Latest Posts | Page 152


In case you are not familiar with the Symbian development process, application development features two major security meatures in Symbian OS 9.1 and greater. First, applications must specify their capabilities, i.e if an application uses Bluetooth connection, it must have the Symbian LocalServices capability. A few other interesting capabilities for malware are: NetworkServices: required to make a call, send HTTP requests etc. ReadUserData/WriteUserData: required to read/write user's contacts. UserEnvironment: to use the camera. Location: particularly... [Read More]
by RSS Axelle Apvrille  |  Aug 04, 2009  |  Filed in: Security Research
Last week, an online user reported to us that he cannot access some AV websites while he doesn't have problem with Google.com and Yahoo.com. He also added that he thinks his computer might be infected with the notorious Virut malware. Hmm... wait a minute, Virut doesn't include web site blocking capability just like how Conficker.C did a couple of months ago. So we asked a couple of samples immediately for us to verify his intuitions. Not surprisingly, its indeed a slightly modified version of W32/Virut.CE. I wasn't surprised because this... [Read More]
by RSS Rex Plantado  |  Jul 29, 2009  |  Filed in: Security Research
Tags: virut
Many threat trends have continued as we head into August 2009. I have highlighted notable items below from our July 2009 Threat Landscape report, which can be found on Fortinet's FortiGuard Center. Mobile threat development continues: In July we saw the emergence of SymbOS/Yxes.E and SymbOS/Yxes.F, the latest updated variants of Yxes that we first reported on in February. For further details, check out this blog post that is well worth the read: in particular, Yxes' served up dynamic content via JSP indeed shows the beginning steps as to how cyber... [Read More]
by RSS Derek Manky  |  Jul 27, 2009  |  Filed in: Security Research
The Symbian malware Yxes is (nearly) keeping me awake these days. Among other functionalities, it sends HTTP requests to a remote web server. The URLs it gets are the following: - Yxes.A: http://[REMOVED]/Kernel?Version= - Yxes.B or Yxes.E: http://[REMOVED]/Kernel.jsp?Version=&PhoneType= - Yxes.C: no similar URL - Yxes.D: this one issues two different requests: http://[REMOVED]/bs?Version=&PhoneImei=&PhoneImsi=&PhoneType= http://[REMOVED]/number/?PhoneType= http://[REMOVED]/index.jsp?PhoneType= - Yxes.F: http://[REMOVED]/PbkInfo.jsp?PhoneType=&PhoneImei=&PhoneImsi= TYPE... [Read More]
by RSS Axelle Apvrille  |  Jul 21, 2009  |  Filed in: Security Research
There are days where I wonder if people really care about privacy (except for these people). Most people don't see any problem in telling the entire world what they're doing (Twitter), who they know or see (Facebook) or where they are: the kind of stuff teenagers hate to tell their parents. Mobile phones are just the perfect platform for spying because they are portable (iPhones are such beauties one hates to leave them behind!) and seen as private devices (would you share your nice iPhone, huh?). Depending on functionalities, mobile spyware record... [Read More]
by RSS Axelle Apvrille  |  Jul 16, 2009  |  Filed in: Security Research
Earlier this week, independent analyst Richard Stiennon posted a video interview he did with Michael Xie. From Stiennon's blog post: Michael Xie is CTO of Fortinet and drives all of their development of true “Next Generation” security appliances. Hear him describe his views on speeds and feeds, routing and switching in the firewall, and cost per secure megabit. Take a look and listen (click the picture to jump to video): [Read More]
by RSS Rick Popko  |  Jul 09, 2009  |  Filed in: Security Research
With modern threats moving to multiple attack vectors, end users and clients need to be extra cautious. Malicious links are coming fast and furious through layered attacks - bundled up in obfuscated javascript, or on your favorite social networking site. The core of these attacks are quite primitive, and in fact, in most cases nearly identical with the end goal to install malicious payload on a target. Ultimately, the front end of these attacks have moved up higher into the application layer, riding on complex services while the back end (core)... [Read More]
by RSS Derek Manky  |  Jul 08, 2009  |  Filed in: Security Research
Remember that magical, silver bullet I spoke of when discussing the U.S. cyber security plan and the future of cyber security? Well, there still is no such item in existence yet; and there likely never will be one key solution. Securing cyberspace is a global problem that can not be addressed by one plan such as this. However, if this plan is properly implemented, enforced and refactored it should be able to lead by example. It is always said that the Internet has no borders, which is an inherit problem to tackling cyber crime. Remember, this is... [Read More]
by RSS Derek Manky  |  Jul 02, 2009  |  Filed in: Security Research
There was quite a bit of movement on the threat landscape this period, which I have summarized below. For more detail, our June 2009 Threat Landscape report can be found on Fortinet's FortiGuard Center. Web threat traffic in general rose significantly, with a noticeable difference in Malware and Phishing. Looking at period over period growth from last report, Phishing and Malware web traffic growth was at the highest yet, both posting significant gains. These gains represent more volume directed towards malicious sites, an ongoing trend as we continue... [Read More]
by RSS Derek Manky  |  Jul 01, 2009  |  Filed in: Security Research
Tags:
****We have been receiving lots of spam in June with the age-old, eCard social engineering hook. The messages show up with these subject headers: "You have received an eCard" "You have received a greeting ecard" "You Have Received a Greeting Card" The bodies are all very simple, one piggybacking on the trusted name '123greetings.com' while the others being more simple instructing the recipient to open the eCard to view. All traced malware variants are related to the ZBot family, or W32/Branvine.A!tr.dldr. The latter downloads Privacy Center (detected... [Read More]
by RSS Derek Manky  |  Jun 29, 2009  |  Filed in: Security Research
Tags: