While some of everyone's social media presence is inevitably publicly viewable, there are parts that we only want shared/visible to "friends" or other confirmed connections. Facebook, which is already using security tools like HTTPS with HSTS (HTTP Strict Transport Security) to authenticate and secure user/Facebook connections -- and offering a Tor "onion" site for users wanting even more security, announced on June 1 that it will be (slowly) letting (some) users PGP-encrypt the content (as in, message body and attachments,... [Read More]
by RSS Daniel Dern  |  Jun 09, 2015  |  Filed in: Industry Trends & News
A few weeks ago, our FortiGuard Labs Threat Intelligence system discovered some new suspicious samples as usual. One of these samples caught our attention when we checked its network traffic. For this particular sample, which Fortinet already detects as W32/Foreign.LXES!tr, we found that most of its communication has the HTTP/1.1 404 Not Found status, which should mean that some error has occurred generally. But when we analysed the data further, we realized that it was actually a special trick. The Ping & Pong Commands When it first... [Read More]
by RSS He Xu  |  Apr 09, 2015  |  Filed in: Security Research
Advanced Persistent Threats (APTs) usually start off with using a common tactic, which is through a spear phishing email. Disguised as coming from a well-known organization, the email certainly draws the user's attention, as seen in the one that I've recently received. Figure 1: Spear phishing email The unsuspecting user may open up the attached ZIP file and double click the extracted file, which turns out to be malware. This particular malware, which we detect as W32/Bublik.BDYG!tr, is found to be a simple downloader which is relatively small... [Read More]
by RSS Danny Choi  |  Oct 28, 2013  |  Filed in: Security Research
I had always wanted to look into Firefox OS. It's done. I created my first application. What kind of application does a reverse engineer write as first app? A CrackMe of course. You can try it: the sources are available here. But, honestly, it is really a very (very) simple CrackMe, as my real goal was to get acquainted with Firefox OS, and understand the possible risks in terms of malware. We, anti-virus analysts, won't need disassemblers or decompilers for Firefox OS malware That's cool, isn't it (although part of the mystery of our job is... [Read More]
by RSS Axelle Apvrille  |  Jul 30, 2012  |  Filed in: Security Research