Fortinet Blog | News and Threat Research

A couple of days back, a game of Nerd Truth or Dare in the lab led to the shocking revelation that most of us were using our Facebook/Twitter accounts mainly to keep up with security blogs. Personally, being a twitter non-confo...

In the past month changes in the SpyEye botnet kit have more or less stopped, after a very busy year in which many new versions were released. I was recently looking at all of the information I have from testing and analysis of...

Tomorrow starts the quite famous - and ever sold-out - security conference Shmoocon, held in Washington DC until Sunday. The keynote this year will be filled by Peiter Mudge Zatko, inventor of L0phtcrack and early pioneer of ...

The W32/Seftad RansomWare has been spreading for a few days now, locking infected computers and trying to extort money for a recovery password. The infection is easily recognized by the text message below, which is displayed wh...

This month, Derek Manky, project manager, cyber security & threat research at Fortinet recorded an informative audio with Power Point presentation titled: “Threat Prevention: 2010 and Beyond.” This extremely enlightening di...

In January 2010, the Fortinet’s FortiGuard Labs threat researchers issued a report outlining their predictions for The Top 10 Security Trends for 2010. Now that we’re midway through the year, we thought it would be interesting ...

Although it is not a new idea to run an executable from within a PDF, the researcher Didier Stevens present a trick technique to make it more practical, “in the real world”. In this post I will dissect a PDF docume...

If you haven’t yet installed the latest patch apsb10-07 for your Adobe Reader and Acrobat, you should hurry. The exploit is in the wild! In this post I will dissect a PDF document (MD5: 48e0cc8629d492a64a2767949d2ed9bc), ...

Recently I’ve been working on an analysis of Sasfis botnet communications. During the tests I noticed that when the bot installs itself, it adds a registry key named “idid”, with some random looking data in it...

In-depth analysis of malware shows different methods of obfuscating their codes. They employ different tactics to hide themselves to harden analysis. They also dynamically load functions that they will be using. Those functions...

Two of Fortinet’s FortiGuard Labs researchers will be on hand at next week’s RSA Conference to present their research in the Fortinet booth theater (#2225). The presentations focus on ransomware and industrial spyin...

It’s been two months since we revealed the 3rd Generation Pushdo/Cutwail/Webwail Botnet communication protocol and encryption. Recently, while researching a new bot (GoolBot), we found another Pushdo-like malware spreadin...

It had been a while since we’d last seen a malware transferring credits to pre-paid phone cards. Our last encounter dated back to SymbOS/Flocker!tr.python early January 2009. It is happening again, with Java/GameSat.A!tr,...

Appearing in the first quarter of 2009, Gumblar spread rapidly and has become one of the biggest threats today1. Gumblar infects PC by exploiting vulnerabilities of Web Browsers and Browser Plugins, such as Adobe Acrobat Reader...

Microsoft released bulletin MS09-067 on Nov 10, 2009. Same as in 2008, this last bulletin for Microsoft Office Excel in 2009 gives a total number of 17 vulnerabilities for this popular product. As the biggest contributor, Forti...