Latest Posts | Page 140


Our March 2009 Threat Landscape Report is now available, recapping a month of threat activity from exploits and malware, to spam. Here are some key movements from the report along with comments: After a year long battle, W32/Virut.A finally lands in top spot - surpassing Netsky. This parasitic file infector proves to be quite virulent, and has generated enough activity to land in our malware top 10 for twelve solid months. On top of infecting multiple local files on a PC, the virus can spread through file shares and/or removable media such as USB... [Read More]
by RSS Derek Manky  |  Mar 27, 2009  |  Filed in: Security Research
Over the past two years, rarely did a worm get as much attention that Conficker (aka Downadup) is getting now. Its last variant, the infamous W32/Conficker.C, which surfaced in early March and is set to time-bomb on April 1, is literally all over the media. Of course, its features are well known and documented and some papers (such as SRI's excellent analysis and a blog post from Sourcefire) even give interesting insights on the reverse engineering process. Indeed, while understanding the behavior of the malware is important to most people, learning... [Read More]
by RSS Rex Plantado  |  Mar 26, 2009  |  Filed in: Security Research
The title of this post could be a nickname for the new breed of Internet worms that attack our networks today. Every new big worm or virus finds a more clever way to disseminate faster than his predecessors. But also the payloads are potentially more destructive, innovating on that side too… Does this have a direct relationship with faster computer power on the desktops and bigger bandwidth available? Of course! We are not reinventing the wheel, here. But there is another factor that is sometimes not taken into account: the growing population... [Read More]
by RSS Martin Hoz  |  Mar 19, 2009  |  Filed in: Security Research
Back in 2004, several mass mailing worms spread in unprecedented fashion: MyDoom, Bagle, and Netsky. Netsky had instructions to remove MyDoom and Bagle, leaving this message in one of its variants: "We are the skynet--you can't hide yourself [Read More]
by RSS Derek Manky  |  Mar 16, 2009  |  Filed in: Security Research
I am sure if you have kids you will recognize this issue. Their friends come round, clutching laptops; we live in a modern age. Of course these friends just absolutely need to get online. That WPA2/TKIP solution and MAC filtering you just had to have is causing problems so "click, click, click" it's now WEP128 and you put the SSID and key on the fridge. Now everyone can be online, and they can leave you alone. Sometimes this security stuff can just get in the way of watching a good movie. Let's fast forward: you're an important guy, you're sat... [Read More]
by RSS Darren Turnbull  |  Mar 12, 2009  |  Filed in: Security Research
It looks like we might have the Flocker virus writer's name, age, gender, address, picture, e-mail addresses, IM logins and nicknames. How? Using Google. It all started when we found a nickname in the EPOC executable of the sample. I simply searched for that nickname on Google, and -- coincidence ? -- ran into Indonesian cyberphreaking and mobile phone communities. Digging in that area, it seemed I got really lucky: The person's nickname is the one in the EPOC executable The person''s last name or pseudonym is another word found in the EPOC... [Read More]
by RSS Axelle Apvrille  |  Mar 09, 2009  |  Filed in: Security Research
The Koobface worm scouring Facebook since last July, and which made the headlines again this week, is certainly beginning to redesign the concept of "friend. " The "acquaintance from high school you've never talked to since you added her/him" might now be the "acquaintance from high school you've never talked to since you added her/him and who occasionally sends links to sites loaded with viruses." While Koobface has redefined this friendship concept, it's not the only thing: It's redefined the URL redirection policy of Facebook. Indeed, URLs... [Read More]
by RSS Guillaume Lovet  |  Mar 05, 2009  |  Filed in: Security Research
While malicious servers hosting "drive-by-install" scripts are continuously evolving, their goal remain the same: to silently drop and run malicious files on the victim's computer. The flaws exploited by those Web Attacks Toolkits have been quite the same for a while, so what's new in "malscripts" world? As we pointed in a previous post, malicious web-based exploits writers worked out some advanced obfuscation methods to hide their malicious scripts from detection. It seems that this trend is taming down and being replaced by a simpler yet effective... [Read More]
by RSS David Maciejak  |  Mar 04, 2009  |  Filed in: Security Research
Today was another big milestone in the history of the company I co-founded and I'm very happy to have this opportunity to tell you about it. Fortinet has released FortiOS 4.0, the firmware upgrade for our FortiGate security systems. This release is the result of a tremendous effort by our development teams over the better part of 12+ months. These highly skilled and talented teams worked hard to design and implement these technology innovations so that we could confidently put the product in front of our customers. Even in this time of economic... [Read More]
by RSS Michael Xie  |  Mar 03, 2009  |  Filed in: Security Research
With February's Threat Landscape Report out, it's time to highlight some of the most interesting movement happening from late January 2009 to now: New vulnerabilities (NVC) were up nearly three fold, with 117 posted in comparison to 43 from January's edition; 25.6% of these new vulnerabilities were detected to be actively exploited. Two new high-profile zero-day exploits (CVE-2009-0238 and CVE-2009-0658) affecting MS Excel (XLS) and Adobe Reader (PDF) have since been disclosed. Given these facts, and Conficker's success, there is no better time... [Read More]
by RSS Derek Manky  |  Feb 27, 2009  |  Filed in: Security Research