Latest Posts | Page 136

While it's no secret that modern crimeware kits are readily available for any individuals who wish to join the dark side, it has indeed become a rather large problem. Frameworks and recycled malicious code have long been used to spawn new attacks: some examples include RBot/Zotob, SDBot, Pushbot and of course, ZBot. Since the early millennium, these resources have accumulated and become more accessible in the digital underground, acting as a catalyst to the influx of malware and attacks that we witness today. The black hat process can be compared... [Read More]
by RSS Derek Manky  |  Oct 14, 2009  |  Filed in: Security Research
Lately, we've been fed with H1N1 flu security measures, with recommendations regarding how to clean our hands, sneeze or cough. I just wonder if we'd be so obedient if the same recommendations were issued for our computers or phones. Have a look at the advice below: on the left are CDC's recommendations against H1N1. On the right... Fortinet's recommendations against SymbOS/Yxes. Convinced? Will you follow them? [Read More]
by RSS Axelle Apvrille  |  Oct 13, 2009  |  Filed in: Security Research
The design of botnets has evolved considerably over the past several years, with the likes of Slapper and other high profile worms (Storm) moving to peer to peer. In addition to the introduction and malicious use of decentralized networks such as peer to peer and other innovations like fast flux, protocol design has equally evolved. Primitive protocols for command and control would simply use open standards such as IRC, commands sent across in plain text like any other IRC client would. However, cyber criminals nowadays place great effort into cloaking... [Read More]
by RSS Derek Manky  |  Sep 30, 2009  |  Filed in: Security Research
Our monthly Threat Landscape report is out for September, discussing many threats including Bredolabs, Scareware, and ZBot. For distribution through email, Bredolabs chose fake invoices from DHL/UPS, while ZBot disguised malicious links (all under the European Union ccTLD "EU") as a tax scare from the IRS. Of course, no report would be complete without highlighting email scams and breaking vulnerabilities, as summarized below: The Bredolab botnet continued aggressively this period with the rise of W32/Bredo.G, which began on September 17th and... [Read More]
by RSS Derek Manky  |  Sep 24, 2009  |  Filed in: Security Research
Last week Fortinet's vice president of Federal operations, Jeff Lake, participated in a webcast hosted by BreakingPoint Systems on cyber security and defense in depth. Other participants included Dennis Cox, BreakingPoint CTO, and Bruce Brody, managing partner and executive vice president of VISKO. As reported on the BreakingPoint blog, the team discussed the following points: Best practices for planning defense in depth The important role of training in securing your network How to break through the current "clique" of security professionals... [Read More]
by RSS Rick Popko  |  Sep 22, 2009  |  Filed in: Security Research
Links to malicious websites have frequently been used along with news headlines to provide an attractive lure to end users. The strategy is simple, and is quite effective due to its popularity. Most users can associate with recent news headlines, whether it be from a newsflash on TV, the radio, or simply talk at the water-cooler. Because of this, references to this content (in the form of links via e-mails or SEO campaigns) seem legitimate in nature, creating a false sense of security. Even worse, in the case of the latter - blackhat SEO campaigns... [Read More]
by RSS Derek Manky  |  Sep 16, 2009  |  Filed in: Security Research
At next week's Virus Bulletin VB2009 conference in Geneva, four members of the FortiGuard Global Security Research Team will be among the experts sharing their expertise on the topic of anti-malware. This is the fourth consecutive year that members of Fortinet's seasoned research team have been on the roster of the event, which is in its 19th year. Only 38 of more than 160 proposals were selected by the VB2009 committee for this year's conference program. That said, here are the presentations to check out: "Fighting cybercrime: technical, juridical... [Read More]
by RSS Rick Popko  |  Sep 15, 2009  |  Filed in: Security Research
Malicious links through instant messaging protocols are nothing new (think IM worms), however, recent attacks have been launched that leverage the popularity of social networking sites. I investigated a new link reported to be spreading through MSN, which is simple, yet potentially quite effective given the popularity of social networking sites and the ongoing use of instant messaging clients nowadays. The message (see Figure 1 below) read: "Hey, is this you?? haha :P http://facebook-photo/viewimage.php?". The last part of the link, a parameter... [Read More]
by RSS Derek Manky  |  Sep 11, 2009  |  Filed in: Security Research
Is there an upside to Payment Card Industry (PCI) compliance? In an interview with Kim Nguyen, Jason Wright, CISSP, reviews several security solutions that can help organizations achieve compliance. He also reveals an upside for those who may be frustrated by these industry mandates. [display_podcast] (Click the picture to watch the video) [Read More]
by RSS Rick Popko  |  Sep 09, 2009  |  Filed in: Security Research
Just happened to review our signature against virut-infected Web pages, and I would say, the infection is still very active until now. W32/Virut.CE is known to infect Web pages (HTML, ASP, and PHP) by injecting malicious iframe that redirects visiting users to Web sites serving malicious PDF and SWF files with different kinds of exploits. However, Virut is not the only agent of this iframe injection. Just minutes ago, I've searched a couple of infected Web sites specific for this injection compromise, and here's a good example. Figure 1 shows... [Read More]
by RSS Rex Plantado  |  Sep 01, 2009  |  Filed in: Security Research