Fortinet Blog | News and Threat Research

As a “Crypto Girl” should, I wish to report that the latest Android malware, Android/DroidKungFu, uses AES encryption. It is certainly not the first time Android malware use cryptographic encryption - we have alrea...

When analyzing a new botnet, I tend to focus heavily on the network messages. After all, they are the glue that holds the botnet together. So one of the first things I did, when working on our new analysis of the Ozdok/Mega-D b...

Recently I’ve been working on an analysis of Sasfis botnet communications. During the tests I noticed that when the bot installs itself, it adds a registry key named “idid”, with some random looking data in it...

It had been a while since we’d last seen a malware transferring credits to pre-paid phone cards. Our last encounter dated back to SymbOS/Flocker!tr.python early January 2009. It is happening again, with Java/GameSat.A!tr,...

While looking at some Pushdo botnet messages recently, I noticed a repeating pattern in the data. Here is an example, taken from an area where the pattern is most obvious: 0340  13 63 cc 69 13 63 cc 69 13 63 cc 69 53 63 cc 2b ...

Read this article if you use CRC32, or if you know it is unsecure but think it is good enough in your case. CRC32 - Cyclic Redundancy Check with 32 bits of output - is a widely used checksum algorithm. It is designed to detect...

Not so long ago, I arrived, all fresh and pumping, from a world full of cryptography – you know, RSA, AES, SHA256 etc. – very excited to discover a new face to computer security. It’s always in such situations...