malware' | Page 22


The concept behind advanced persistent threats (APTs) isn't new. Cybercriminals have been relying on advanced software to leverage attacks that steal data or disrupt systems since the dawn of the computer age. But what distinguishes modern APTs from previous advanced malware? According to Richard Henderson's Fortinet report "Threats on the Horizon: The Rise of Advanced Persistent Threats ," their distinguishing factors are sophistication and stealth, along with diverse attack vectors, copious resources and relentless perseverance. While the... [Read More]
by RSS Stefanie Hoffman  |  Jul 10, 2013  |  Filed in: Industry Trends
Insomni'hack 2013 took place last week at Geneva and I had the opportunity to attend. Insomni'hack DAY 1 consisted of one day workshops on subjects ranging from "Linux exploitation" to "How to make sure your Pentest Report is never empty". I had the chance to attend a workshop on "Practical ARM exploitation" given by black Steve (@s7ephen) and white Steve (Stephen Lawler). We initially had trouble getting the Gumstix we were supposed to work on running due to the difference in voltage levels between the US and Europe (it's about time the world... [Read More]
by RSS Ruchna Nigam  |  Mar 25, 2013  |  Filed in: Security Research
Android/Claco.A!tr is a new mobile malware that has been in the news recently for it's unique ability to infect PCs. Even though we've seen an attack vector of this kind on the Symbian OS before (SymbOS/CardTrap), this would be the first of it's kind on the Android platform. The malicious packages come under the names SuperClean and DroidCleaner and claim to be applications that can speed up your phone. Upon looking into the code, we realize that the "strategy" used to speed up the phone is to mainly restart the running applications. BOTNET... [Read More]
by RSS Ruchna Nigam  |  Feb 06, 2013  |  Filed in: Security Research
I recently came across an Android malware sample that does your usual data stealing i.e. leaking data from the victim's phone such as the phone number, contact information etc. Most vendors name this sample Uranico (Android.Uranico, Trojan:Android/Uranico.A) based on the package name "com.link.uranai". However, a closer look at the sample led to the realization that it looked a lot like a sample I had seen before : Android/Loozfon.A!tr, and was hence a variant of it. Hence, we decided to name it Android/Loozfon.B!tr. What led to this correlation... [Read More]
by RSS Ruchna Nigam  |  Jan 14, 2013  |  Filed in: Security Research
Zitmo Attack Scenario - taken from my slides at ShmooCon, January 2011 Zitmo's attack scenario, taken from CheckPoint's and VerSafe's white paper (Dec 2012) Recently, Check Point and Versafe published a white paper on a mobile banking trojan they named Eurograbber. In fact, this is not new, it is called Zitmo, and s21sec, and Fortinet (and others !) have been talking about it for nearly two years. In January 2011, Kyle Yang and I presented full details of Zitmo at ShmooCon: the attack scenario, the syntax of commands, the processing of incoming... [Read More]
by RSS Axelle Apvrille  |  Dec 07, 2012  |  Filed in: Security Research
Feel free to browse through our Zitmo timeline. Please note that variant naming depends on many factors including but not limited to chronology. Hence variant letters (.A) don't always reflect the order of appearance in the wild. [Read More]
by RSS Karine de Ponteves  |  Nov 19, 2012  |  Filed in: Security Research
Another Android malware is currently in the wild in France, as we have recently discovered. This malware poses as a Flash Player installer and steals your incoming SMS messages by forwarding them to a remote server. We have named it Android/Fakelash.A!tr.spy. Contrary to many Android malware which are downloaded from underground or legitimate marketplaces (see here, here, here, here... ), this one is propagating via a link in a SMS. For example, the victim below complains he received an SMS from 10052 saying "For proper function of your device,... [Read More]
by RSS Axelle Apvrille  |  Sep 21, 2012  |  Filed in: Security Research
While going through our regular (and never-ending) supply of malicious Android samples, we came across an interesting variant a couple of days back. Like most Android Trojans these days, the piece of malware benefits by sending out SMS messages from the victim's phone, monitoring incoming SMS messages and selectively blocking certain messages. This particular variant, however, has earned itself a notorious reputation after having infected 500,000 Android users in China. The Trojan comes in the form of wallpaper application package files (APKs),... [Read More]
by RSS Ruchna Nigam  |  Sep 18, 2012  |  Filed in: Security Research
Recently, a new trojan named Android/Fakemart caught our attention as it is operating in France, where our EMEA labs are located. The malware poses as a Winamp Pro application or a Black Market application (Black Market is an alternative to Android's Google Play market) but has none of its functionalities. Instead, it sends SMS messages to premium phone numbers - at the victim's expense - and contacts a few remote servers. See details here. Sending SMS to premium phone numbers is a common method among mobile malware to make money. At one point... [Read More]
by RSS Axelle Apvrille  |  Sep 03, 2012  |  Filed in: Security Research
date: 2014-05-01 01:00:00 -0700 category: "Security Research" [ This article originally appeared in Virus Bulletin ](http://www.virusbtn.com/virusbulletin/archive/2014/02/vb201402-Sality) [ For Part 1 of this article Click Here ](http://blog.fortinet.com/Salted-Algorithm---Part-1/) Sality has been around for many years, yet it is still one of today's most prevalent pieces of malware. Last month, we described Sality's algorithm, showing the strengths of its encryption, how it uses the stack as temporary memory for code manipulation, and... [Read More]
by RSS Raul Alvarez  |  Jul 30, 2012  |  Filed in: Security Research