Latest Posts | Page 139

The first threat report of 2011 is up, you can find the full report on our FortiGuard Center. Below is a recap of events: There was a sharp incline in exploit activity for new vulnerabilities this period: we detected attempted exploit activity on 61% of new vulnerabilities covered by FortiGuard Labs. Typically this rate falls between 30-40%. Nearly 1/2 of those vulnerabilities rated as 'Critical' (remote code execution) were attacked. As an ongoing reminder, it is imperative to help secure systems against such exploitation by keeping all software... [Read More]
by RSS Derek Manky  |  Jan 26, 2011  |  Filed in: Security Research
It's the beginning of 2011, which means network security vendors’ threat predictions for the year to come have mysteriously appeared in their crystal balls by now. Making informed security predictions can be an easy or difficult task depending on the approach taken. The easy way out is to look back at the biggest trends of the last year and talk about how they will continue into the next. The idea is to keep the prediction vague and difficult to verify in case the prediction ultimately turned out to be off the mark. Writing useful and verifiable... [Read More]
by RSS Guillaume Lovet  |  Jan 17, 2011  |  Filed in: Security Research
Our analyst, Ruchna Nigam, had been analyzing a sample of SymbOS/InSpirit.A!tr. SMS dropped in the victim's inbox by SymbOS/InSpirit.A!tr A couple of months ago, this malware received some attention in China (for example see here - use translation if you do not speak Chinese) because it was phishing an area bank. The malware simply added a new SMS in the victim's inbox, apparently coming from the bank's service hotline phone number, and telling the victim he/she had entered a bad password and needed to follow a given (malicious) link to guarantee... [Read More]
by RSS Axelle Apvrille  |  Jan 12, 2011  |  Filed in: Security Research
On this episode of Network World’s Security Threat Landscape, Derek Manky, a threat researcher at Fortinet’s FortiGuard Labs and Network World reporter Keith Shaw discuss the year in threats from 2010 and what companies and users can expect in the world of security threats for 2011. (25:40) December’s discussion topics include: Money mule recruitment strategies Botnets hiding through legitimate means Crime as a Service The evolution of ransomware New platforms criminals are targeting beyond Windows [Read More]
by RSS Rick Popko  |  Jan 06, 2011  |  Filed in: Security Research
The last threat report for 2010 is up on our FortiGuard Center. Below is a recap from the report: As we enter the holiday season, spam rates continue to drop after a sharp decline following Bredolab's takedown in October/November 2010. Global spam rates throughout December were, on average 7% lower than November and about 19% lower than the peak before Bredolab's takedown in October. This is welcoming news, since we have seen a noticeable impact that has lasted for two months now. Spam rates decline simply because the volume of spam declines, mostly... [Read More]
by RSS Derek Manky  |  Jan 06, 2011  |  Filed in: Security Research
In January 2010, Fortinet’s FortiGuard threat researchers issued a report outlining their predictions for The Top 10 Security Trends for 2010. In a mid-year report published in June, “From prediction to prophecy: The 2010 threat landscape” the research team looked back on the first half year to see how those predictions evolved over the course of six months. In this end-of-the-year review, FortiGuard threat researcher, Derek Manky, highlights the top five threats we predicted at the beginning of 2010 and the impact they’ve had over the course... [Read More]
by RSS Derek Manky  |  Jan 04, 2011  |  Filed in: Security Research
A couple of weeks ago, Microsoft patched the vulnerability MS10-099, which was discovered by FortiGuard Labs' resercher Honggang Ren. Since the patches are likely all deployed by now, we're happy to disclose more details about it, based on Honggang's inputs. This vulnerability is a kernel buffer overflow which exists in NDProxy.sys, a device driver interfacing mini-ports to the telephony API (aka TAPI). The vulnerable code is brought up when issuing a DeviceIoControl call from “userland” with control code 0x8ff23c8. This ioctl call is related... [Read More]
by RSS Guillaume Lovet  |  Dec 28, 2010  |  Filed in: Security Research
A while ago, probably after a long and difficult day, I got into this funny idea of encrypting my Facebook account messages so that only the people I really wanted to could read them (i.e not an unknown stranger using Firesheep, nor a third-party applications or not even Facebook itself). For a moment, I wondered how to do this, until I remembered a Firefox plugin named FireGPG. Basically, FireGPG is Firefox extension to GPG, i.e it enables easy encryption/ decryption/ signature/ and verification in the browser. So, I installed the plugin and tried... [Read More]
by RSS Axelle Apvrille  |  Dec 21, 2010  |  Filed in: Security Research
The recent widespread DoS attacks directed at a number of sites in the wake of _l’affaire Assange _has prompted several of our customers to ask how Fortinet can help them reduce the effects of a DoS attack. The news has been full of examples of how participants in the so-called “Operation Payback” were able to affect operations for some financial services companies and payment processors in the wake of the Wikileaks document drops. Although it is difficult to prevent a widespread DoS or DDOS attack from affecting your network operations,... [Read More]
by RSS Patrick Bedwell  |  Dec 17, 2010  |  Filed in: Security Research
The W32/Seftad RansomWare has been spreading for a few days now, locking infected computers and trying to extort money for a recovery password. The infection is easily recognized by the text message below, which is displayed when the computer starts up, or rather fails to start. Your PC is blocked. All the hard drives were encrypted. Browse to get an access to your system and files. Any attempt to restore the drives using other way will lead to inevitable data loss !!! Please remember Your ID: 773923, with its help your sign-on... [Read More]
by RSS Doug Macdonald  |  Dec 14, 2010  |  Filed in: Security Research