Latest Posts | Page 132

As a "Crypto Girl" should, I wish to report that the latest Android malware, Android/DroidKungFu, uses AES encryption. It is certainly not the first time Android malware use cryptographic encryption - we have already seen use of DES in Android/Geinimi or Android/HongTouTou - but this would appear to be the first use of AES on Android (AES has already been reported in Symbian malware such as SymbOS/InSpirit). In Android/DroidKungFu, the malware uses AES to encrypt the two exploits it uses: CVE-2009-1185: packaged as gjsvro. located in the malware's... [Read More]
by RSS Axelle Apvrille  |  Jun 09, 2011  |  Filed in: Security Research
Fortinet is the midst of World IPv6 Day, a global test of IPv6 support, and we’re enjoying being part of this global event. Beginning at midnight UTC on June 8 (5 PM PDT June 7), World IPv6 Day has brought together service providers, content providers, vendors and government agencies from around the world for a 24-hour test. The Internet Society (ISOC) created this "test flight" of IPv6-enabled Websites to encourage a preparedness for IPv6. And, so far, so good—There are no significant issues reported. Although the need to migrate from IPv4... [Read More]
by RSS Patrick Bedwell  |  Jun 08, 2011  |  Filed in: Security Research
There are many dangerous threats lurking in cyberspace today, from software vulnerabilities and exploits, to viruses and botnets. Among these threats are phishing attacks, an electronic communication scam that attempts to secure highly personal information such as credit card info, user names and passwords by assuming the identity of a trustworthy entity. The trustworthy entity can be anything from a friend, who's email account has been compromised, to large legit corporations such as banks and online retailers such as Amazon and eBay. A typically... [Read More]
by RSS Derek Manky  |  Jun 07, 2011  |  Filed in:
A few days ago, a new malware named Android/Smspacem.A!tr appeared for Android users. This malware trojans a legitimate (but controversial) application named the Holy F***ing Bible. Its malicious behavior only appeared on May 21-22 and resulted in changing the device's wallpaper and sends out anti-Christian joke SMS messages to all the user's phone contacts. The malware also reacts to a few commands: "health" (SMS command), "formula401" and "pacem" (Web service commands, obtained by polling a Web service on a Command & Control server). The actions... [Read More]
by RSS Axelle Apvrille  |  May 30, 2011  |  Filed in: Security Research
Some time ago, I bumped into a few Android applications which use Airpush. Airpush is an advertisement SDK developers can add to their application to generate some revenue: for every thousand ads displayed via their application, the developers gets a few dollars in return. In the case of Airpush, the ads are pushed in the mobile phone's system tray, i.e they do not appear in the application itself, but generally at system level. The ads stand higher chances of being read/clicked on, but many end-users complained this system was really too intrusive. See... [Read More]
by RSS Axelle Apvrille  |  May 17, 2011  |  Filed in: Security Research
Victories continue to roll in 2011. In April, a large Coreflood (circa 2002) botnet operation was dismantled by the FBI. Servers and domains controlled by this Coreflood gang were seized. This comes off the heels of Rustock's takedown in March, which we continue to see solid evidence of success here at FortiGuard Labs. Indeed, global spam rates have remained about 15% lower than they were before Rustock's downfall in mid-March. It's only a matter of time before a new spam botnet will grow large enough to start bringing spam rates back up. They're... [Read More]
by RSS Derek Manky  |  May 11, 2011  |  Filed in: Security Research
The Fortinet development team, working closely with NSS Labs, released an update to the FortiGate firewall to block the split handshake attack technique on April 20. This fix permanently addresses the split handshake issue identified by NSS and enables Fortinet customers to block it using just the FortiGate firewall function. NSS has verified the effectiveness of Patch Release 6 in blocking the split handshake issue and updated its remediation guidance: _Update: On April 21, 2011 Fortinet provided NSS Labs FortiOS 4.0 MR2 Patch 6. NSS Labs has... [Read More]
by RSS Patrick Bedwell  |  May 09, 2011  |  Filed in: Security Research
This month Fortinet's Derek Manky recognizes Zombie Awareness Month and then talks about a few of the most recent zombie botnets that have been taken off line. [Read More]
by RSS Rick Popko  |  May 04, 2011  |  Filed in: Security Research
As May is Zombie Awareness month, we thought we’d once again highlight the current dangers and activities of the zombies we follow daily at FortiGuard Labs. Of course, in this particular instance, we're talking about computer zombies: infected machines that obediently obey commands from remote masters without question or complaint. Zombies have the potential to exponentially grow in numbers, each ultimately reporting to the same master, forming a botnet. Today, we are conducting a full-blown war on zombies. Yes, “The Walking Dead” in Cyberspace.... [Read More]
by RSS Derek Manky  |  May 03, 2011  |  Filed in: Security Research
Some time ago, a security researcher, Alex Levinson, found out the iPhone was keeping a SQLite database of the iPhone's location (wifi-based location, cell-based or GPS) and a few other information. The file, located in /private/var/root/Library/Caches/locationd/consolidated.db, is easily accessible on jailbroken phones (ssh or any file transfer tool) and readable by any SQLite3 tool. This issue has recently re-surfaced as two researchers, Pete Warden and Alasdair Allan, wrote a MacOS tool to generate maps from the locations recorded in that database,... [Read More]
by RSS Axelle Apvrille  |  Apr 21, 2011  |  Filed in: Security Research