously targeted Symbian phones only - has recently been spotted on Android. The scenario is the same as before: a victim, browsing on a PC infected with SpyEye, logs in her bank's website. SpyEye injects forms and elements directly into the webpages she is viewing, so as to lure her into installing a fake security application on her phone, thinking it's required by the bank. That application actually intercepts SMS messages - especially... [Read More]
by RSS Axelle Apvrille  |  Sep 16, 2011  |  Filed in: Security Research
In this month's Network World _Security Landscape host Keith Shaw chats with Fortinet's Derek Manky about the possibility of increased attacks now that SpyEye has been deeply discounted (from about $10,000 to about $100) after the source code was revealed. In addition, they discuss Operation Shady RAT and whether the issue is as serious as security firms are touting. (13:59) [Read More]
by RSS Rick Popko  |  Aug 23, 2011  |  Filed in: Security Research
Tags:
We are pleased to announce FortiClient Lite, a new, free version of Fortinet's award winning FortiClient antivirus software. FortiClient Lite is an easily downloadable endpoint security solution that protects systems from today’s ever-evolving malware by using up-to-date definitions and threat intelligence that is based on research from Fortinet's FortiGuard Labs. FortiClient Lite joins the FortiClient family of endpoint protection solutions: • FortiClient for secure connectivity • FortiClient Premium for complete endpoint protection. Protect... [Read More]
by RSS Rick Popko  |  Aug 02, 2011  |  Filed in: Security Research
Tags:
This is a short update to our prior post concerning Zitmo on Android. Is this really Zitmo? This fake Trusteer malware shows several differences with prior Symbian variants, but, for simplicity (and because it's easy to remember), we call it Zitmo. This does not mean this variant was written by the same authors (no proof on that account, one way or another) nor that it has exactly the same technical functionalities or even, depending on naming policies, the same name among AV vendors, but what we mean is that this sample was propagated by ZeuS... [Read More]
by RSS Axelle Apvrille  |  Jul 18, 2011  |  Filed in: Security Research