Last week, FortiGuard Labs announced a remote denial of service vulnerability in the Teradata Gateway and Teradata Express. Teradata is a leading provider of big data solutions including business intelligence, data warehousing, CRM, and more. Many high-profile global enterprises use Teradata and the vulnerability could be used for corporate espionage or to to draw attention away from other malicious actions such as exfiltrating data and compromising other systems. Because this vulnerability does not require an attacker to be authenticated, it... [Read More]
by RSS Anthony Giandomenico  |  Jul 23, 2015  |  Filed in: Security Research
Normal Java JAR or class format samples can be easily analyzed with Java decompiler tools, such as JAD and JD-GUI. Not so with those obfuscated ones, where decompiling results may be empty or not clear. When this happens, we need to then analyze the JVM (Java Virtual Machine) p-code. Nowadays, more and more Java malware use anti-decompiling techniques to increase the difficulty of analysis. In this blog post, we will analyze a new JAR obfuscated packer that is being used by Java malware, using a sample that we detect as Java/Obfus.CI!tr as an example. Decompiling... [Read More]
by RSS Ruhai Zhang  |  Dec 01, 2014  |  Filed in: Security Research
Want to impress friends with eccentric ways to send SMS messages? This article is for you. As a matter of fact - and closer to the official goal - this article can also help analysts spot unexpected SMS sending in malware. SMS for Java-kiddies Sending SMS from a Java ME midlet is simple enough for any kid :) Import the MessageConnection and TextMessage package: import javax.wireless.messaging.MessageConnection; import javax.wireless.messaging.TextMessage; Instantiate a MessageConnection object and a TextMessage object of type TEXT_MESSAGE.... [Read More]
by RSS Axelle Apvrille  |  Jun 07, 2010  |  Filed in: Security Research