malware | Page 22


In the September edition of Security Minute with Fortinet, researcher Derek Manky talks about the most prevalent threats and threat trends plaguing the internet over the last 30 days, including the latest Twitter worm, Zeus and Zitmo, various software vulnerabilities, and the "Here You Have" virus. [Read More]
by RSS Rick Popko  |  Sep 30, 2010  |  Filed in: Security Research
Since the Belarus vendor VirusBlokAda pulled the alarm last week on a new malware deemed “Stuxnet”, a whole lot of information has been released here and there on different portions of the threat. As a matter of fact, the Stuxnet case presents a certain level of multiplicity, as it consists in an “exploit” part, a “rootkit” part, involves specific infection vectors, targets a specific class of victims, and has unusual characteristics (for instance regarding software certificates). The subsequent fragmentation of information across the... [Read More]
by RSS Guillaume Lovet  |  Jul 21, 2010  |  Filed in: Security Research
On Symbian phones, most malware are either implemented natively in C++ (over the Symbian API) or in Java (midlets). SymbOS/Enoriv.A!tr.dial uses another language called m. Usually, m scripts (.m extension) are run within the m environment, (mShell) using the various features offered by m library modules (messaging, obex, video, zip...). This is comparable to Java midlets, which run over a Java environment and use various Java API packages. The m scripts can also be compiled to be included in a stand-alone Symbian application. In that case, the... [Read More]
by RSS Axelle Apvrille  |  Apr 13, 2010  |  Filed in: Security Research
A few days ago we encountered a new variant of the Symbian worm, Yxes, that we named SymbOS/Yxes.H!worm. This worm contacts malicious remote servers, which host Java Server Pages, and propagates by sending 'attractive' SMS messages. For instance, this new variant sends an SMS with an URL promising private information concerning a Chinese actress. Globally, the logic (and much of the code) is the same as in previous variants. Yet, there are a few updates, one of the main ones being the use of new remote malicious Java Server Pages. I guess every... [Read More]
by RSS Axelle Apvrille  |  Mar 04, 2010  |  Filed in: Security Research
It had been a while since we'd last seen a malware transferring credits to pre-paid phone cards. Our last encounter dated back to SymbOS/Flocker!tr.python early January 2009. It is happening again, with Java/GameSat.A!tr, a Java ME midlet which is currently in the wild. Indosat, an Indonesian telecom operator, offers IM3 (Indosat Multimedia 3) customers the ability to transfer (small) funds between two accounts. This is known as 'pulse transfer' or 'M3-Transfer' and it works by ... SMS, without PIN nor registration ! The money is transferred from... [Read More]
by RSS Axelle Apvrille  |  Jan 26, 2010  |  Filed in: Security Research
AV Lab's honeypots have just started catching new malware seeding campaigns leveraging vaccination profiles for the H1N1 virus. The message is sent as a notification from the "Centers for Disease Control and Prevention (CDC)". Because the sender's email is spoofed and because the URL leading to the rogue website contains a "gov" subdomain, which can be mistaken for the top-level domain, the message may seem plausible to many people. Here is what the email looks like: From: "Centers for Disease Control and Prevention (CDC)" <info-mess-id:01203428med@cdcmails.gov>... [Read More]
by RSS Karine de Ponteves  |  Dec 01, 2009  |  Filed in: Security Research
There has been a lot of confusion lately concerning the SymbOS/Yxes worm. Among those, it has now dawned on me the so-called Transmitter.C reported in numerous articles on the net (for instance, here and here), is not sexySpace.sisx (detected as SymbOS/Yxes.E!worm): those are two different malware. Why ? As a matter of fact, several issues startled me (ordered from weakest to strongest point): Transmitter.C is reported to send a massive amount of SMS messages (they are talking about 500 SMS). If Transmitter.C is Yxes.E, it is surprising because... [Read More]
by RSS Axelle Apvrille  |  Aug 26, 2009  |  Filed in: Security Research
There are days where I wonder if people really care about privacy (except for these people). Most people don't see any problem in telling the entire world what they're doing (Twitter), who they know or see (Facebook) or where they are: the kind of stuff teenagers hate to tell their parents. Mobile phones are just the perfect platform for spying because they are portable (iPhones are such beauties one hates to leave them behind!) and seen as private devices (would you share your nice iPhone, huh?). Depending on functionalities, mobile spyware record... [Read More]
by RSS Axelle Apvrille  |  Jul 16, 2009  |  Filed in: Security Research
Our April 2009 Threat Landscape Report is now available, recapping a month of threat activity from exploits and malware, to spam. Here are some key movements from the report along with comments: Waledac is one of the most active malware families to be on the lookout for. This period, we saw a fifth campaign hit since the beginning of this year, serving up malicious variants disguised as SMS spying software. With frequent campaigns, heavy server side polymorphism, binaries packed with fluctuating seed lists (portions of its network), and peer to... [Read More]
by RSS Derek Manky  |  Apr 28, 2009  |  Filed in: Security Research
The French Post Office now offers a new online Web service for end-users to print their own stamps, on their own printers.* Although I hate lining up for stamps at the post office, I just wonder if they really have thought it through. The stamps are issued for a 60-day period, and they contain a small 2D barcode on the right proving their authenticity. This code probably contains a signature of the expiration date (of course) and the stamp's value (otherwise a given authenticity code could be re-used on a stamp with a greater value). By the way,... [Read More]
by RSS Axelle Apvrille  |  Apr 13, 2009  |  Filed in: Security Research