Security Research | Page 62

Links to malicious websites have frequently been used along with news headlines to provide an attractive lure to end users. The strategy is simple, and is quite effective due to its popularity. Most users can associate with recent news headlines, whether it be from a newsflash on TV, the radio, or simply talk at the water-cooler. Because of this, references to this content (in the form of links via e-mails or SEO campaigns) seem legitimate in nature, creating a false sense of security. Even worse, in the case of the latter - blackhat SEO campaigns... [Read More]
by RSS Derek Manky  |  Sep 16, 2009  |  Filed in: Security Research
At next week's Virus Bulletin VB2009 conference in Geneva, four members of the FortiGuard Global Security Research Team will be among the experts sharing their expertise on the topic of anti-malware. This is the fourth consecutive year that members of Fortinet's seasoned research team have been on the roster of the event, which is in its 19th year. Only 38 of more than 160 proposals were selected by the VB2009 committee for this year's conference program. That said, here are the presentations to check out: "Fighting cybercrime: technical, juridical... [Read More]
by RSS Rick Popko  |  Sep 15, 2009  |  Filed in: Security Research
Malicious links through instant messaging protocols are nothing new (think IM worms), however, recent attacks have been launched that leverage the popularity of social networking sites. I investigated a new link reported to be spreading through MSN, which is simple, yet potentially quite effective given the popularity of social networking sites and the ongoing use of instant messaging clients nowadays. The message (see Figure 1 below) read: "Hey, is this you?? haha :P http://facebook-photo/viewimage.php?". The last part of the link, a parameter... [Read More]
by RSS Derek Manky  |  Sep 11, 2009  |  Filed in: Security Research
Is there an upside to Payment Card Industry (PCI) compliance? In an interview with Kim Nguyen, Jason Wright, CISSP, reviews several security solutions that can help organizations achieve compliance. He also reveals an upside for those who may be frustrated by these industry mandates. [display_podcast] (Click the picture to watch the video) [Read More]
by RSS Rick Popko  |  Sep 09, 2009  |  Filed in: Security Research
Just happened to review our signature against virut-infected Web pages, and I would say, the infection is still very active until now. W32/Virut.CE is known to infect Web pages (HTML, ASP, and PHP) by injecting malicious iframe that redirects visiting users to Web sites serving malicious PDF and SWF files with different kinds of exploits. However, Virut is not the only agent of this iframe injection. Just minutes ago, I've searched a couple of infected Web sites specific for this injection compromise, and here's a good example. Figure 1 shows... [Read More]
by RSS Rex Plantado  |  Sep 01, 2009  |  Filed in: Security Research
There has been a lot of confusion lately concerning the SymbOS/Yxes worm. Among those, it has now dawned on me the so-called Transmitter.C reported in numerous articles on the net (for instance, here and here), is not sexySpace.sisx (detected as SymbOS/Yxes.E!worm): those are two different malware. Why ? As a matter of fact, several issues startled me (ordered from weakest to strongest point): Transmitter.C is reported to send a massive amount of SMS messages (they are talking about 500 SMS). If Transmitter.C is Yxes.E, it is surprising because... [Read More]
by RSS Axelle Apvrille  |  Aug 26, 2009  |  Filed in: Security Research
A team of British eccentrics has broken the 103-year-old record for a steam-powered car, previously standing at 127mph. The record now stands at close to 140mph, but with the super heated steam being injected into the turbine at more than twice the speed of sound, there is clearly more to the speed of the car than the speed of the steam. The good news about all this is that it does give us an excuse to look at the speed of security devices. Picking up your favourite data sheet, you can see speeds quoted based on link speeds, up to values... [Read More]
by RSS Darren Turnbull  |  Aug 26, 2009  |  Filed in: Security Research
Total detected malware volume continued a climbing trend this period, posting the highest levels detected to date this year. On top of this steep incline, highlighted since March 2009, the amount of distinct variants (malicious pieces of code) has also continued to gradually increase. Several malware attack waves were evident this period, most notably on the 24th of July when a huge surge of ZBot activity occurred through HTML/Agent.E!tr. In fact, this particular campaign posted record detection levels for a single-day run, surpassing that of the... [Read More]
by RSS Derek Manky  |  Aug 25, 2009  |  Filed in: Security Research
What's the difference between application visibility and true application security? In the below video, Rick Basile, Fortinet's senior director of technical services, chats with analyst Richard Stiennon about how the two approaches greatly differ, how a safe application could pose a threat to networks, and protection methods for applications in use by enterprises. (Click the picture to watch the video) [Read More]
by RSS Rick Popko  |  Aug 19, 2009  |  Filed in: Security Research
In case you are not familiar with the Symbian development process, application development features two major security meatures in Symbian OS 9.1 and greater. First, applications must specify their capabilities, i.e if an application uses Bluetooth connection, it must have the Symbian LocalServices capability. A few other interesting capabilities for malware are: NetworkServices: required to make a call, send HTTP requests etc. ReadUserData/WriteUserData: required to read/write user's contacts. UserEnvironment: to use the camera. Location: particularly... [Read More]
by RSS Axelle Apvrille  |  Aug 04, 2009  |  Filed in: Security Research