Security Research | Page 61

Do you remember Asprox, the botnet that used SQL injection attacks combined with result from search engine like Google to automatically infect Microsoft IIS powered websites? We did a talk (slides) at last Virus Bulletin about that, and for about a month now, we've been seeing some new variants in the wild. Like last December, a blind SQL injection targeting ASP pages using Transact SQL is attempted using the following chain as a request argument: DECLARE%20@S%20VARCHAR(4000);SET%20@S=CAST(0x4445434C41524520405420564...%20AS%20VARCHAR(4000));EXEC(@S) Once... [Read More]
by RSS David Maciejak  |  Nov 06, 2009  |  Filed in: Security Research
Today, I feel like telling you a true story that happened at Fortinet, the story of Jane Doe. Jane Doe works for Human Resources at the reception desk, so she is used to receiving lots of mail, UPS or DHL parcels for the company. Some time ago, Jane received an e-mail from DHL, notifying her they had been unable to deliver a parcel (see figure below). She does handle plenty of DHL parcels every day, consequently, she did not give this e-mail any particular attention and, quite absent-mindedly, tried to open the attachment. Fortunately, she did... [Read More]
by RSS Axelle Apvrille  |  Nov 05, 2009  |  Filed in: Security Research
Heap Spraying is a technique that can effectively increase the reliability of flaw exploitation code (aka "exploits") on various OS, and in many cases, go as far as enabling an exploit that would practically not "work" otherwise. It contributed tremendously to the popularity of exploits targeting Web browsers over the last years. As a matter of fact, it ended bothering Microsoft to the extent a protection against Heap Spraying was introduced in IE8. Besides Internet Explorer, Microsoft Office is also a privileged target of vulnerabilities researchers,... [Read More]
by RSS Bin Liu  |  Nov 02, 2009  |  Filed in: Security Research
The papers Bryan, Guillaume and I presented at Virus Bulletin 2009 have been available on the FortiguardCenter since yesterday: 'I am not a numero!': assessing global security threat levels - Bryan Lu Fighting cybercrime: technical, juridical, and ethical challenges - Guillaume Lovet Botnet-powered SQL injection attacks: a deeper look within - David Maciejak & Guillaume Lovet It's the 4th year in a row that Fortinet has had at least one paper in the line-up, but the first time we hit a count of three presentations. The conference was held... [Read More]
by RSS David Maciejak  |  Oct 29, 2009  |  Filed in: Security Research
Our October 2009 Threat Landscape Report has been posted, and it highlights some significant movement on the threat landscape. As always, be cautious out there - this month's report underscores the dangerous state of cyberspace (see "Danger, Danger" below). We hit some milestones this period, with total detected malware volume being at its highest in more than a year. While this volume has been generally increasing over the past six months, it surged significantly towards the end of September leading through October. In fact, detected volume this... [Read More]
by RSS Derek Manky  |  Oct 28, 2009  |  Filed in: Security Research
If smart phones were human, we would most probably compare them to assistants - you know, those organized persons we rely on to cope with our own lack of memory and who will remind us of any important meeting and never lose any valuable phone number. Others would perhaps compare them to close friends to whom one can tell secrets (your bank PIN ?) or with whom one shares a few holiday or family pictures. It looks like few of us consider the betrayal of such a close friend, turning him/her into our worst enemy. Yet, this is exactly what mobile phone... [Read More]
by RSS Axelle Apvrille  |  Oct 27, 2009  |  Filed in: Security Research
I previously wrote about the popularity of document exploits ("poisoned documents"), noting that such exploits would be well suited for targeted attacks on social networks. The usage of PDF has become ubiquitous to the world wide web, supported through many platforms - from desktops to smartphones. While most attacks still concentrate on one platform, innovative exploitations continue to arise, opening the door to further attack avenues. Such exploitations typically require much time and effort, which is clearly being invested and is a good indicator... [Read More]
by RSS Derek Manky  |  Oct 19, 2009  |  Filed in: Security Research
While it's no secret that modern crimeware kits are readily available for any individuals who wish to join the dark side, it has indeed become a rather large problem. Frameworks and recycled malicious code have long been used to spawn new attacks: some examples include RBot/Zotob, SDBot, Pushbot and of course, ZBot. Since the early millennium, these resources have accumulated and become more accessible in the digital underground, acting as a catalyst to the influx of malware and attacks that we witness today. The black hat process can be compared... [Read More]
by RSS Derek Manky  |  Oct 14, 2009  |  Filed in: Security Research
Lately, we've been fed with H1N1 flu security measures, with recommendations regarding how to clean our hands, sneeze or cough. I just wonder if we'd be so obedient if the same recommendations were issued for our computers or phones. Have a look at the advice below: on the left are CDC's recommendations against H1N1. On the right... Fortinet's recommendations against SymbOS/Yxes. Convinced? Will you follow them? [Read More]
by RSS Axelle Apvrille  |  Oct 13, 2009  |  Filed in: Security Research
The design of botnets has evolved considerably over the past several years, with the likes of Slapper and other high profile worms (Storm) moving to peer to peer. In addition to the introduction and malicious use of decentralized networks such as peer to peer and other innovations like fast flux, protocol design has equally evolved. Primitive protocols for command and control would simply use open standards such as IRC, commands sent across in plain text like any other IRC client would. However, cyber criminals nowadays place great effort into cloaking... [Read More]
by RSS Derek Manky  |  Sep 30, 2009  |  Filed in: Security Research