Fortinet Blog | News and Threat Research

Following the disappointment at the failure of the end of the world, we decided to do a little recap on the Project Blitzkrieg that has been widely talked about in the security community over the past couple of months following...

Zitmo Attack Scenario - taken from my slides at ShmooCon, January 2011 Zitmo’s attack scenario, taken from CheckPoint’s and VerSafe’s white paper (Dec 2012) Recently, Check Point and Versafe published a wh...

Feel free to browse through our Zitmo timeline. Please note that variant naming depends on many factors including but not limited to chronology. Hence variant letters (.A) don’t always reflect the order of appearance in t...

A new sample of Zitmo is out, pretending to be an Android Security Suite. Like others in Zitmo, the malware is a SMS spy: it forwards incoming SMS message to a remote server. This particular sample responds to a few basic SMS c...

“Big” seemed to epitomize last week in security—from big botnet takedowns to big breaches to big privacy issues related to a certain social networking site. Here is this week’s lowdown. Zeus Takedown: Microsoft kicked of...

This is a short update to our prior post concerning Zitmo on Android. Is this really Zitmo? This fake Trusteer malware shows several differences with prior Symbian variants, but, for simplicity (and because it’s easy to...

Zitmo is a mobile malware Fortinet has particularly been focusing on since the beginning (see our first blog post and my presentation at ShmooCon 2011) as it is one of the first palpable signs organized criminals show interest ...

Tomorrow starts the quite famous - and ever sold-out - security conference Shmoocon, held in Washington DC until Sunday. The keynote this year will be filled by Peiter Mudge Zatko, inventor of L0phtcrack and early pioneer of ...

In prevision of the anticipatedmerge between the two infamous banking malware ZeuS and SpyEye, our Threat Analyst Kyle Yang spent some time dissecting the most current version of SpyEye we could get our hands on (W32/SpyEye.C!t...

In our previous post, we detailed how Zeus bots locate, download and decode their configuration data upon installation.The second step in the early communication protocol consists of bots reporting various info to the C&C s...

We’ve just spent two days looking into the ‘new’ variant of Zbot, a.k.a. ZeuS, the infamous crimeware kit. There are many interesting features, like the VNC plugin, API hooks, ftp password stealer, etc. In this series of posts,...

On this episode of Network World’s Security Landscape, Derek Manky from Fortinet and Keith Shaw discuss the latest security threats seen worldwide. This includes the rise of do-it-yourself crimeware botnet kits, as well a...

In the September edition of Security Minute with Fortinet, researcher Derek Manky talks about the most prevalent threats and threat trends plaguing the internet over the last 30 days, including the latest Twitter worm, Zeus and...

While wearing my eyes off on the assembly code of the Symbian malware Zitmo, I had been quite embarrassed not to find any clear link with stealing online banking credentials as the rest of the ZeuS attack seemed to indicate. Th...

During the weekend, in our monitoring of the Zeus botnet, my colleague Kyle Yang stumbled upon an unexpected payload: a brand new mobile malware piece we named SymbOS/Zitmo.A!tr (Zitmo standing for “Zeus In The MObileR...