Latest Posts | Page 136

This month Fortinet's Derek Manky recognizes Zombie Awareness Month and then talks about a few of the most recent zombie botnets that have been taken off line. [Read More]
by RSS Rick Popko  |  May 04, 2011  |  Filed in: Security Research
As May is Zombie Awareness month, we thought we’d once again highlight the current dangers and activities of the zombies we follow daily at FortiGuard Labs. Of course, in this particular instance, we're talking about computer zombies: infected machines that obediently obey commands from remote masters without question or complaint. Zombies have the potential to exponentially grow in numbers, each ultimately reporting to the same master, forming a botnet. Today, we are conducting a full-blown war on zombies. Yes, “The Walking Dead” in Cyberspace.... [Read More]
by RSS Derek Manky  |  May 03, 2011  |  Filed in: Security Research
Some time ago, a security researcher, Alex Levinson, found out the iPhone was keeping a SQLite database of the iPhone's location (wifi-based location, cell-based or GPS) and a few other information. The file, located in /private/var/root/Library/Caches/locationd/consolidated.db, is easily accessible on jailbroken phones (ssh or any file transfer tool) and readable by any SQLite3 tool. This issue has recently re-surfaced as two researchers, Pete Warden and Alasdair Allan, wrote a MacOS tool to generate maps from the locations recorded in that database,... [Read More]
by RSS Axelle Apvrille  |  Apr 21, 2011  |  Filed in: Security Research
It’s a fact: Today’s threats have made the threats of yesterday a vision in the rear-view mirror, along with the security counterparts developed to tackle them. It’s also quite known that the legacy firewall is easily circumvented by modern threats. For example, botnets frequently communicate over common ports like HTTP to do their dirty work – sending stolen information and receiving tasks to carry out. Thus, one could deduce that TCP port 80 is a security threat and, on the strongest countermeasure, should be blocked. However, in today's... [Read More]
by RSS Derek Manky  |  Apr 12, 2011  |  Filed in: Security Research
UPDATED Apr 17 with new information Today NSS Labs, an independent security testing organization, issued a report which states it found holes in five of six network firewalls. Fortinet was named as one of these firewalls, and we want to address some misperceptions around this report. NSS Labs tested the FortiGate-3950B platform using equipment supplied by an NSS customer. We have been working with NSS Labs over the last two months to remediate the issues raised in the test. NSS Labs incorrectly states that Fortinet does not currently provide customers... [Read More]
by RSS Patrick Bedwell  |  Apr 12, 2011  |  Filed in: Security Research
We are happy to announce an update to Fortinet's monthly Threat Landscape reports. Moving forward, the report will be available on a bi-weekly basis using a new format. You can find the report here: As you explore the new format, you will notice some new features. A regional data selector is available at the top which allows prevalent threat viewing on a global or more refined basis. Applications and Botnet detections are now listed in dedicated columns. Spam data has also been expanded to... [Read More]
by RSS Derek Manky  |  Apr 11, 2011  |  Filed in: Security Research
Despite Trend Micro’s history of patent aggression, reliable sources are indicating that Trend’s patents at issue may be invalid which is a positive development for Fortinet. In December 2010, the United States Patent and Trademark Office (US PTO) issued office actions on the two related Trend Micro patents (5,623,600 and 5,889,943), rejecting every claim as invalid. This finding is consistent with the opinion of the staff attorney at the International Trade Commission in the Barracuda Networks case that Trend’s ‘600 patent is invalid. Despite... [Read More]
by RSS Patrick Bedwell  |  Apr 01, 2011  |  Filed in: Security Research
We often have requests on mobile malware statistics and although statistics are only an imperfect representation of reality, this is what we can share. Those statistics only concern malware which run on mobile phones (hybrid malware which run on a PC and send SMS do not count for instance) and the results are for malware families, i.e a group of samples which are 'similar' and, yes,unfortunately, this is quite subjective. Reminder: a family is then divided in several variants. An each individual malicious package is called a sample. we haven't... [Read More]
by RSS Axelle Apvrille  |  Mar 28, 2011  |  Filed in: Security Research
Last week we attended Insomni'Hack 2011, where our Crypto Girl (Axelle Apvrille) presented on mobile phone threats. Debriefing of the conference may be found here and there. Both blog authors highlighted the main goal of Axelle's talk, which was to raise awareness about existing threats on smartphones. Mobile phones had already been targeted for a long time (by application sending sms for instance) but since recently (approximately one year) it has been hit by more advanced attacks - probably with the help of cybercriminal organizations. Their... [Read More]
by RSS Alexandre Aumoine  |  Mar 18, 2011  |  Filed in: Security Research
Android devices continue to be the target of malware authors with Android/Fake10086.A!tr. AegisLab spotted this malicious Trojan in the wild in China and posted an interesting write-up on the matter. In brief, Android/Fake10086.A!tr looks like a handy hotel reservation application (e.g com.hotel apk), but in the background it communicates with a remote web server and blocks some incoming SMS messages. Most noticeably, Fake10086 blocks SMS messages coming from 10086, the customer service portal of a leading chinese telecom operator - presumably... [Read More]
by RSS Axelle Apvrille  |  Mar 10, 2011  |  Filed in: Security Research