Latest Posts | Page 137

Much like Ninja Turtles, DroidKungFu now comes in different flavours (5 so far), discovered by Pr. Xuxian Jiang (and research team) and Lookout. If, like me, you are having difficulties keeping track of those variants, this post is for you :) The similarities and differences between all 5 variants are depicted below. The various blocks represent each variant, and their intersection shows how many methods they share exactly*. All variants share the same malicious commands (CMD box). They can download and install new package, start a program (called... [Read More]
by RSS Axelle Apvrille  |  Oct 26, 2011  |  Filed in: Security Research
This concludes my overview of VB2011, with the final notes for the last tasks I attended. Enhancing filtering proactivity with reverse IP and reverse whois queries - Claudiu Musat (presenting) and Alin Octavian Damian The most typical methods to filter spam is by URLs they contain or domain names. The main problem of those methods is the delay the filter becomes active: somebody has to decide that this URL or domain is malicious, and before that decision is made, the spam is not blocked. There are other methods, which seem more proactive: reverse... [Read More]
by RSS Axelle Apvrille  |  Oct 25, 2011  |  Filed in: Security Research
Stuck on our FortiChallenge 2k11? Here's a first hint! Translations: La fin est encore loin surtout quand on est sur le mauvais chemin ! Wrong track, go back! La fin est proche, l'anneau est inclus. Dawn is close, search for the ring. Mon precieux My precious Hint: -6D01BAE018694CDB446DC7EADBA08BE497A8CBE78BCFE91478AB120B4400E357 -ad23ebc59b720eac0979ead3176de3331ddaa1356466ecc8e8c9fb82f62a6dca -BCA85F09D8D174844C5D5B80095E6EF595181AAB0CABA9144324418B9F291645 -3EE90318AA2881118B8C09A777D52129E61760CCAE1EF679C744A25E9EB50789 -5868049FE51A60811D2C75C3B8896B956EE42114C568DE47531E436CEA2E0F77 –... [Read More]
by RSS Alexandre Aumoine  |  Oct 21, 2011  |  Filed in: Security Research
A second life in a virtual environment: from simple socialization to revealing sensitive information - Sabina Raluca Datcu ** Sabina conducted a study on how much security-aware people are likely to reveal on social networks. To do so, she took 50 people from a hacking community, and 50 from the IT security world, and built a fake female profile in both cases with similar interests. She shows that she makes contact with all 100 people over time, and that over time, all 100 people do reveal some personal information to her. Personal information... [Read More]
by RSS Axelle Apvrille  |  Oct 18, 2011  |  Filed in: Security Research
Tags: vb2011
Hello all, At Insomni'Hack 2011, we created a challenge dedicated to static reversing of Symbian executables (using SDK S60 Ed3 FP1). Sadly, nobody found the full solution, so we finally decided to put it online for you to try, until November 1st, 2011. We will then post the winner's solution on this blog, along with the 'official' solution. To help you out - if needed - this post will be updated with a hint in a few days. Challenge prize? the winner (first good solution) receives ... fame and glory :)) i.e. nothing besides marketing goodies,... [Read More]
by RSS Alexandre Aumoine  |  Oct 17, 2011  |  Filed in: Security Research
Missed those talks at VB2011? A few notes on a first set of talks I attended. A look at the cybercrime ecosystem and the way it works, Dmitry Bestuzhev On the underground market, it is possible to find plenty of things such as clones of real ID documents (shipping with your own picture) and even with real biometric information. You can also find real policeman cards. To access the undergroutnd market, you should however be a 'certified' cybercriminal. There are geographic differences between cybercriminals. In Europe, cybercriminals make quite... [Read More]
by RSS Axelle Apvrille  |  Oct 12, 2011  |  Filed in: Security Research
Tags: vb2011
EASE stands for Experimental ActionScript Emulator, and besides being a pun of debatable quality, it is the in-house tool we at FortiGuard use to analyse malicious Flash samples, unpack obfuscated code (if applicable), and automatically detect heap spraying and JIT spraying (two techniques essential to bypass DEP/ASLR when exploiting a vulnerability). Adobe Flash being nearly ubiquitous today, this is quite a useful tool for analysts and security researchers alike. Now for the bad news, which actually lays in its very name: It's experimental.... [Read More]
by RSS Guillaume Lovet  |  Oct 06, 2011  |  Filed in: Security Research
The latest version of FortiClient Lite is now available for download on both 32-bit and 64-bit systems. In addition to an intuitive user interface and robust malware detection, two new features have been added: Parental Controls Blocks websites hosting malicious code and explicit material. Real time ratings from FortiGuard Labs for the latest site categorizations. Parental control settings can be locked for administrative access. Site violations may be viewed and cleared by administrator. Virtual Private Networking (VPN) Quick and... [Read More]
by RSS Derek Manky  |  Oct 05, 2011  |  Filed in: Security Research
QR code with a link to Riskware/Jifake!Android A long time ago, more than 2 years ago actually, I blogged about the dangers of QR codes: "virus gangs could use this technology to have the end-user follow malicious links or send messages to premium numbers" and, this is exactly what happened a few days ago, when Denis Maslennikov found a QR code leading to a mobile malware, named Jifake, that sends SMS messages to a premium number. I told you so, and I couldn't resist telling you ;) QR codes are very handy, but they're an incredible vector... [Read More]
by RSS Axelle Apvrille  |  Oct 03, 2011  |  Filed in: Security Research
Fortinet senior security strategist**, **Derek Manky, talks about the latest threats posed by “Anonymous,” Microsoft’s help in taking down the Waledac botnet and new malware discovered on Android phones. [Read More]
by RSS Rick Popko  |  Oct 01, 2011  |  Filed in: Security Research