malware' | Page 22


Last year, tech giant Yahoo! Inc. fell victim to a cyberattack. But unlike other high-profile attacks, the culprit wasn't an APT or sophisticated threat sourced to a nation state. The weapon of choice was a simple SQL injection. According to reports, the miscreants targeted a vulnerability in a Yahoo! Web application some was thought to be associated with the company's VoIP phone service, Yahoo! Voices. SQL injection attacks remain some of the most widely used cyberweapons for one main reason: They work. A Structured Query Language (SQL) injection... [Read More]
by RSS Stefanie Hoffman  |  Jul 30, 2012  |  Filed in:
If you have an email account, it's pretty much guaranteed that you've seen a scam email... or worse, fallen prey to one. There is a big percentage of emails in cyberspace that belongs to the scam category. Emails that asks you to fill-out a survey form for a chance to win a vacation of a lifetime. Perhaps you've received an email that asks you about your financial information because they want to give you a big inheritance. Maybe it's an email that wants to let you in on an online deal that seems too good to be true. But scamming is not confined... [Read More]
by RSS Raul Alvarez  |  Jul 30, 2012  |  Filed in: Industry Trends
Botnets for years have been leveraged as a cybercrime tool to commit any variety of nefarious activity ranging from Website defacement and DDoS to the proliferation of malware and theft of sensitive information. Lately, the cyber community can add one more to the list mining the digital currency Bitcoin. In the new Bitcoin heists, the botnets that take over a victim's computer aren't intended to steal a victim's money - although they are certainly capable of doing that, too. However, in the latest shenanigans, the malware compromises a computer... [Read More]
by RSS Stefanie Hoffman  |  Jul 30, 2012  |  Filed in: Industry Trends
With the migration of most services to the cloud, some enterprising Android malware developers have decided to profit from this. Google provides a service known as Cloud to Device Messaging (C2DM) that allows developers to send messages from Google's servers to their applications on Android devices. Android/FakeInst.C!tr, a malware variant we came across recently, employs exactly this service to carry out its malicious activities. The variant is similar to other samples of the Android/FakeInst family that we have encountered. These samples pose... [Read More]
by RSS Ruchna Nigam  |  Jun 13, 2012  |  Filed in: Security Research
Denis Maslennikov reported a new SMS trojan, Android/Mania, which emanates from France. This malware hasn't any outstanding functionality - it silently sends SMS messages to a short number, something we only see too often in mobile malware - except it happens to clearly originate from France. As our European lab is based in France, we investigated it with particular interest. Thanks Denis for sharing. What we learned in a few points: All samples we got our hands on send 7 SMS messages to the same French short number 84242. This is a "SMS+" short... [Read More]
by RSS Axelle Apvrille  |  Jun 06, 2012  |  Filed in: Security Research
As explained in our previous post (DroidKungFu is getting smarter), DroidKungFu now comes in 7 different flavors. Here is an updated graph of their similarities. Just like our previous graph (Clarifying Android DroidKungFu variants), each block represents a variant, intersections showing how many similar methods are implemented*. All variants can download and install new packages, start an application (activity), open a URL in the browser and delete a package**. Although the F variant intentionally piggybacks legitimate applications that use... [Read More]
by RSS Karine de Ponteves  |  Jun 01, 2012  |  Filed in: Security Research
You ran all the scans, conducted all the tests and yep…you've got malware Last month, we detailed steps you could take in those critical and panic-filled moments when you realized that you might have clicked on a malicious link or opened an infected attachment, but weren’t quite sure you’d been infected. Now, in a follow-up, we'll note a few actions you can take in the event that malware was indeed installed on your computer. First, nothing substitutes for the expertise of an IT professional for an accurate assessment of your computer’s... [Read More]
by RSS Stefanie Hoffman  |  May 02, 2012  |  Filed in: Industry Trends
Much like Ninja Turtles, DroidKungFu now comes in different flavours (5 so far), discovered by Pr. Xuxian Jiang (and research team) and Lookout. If, like me, you are having difficulties keeping track of those variants, this post is for you :) The similarities and differences between all 5 variants are depicted below. The various blocks represent each variant, and their intersection shows how many methods they share exactly*. All variants share the same malicious commands (CMD box). They can download and install new package, start a program (called... [Read More]
by RSS Axelle Apvrille  |  Oct 26, 2011  |  Filed in: Security Research
QR code with a link to Riskware/Jifake!Android A long time ago, more than 2 years ago actually, I blogged about the dangers of QR codes: "virus gangs could use this technology to have the end-user follow malicious links or send messages to premium numbers" and, this is exactly what happened a few days ago, when Denis Maslennikov found a QR code leading to a mobile malware, named Jifake, that sends SMS messages to a premium number. I told you so, and I couldn't resist telling you ;) QR codes are very handy, but they're an incredible vector... [Read More]
by RSS Axelle Apvrille  |  Oct 03, 2011  |  Filed in: Security Research
This is a short update to our prior post concerning Zitmo on Android. Is this really Zitmo? This fake Trusteer malware shows several differences with prior Symbian variants, but, for simplicity (and because it's easy to remember), we call it Zitmo. This does not mean this variant was written by the same authors (no proof on that account, one way or another) nor that it has exactly the same technical functionalities or even, depending on naming policies, the same name among AV vendors, but what we mean is that this sample was propagated by ZeuS... [Read More]
by RSS Axelle Apvrille  |  Jul 18, 2011  |  Filed in: Security Research