Latest Posts | Page 138


Although it is not a new idea to run an executable from within a PDF, the researcher Didier Stevens present a trick technique to make it more practical, "in the real world". In this post I will dissect a PDF document using this trick (MD5: 1dcd4a3f5d05433fcebf88d9138a1966), indeed found in the wild. As one of vendors affected, Adobe was investigating this issue and give a temporary solution. But no patch is available yet. In fact there maybe no patch at all... and although CVE number CVE-2010-1240 is assigned for this issue, Some people think it... [Read More]
by RSS Bin Liu  |  May 04, 2010  |  Filed in: Security Research
Our latest Threat Landscape Report is up, and for the second time in a row, MS.IE.Userdata.Behavior.Code.Execution (CVE-2010-0806) remained our second-most detected malicious network activity. Thankfully, this was patched out of band by Microsoft on March 30th via MS10-018. However, we detected the most significant in-the-wild activity for this threat prior to the patch - when the vulnerability remained in its zero-day state (a window of at least 21 days). In fact, as of writing, one of the malicious domains attacking this vulnerability still remains... [Read More]
by RSS Derek Manky  |  May 03, 2010  |  Filed in: Security Research
Tags:
As I'm specializing in mobile malware, lately I really could not miss the bunch of articles concerning an alleged iPad virus. It's just everywhere, with titles such as "iPad attacked by virus", "early iPad virus strikes users", "iPad hardly out and already hacked", "First virus for the iPad", "iPad suffers virus attack" or pictures of an iPad with the words "iPad virus". So scary. The problem with all those titles is that ... there is NO iPad virus at all. This is all about a Windows virus that lures iPad owners into executing a malware on their... [Read More]
by RSS Axelle Apvrille  |  May 03, 2010  |  Filed in: Security Research
People frequently ask me about certifications and what they all mean. Here at Fortinet, we realize that looking at marketing specs or documentation isn’t always enough when you’re looking for the ideal security solution. After all, just because it looks good on paper doesn’t mean it’s the right product for you, right? So, we invest a lot of time getting our firmware and hardware products certified on a regular basis. This is why we know it’s important to invest in third-party certifications, and make it a regular part of our development... [Read More]
by RSS Langley Rock  |  Apr 29, 2010  |  Filed in: Security Research
In a recent Inland Revenue scam, the FortiGuard Global Security Research Team uncovered a great deal of potentially compromised data, including credit card and bank details. While Fortinet took steps to secure this data, it provided a unique opportunity to collect statistics on the people most likely to succumb to such scams and to uncover the reasons why people would divulge such critical personal data when requested in the most basic of scam emails. The research showed that: The offer of money is the biggest driver in divulging critical... [Read More]
by RSS Carl Windsor  |  Apr 27, 2010  |  Filed in: Security Research
So you have your firewall in place and all is working great. You are collecting logs on everything that you need to keep an eye on. But then the problems start. You know something unexpected is happening in the network but what is it? You can look through all that data trying to find the problem, but this can become quite tedious and analogous to looking for the proverbial needle in a haystack. This is where a picture can greatly help; a chart to be specific. A chart can help for continuous monitoring and alert you to abnormal data patterns... [Read More]
by RSS Jeff Crawford  |  Apr 15, 2010  |  Filed in: Security Research
On Symbian phones, most malware are either implemented natively in C++ (over the Symbian API) or in Java (midlets). SymbOS/Enoriv.A!tr.dial uses another language called m. Usually, m scripts (.m extension) are run within the m environment, (mShell) using the various features offered by m library modules (messaging, obex, video, zip...). This is comparable to Java midlets, which run over a Java environment and use various Java API packages. The m scripts can also be compiled to be included in a stand-alone Symbian application. In that case, the... [Read More]
by RSS Axelle Apvrille  |  Apr 13, 2010  |  Filed in: Security Research
PCI mandates have forced retailers to take a hard look at their network security. As a retailer, how do you securely protect store data from malware and other Internet-based attacks? How do you secure a retail location with many different network security functionalities while also being cautious of space limitations? Is a wireless infrastructure feasible both from a security standpoint and from a budgetary perspective? Find out the answers to these questions by attending the Fortinet webinar "Cashing in on Network Security: PCI with ROI in a Retail... [Read More]
by RSS Maeve Naughton  |  Apr 08, 2010  |  Filed in: Security Research
When it comes to antivirus, how much coverage do you need? Everyone has different concerns when it comes to antivirus coverage. Some people want to circle the wagons and let very little into their networks, while others need some basic protection but prefer speed, speed and more speed. In this article I'll discuss the new antivirus features in the FortiOS 4.0 MR2 for the FortiGate family and how your device can be configured for your preferred level of coverage versus performance. Malware Lifecycles All malware have a life cycle. Some are like... [Read More]
by RSS Jeff Crawford  |  Apr 05, 2010  |  Filed in: Security Research
Just posted is our March 2010 Threat Landscape Report, where ransomware threats dominated our Top 10 malware list this report. Every single detection in our list, with the exception of HTML/Iframe.DN, resulted in either scareware or ransomware infesting the victim's PC. The "Total Security" ransomware threat observed to be spread by the Cutwail botnet last period was prevalent once again, while another Ransomware threat - W32/DigiPog.EP - surfaced as well this month. DigiPog is an SMS blocker using Russian language, locking out a system and aggressively... [Read More]
by RSS Derek Manky  |  Mar 26, 2010  |  Filed in: Security Research
Tags: