Latest Posts | Page 152

Lately, I have been analyzing a sample of SymbOS/Album.A!tr, another advanced malware targeting mobile phones running Symbian OS 9 and greater. First of all, once more, like SymbOS/Yxes, this malware was "legitimately" signed by Symbian's Express Signed program. The certificate is now revoked: Serial Number: c8:8e:00:01:00:23:db:45:38:bc:e7:2a:d3:03 Signature Algorithm: sha1WithRSAEncryption Issuer: C=GB, O=Symbian Limited, CN=Symbian CA I Validity Not Before: Nov 20 05:00:02 2009 GMT Not After : Nov 21 05:00:02 2019 GMT Subject: C=CN,... [Read More]
by RSS Axelle Apvrille  |  Jul 08, 2010  |  Filed in: Security Research
While there were plenty of new variations of malware that entered our top ten listing this report, many of them belonged to the Sasfis botnet. Sasfis, which has been battling in terms of volume with the Pushdo botnet recently, was very active this month. We observed Sasfis loading a spambot component which was heavily used to send out binary copies of itself in an aggressive seeding campaign. Sasfis' socially engineered emails lay in two distinct themes, one with fake UPS Invoice attachments (filename: "UPS_Invoice_{date}.zip"), and the other disguised... [Read More]
by RSS Derek Manky  |  Jun 28, 2010  |  Filed in: Security Research
In January 2010, the Fortinet’s FortiGuard Labs threat researchers issued a report outlining their predictions for The Top 10 Security Trends for 2010. Now that we’re midway through the year, we thought it would be interesting to see how right (or wrong) we were and if anything completely unexpected has come up along the way. The following report spells out the trends the team predicted at the beginning of the year and concludes with comments on where each threat exists today. 1) Security, Virtually Speaking **January 2010: **“Preventing... [Read More]
by RSS Derek Manky  |  Jun 23, 2010  |  Filed in: Security Research
When analyzing a new botnet, I tend to focus heavily on the network messages. After all, they are the glue that holds the botnet together. So one of the first things I did, when working on our new analysis of the Ozdok/Mega-D botnet, was to look at the messages and discover that they were encrypted. Of course this is not unusual, and after deciding the encryption was not something simple, I went to the bot code to see what was being used. It soon developed that the encryption used was DES (Data Encryption Standard), in ECB mode. The cryptographic... [Read More]
by RSS Doug Macdonald  |  Jun 15, 2010  |  Filed in: Security Research
High profile events such as the 2010 FIFA World Cup always lead to higher Internet search traffic. Maybe you’re looking for tickets, the latest scores or video highlights from the day’s games. If you find yourself doing a FIFA search anytime during the World Cup, we urge you to be mindful of the search results links, because concentrated search traffic around one particular subject tends to bring out search engine optimization (SEO)-based attacks. The FIFA World Cup is no exception. SEO attacks work by getting popular search engines to rank... [Read More]
by RSS Derek Manky  |  Jun 10, 2010  |  Filed in: Security Research
Starting from the beginning of this week, we have been getting several reports about sites being injected by a malicious script... Seems a new mass SQL injection campaign started, targeting web applications running over Microsoft IIS and ASP.Net, for a change (<- sarcasm). As of this writing, over 100,000 sites__ have already been tampered with to include some links to a malicious server (eg. hxxp://, which hosts a web exploit toolkit; the toolkit is of course aiming at compromising all visitors' systems via browsers flaws. Analysts... [Read More]
by RSS David Maciejak  |  Jun 10, 2010  |  Filed in: Security Research
Want to impress friends with eccentric ways to send SMS messages? This article is for you. As a matter of fact - and closer to the official goal - this article can also help analysts spot unexpected SMS sending in malware. SMS for Java-kiddies Sending SMS from a Java ME midlet is simple enough for any kid :) Import the MessageConnection and TextMessage package: import javax.wireless.messaging.MessageConnection; import javax.wireless.messaging.TextMessage; Instantiate a MessageConnection object and a TextMessage object of type TEXT_MESSAGE.... [Read More]
by RSS Axelle Apvrille  |  Jun 07, 2010  |  Filed in: Security Research
Earlier this month I was at EICAR 2010, a very nice conference, with interesting technical talks and nice people to discuss with. I can't resist posting a few brief notes and comments on the talks I enjoyed the most: Parasitics: The Next generation - Vitaly Zaytsev, Josh Phillips, Abishek Karnik The authors note that viruses are better and better protected against reverse engineering and, in their talk, they mainly presented a recent trend, which consists in using a Virtual Machine (in the "Java" sense of the word, not the "VMWare" one)... [Read More]
by RSS Axelle Apvrille  |  Jun 04, 2010  |  Filed in: Security Research
The security industry is full of some of the best innovators that enterprise technology has ever seen. Security requires rapid, well-executed innovation due to the ever-changing threats from the hacker community. Without security innovation, companies and individuals sit defenseless against new threats from cyber criminals. However, there has been a looming dark threat to security innovators -- Trend Micro has a long history of aggressively pursuing competitors with what has turned out to be considered an invalid patent. The good news is that a... [Read More]
by RSS Patrick Bedwell  |  Jun 02, 2010  |  Filed in: Security Research
Our May 2010 Threat Landscape Report has been posted, here's a recap of activity from the report: Over the past year we have frequently discussed the rise of PDF-based attacks via exploits that attack software vulnerabilities, and drop malware when a malicious document is being read. These documents are favored in targeted attack scenarios, since documents go hand-in-hand with social engineering. However, in late April 2010 we saw a new PDF exploit being circulated in high volume through an ongoing spam campaign. The vulnerability, first... [Read More]
by RSS Derek Manky  |  Jun 01, 2010  |  Filed in: Security Research