malware


For us at FortiGuard, it always sounds like a bad idea for people to share malware source code, even if it is for academic or educational purposes. For example, on GitHub we can currently find more than 300 distinct repositories of ransomware, which gives you some idea about the attention that this form of malware receives. Although ransomware has the highest profile in the threat landscape at the moment, that does not mean that other threats have disappeared. Android is the most wide spread OS on mobile devices, covering around 80% of the... [Read More]
by RSS Dario Durando & David Maciejak  |  Apr 26, 2017  |  Filed in: Security Research
Fortinet has partnered with INTERPOL over the past two years to assist in identifying and thwarting cybercrime. Today, INTERPOL announced that a new operation across the ASEAN region, built around threat intelligence provided by Fortinet and other public and private sector security organizations, has resulted in the identification of nearly 9,000 Command and Control (C2) servers and hundreds of compromised websites, including government portals. [Read More]
by RSS Bill McGee  |  Apr 24, 2017  |  Filed in: Security Research
FortiGuard Labs has put together answers to some of the most frequently asked questions you may have about the new emerging technology called WebAssembly (WA). What is WebAssembly? WebAssembly is a low-level, portable, binary format for the web that aims to speed up web apps. It is designed to parse faster (up to 20X), and execute faster than JavaScript (JS). When was it announced? The WebAssembly Community Group was created in April 2015, with the mission of “promoting early-stage cross-browser collaboration on a new, portable,... [Read More]
by RSS David Maciejak  |  Apr 13, 2017  |  Filed in: Security Research
In every country and region in the world, tax season is also a time when we see a spike in scams, phishing, and targeted malware. The tax return season in the US is coming to the end. Have you filed your tax return yet? Did you receive any notifications from the IRS (the Internal Revenue Service) in your email?  We did, but not from the real IRS. (Remember, the IRS never communicates important information with taxpayers by email.) FortiGuard Labs recently collected a number of malware samples related to the current tax season in the US.... [Read More]
by RSS Xiaopeng Zhang  |  Apr 13, 2017  |  Filed in: Security Research
During the process of analyzing android malware, we usually meet some APK samples which hide or encrypt their main logic code.  Only at some point does the actual code exist in the memory, so we need to find the right time to extract it.  In this blog, I present a case study on how to repair a DEX file in which some key methods are erased with NOPs and decrypted dynamically when ready to be executed. Note: All the following analysis is based on android-4.4.2_r1(KOT49H). Let’s start our journey! First, I open the classes.dex... [Read More]
by RSS Kai Lu  |  Apr 05, 2017  |  Filed in: Security Research
Today, Fortinet released our quarterly Threat Landscape Report for Q4 of 2016. The data in it was drawn from millions of security devices located around the world that analyze up to 50 billion threats a day. Which means that the conclusions and trends detailed in this report are based on over a trillion security events that occurred between Oct 1 and Dec 31, 2016. [Read More]
by RSS Derek Manky  |  Mar 28, 2017  |  Filed in: Security Research
A monthly review of some of the previous month's most interesting security research publications [Read More]
by RSS Axelle Apvrille  |  Mar 24, 2017  |  Filed in: Security Research
Digital Video Recorders / Network Video Recorders (DVR/NVR) Back in 2015, our telemetry detected a relatively small number of IPS signature hits on known vulnerabilities targeting DVR/NVR devices (~ 749 hits). In 2016, however, we saw this number increase alarmingly to around 1.5 million hits. By using a size comparison chart again, we can see the huge increase more clearly when we compare both years, as shown below: The question, of course, is what contributed to this huge increase in detected hits? Once again, let’s look at the... [Read More]
by RSS Gavin Chow  |  Mar 24, 2017  |  Filed in: Security Research
On March 16, FortiGuard Labs captured a new Word file that spreads malware by executing malicious VBA (Visual Basic for Applications) code. The sample targeted both Apple Mac OS X and Microsoft Windows systems. We then analyzed the sample, and in this blog we are going to explain how it works, step by step. When the Word file is opened, it shows notifies victims to enable the Macro security option, which allows the malicious VBA code to be executed. Malicious Word File is Opened Figure 1. Asks victim to enable Macro security option Once... [Read More]
by RSS Xiaopeng Zhang & Chris Navarrete  |  Mar 22, 2017  |  Filed in: Security Research
Ztorg, also known as Qysly, is one of those big families of Android malware. It first appeared in April 2015, and now has over 25 variants, some of which are still active in 2017. Yet, there aren't many technical descriptions for it - except for the initial Ztorg.A sample - so I decided to have a look at one of the newer variants, Android/Ztorg.AM!tr, that we detected on January 20, 2017. The sample poses a "Cool Video Player" and its malicious activity was so well hidden I initially thought I had run into... [Read More]
by RSS Axelle Apvrille  |  Mar 15, 2017  |  Filed in: Security Research