malware' | Page 23


date: 2014-05-01 01:00:00 -0700 category: "Security Research" [ This article originally appeared in Virus Bulletin ](http://www.virusbtn.com/virusbulletin/archive/2014/02/vb201402-Sality) [ For Part 1 of this article Click Here ](http://blog.fortinet.com/Salted-Algorithm---Part-1/) Sality has been around for many years, yet it is still one of today's most prevalent pieces of malware. Last month, we described Sality's algorithm, showing the strengths of its encryption, how it uses the stack as temporary memory for code manipulation, and... [Read More]
by RSS Raul Alvarez  |  Jul 30, 2012  |  Filed in: Security Research
Get rid of clichés: "Most of anti-virus software products detect malware pieces only through simple checksums. This is often the case for the anti-virus engines which are integrated into network gateways." People mainly believe that the main reason is that network gateways have limited resources to process the sheer amount of data exchanged through it "in real time". And also due to the fact that their OS is "embedded" thus limited. So people think that the bottom line is: "Too easy to bypass !" Let's be clear: reality is more... [Read More]
by RSS Alexandre Aumoine  |  Jul 30, 2012  |  Filed in: Security Research
We recently had a company contact us regarding an email they received from their bank. The company's access to its online banking account was blocked by its bank due to fraudulent activity observed through the account. A screenshot of the email received can be seen below. What I found extremely strange and suspicious about the email, and set the alarm bells ringing in my head, was the fact that the email contained 5 zip-compressed images as attachments. After going through it a second time, even the Anti-Virus link started to feel suspicious. Even... [Read More]
by RSS Ruchna Nigam  |  Jul 30, 2012  |  Filed in: Security Research
Last week the security world was abuzz with news of a new attack vector for mobile attacks. The malware was sent to the accounts of Tibetan human rights advocates and activists from the hacked account of one of the activists regarding the the World Uyghur Congress (WUC) Conference that took place in Geneva from 11-13 March, 2013. What made the piece of malware particularly interesting was the targeted nature of the attack, once again highlighting the political aspect of cyber warfare and making us question whether governments and legitimate organizations... [Read More]
by RSS Ruchna Nigam  |  Jul 30, 2012  |  Filed in: Security Research
Last year, tech giant Yahoo! Inc. fell victim to a cyberattack. But unlike other high-profile attacks, the culprit wasn't an APT or sophisticated threat sourced to a nation state. The weapon of choice was a simple SQL injection. According to reports, the miscreants targeted a vulnerability in a Yahoo! Web application some was thought to be associated with the company's VoIP phone service, Yahoo! Voices. SQL injection attacks remain some of the most widely used cyberweapons for one main reason: They work. A Structured Query Language (SQL) injection... [Read More]
by RSS Stefanie Hoffman  |  Jul 30, 2012  |  Filed in:
If you have an email account, it's pretty much guaranteed that you've seen a scam email... or worse, fallen prey to one. There is a big percentage of emails in cyberspace that belongs to the scam category. Emails that asks you to fill-out a survey form for a chance to win a vacation of a lifetime. Perhaps you've received an email that asks you about your financial information because they want to give you a big inheritance. Maybe it's an email that wants to let you in on an online deal that seems too good to be true. But scamming is not confined... [Read More]
by RSS Raul Alvarez  |  Jul 30, 2012  |  Filed in: Industry Trends
Botnets for years have been leveraged as a cybercrime tool to commit any variety of nefarious activity ranging from Website defacement and DDoS to the proliferation of malware and theft of sensitive information. Lately, the cyber community can add one more to the list mining the digital currency Bitcoin. In the new Bitcoin heists, the botnets that take over a victim's computer aren't intended to steal a victim's money - although they are certainly capable of doing that, too. However, in the latest shenanigans, the malware compromises a computer... [Read More]
by RSS Stefanie Hoffman  |  Jul 30, 2012  |  Filed in: Industry Trends
With the migration of most services to the cloud, some enterprising Android malware developers have decided to profit from this. Google provides a service known as Cloud to Device Messaging (C2DM) that allows developers to send messages from Google's servers to their applications on Android devices. Android/FakeInst.C!tr, a malware variant we came across recently, employs exactly this service to carry out its malicious activities. The variant is similar to other samples of the Android/FakeInst family that we have encountered. These samples pose... [Read More]
by RSS Ruchna Nigam  |  Jun 13, 2012  |  Filed in: Security Research
Denis Maslennikov reported a new SMS trojan, Android/Mania, which emanates from France. This malware hasn't any outstanding functionality - it silently sends SMS messages to a short number, something we only see too often in mobile malware - except it happens to clearly originate from France. As our European lab is based in France, we investigated it with particular interest. Thanks Denis for sharing. What we learned in a few points: All samples we got our hands on send 7 SMS messages to the same French short number 84242. This is a "SMS+" short... [Read More]
by RSS Axelle Apvrille  |  Jun 06, 2012  |  Filed in: Security Research
As explained in our previous post (DroidKungFu is getting smarter), DroidKungFu now comes in 7 different flavors. Here is an updated graph of their similarities. Just like our previous graph (Clarifying Android DroidKungFu variants), each block represents a variant, intersections showing how many similar methods are implemented*. All variants can download and install new packages, start an application (activity), open a URL in the browser and delete a package**. Although the F variant intentionally piggybacks legitimate applications that use... [Read More]
by RSS Karine de Ponteves  |  Jun 01, 2012  |  Filed in: Security Research