Fortinet

Unless you have been cut from the net this last week, you probably know by now iPhones are facing their first set of malware (first ? well, actually, not quite as we have already detected spyware for iPhones): it’s just all over the web. Those malware target jailbroken iPhones whose the default root password (‘alpine’) [...]

Flash exploits targeting the old integer overflow vulnerability (CVE-2007-071) in Flash Player are still relatively active and multiplying on the base of the early versions exploit code, with more or less slight differences. One such variation was rendered tremendously more stealth and reliable, thanks to the use of a Flash run-time packer spawning a multiplexer [...]

Since my last post on Jane Doe and Bredolab, John has been slightly jealous of her fame. He told me that, he too, as a manager of the returned material service, was dealing with plenty of parcels and that he could have been the perfect target. As I was curious to see what a genuine [...]

Laurent Gaffié disclosed on Nov. 11 on his blog a proof of concept written in Python. This occured just the morrow after the Black Tuesday, and seems the author does not follow responsible disclosure, and decided to publicly disclosed the code, as he disagreed with Microsoft’s answer (they wanted to delay the patch in a [...]

Do you remember Asprox, the botnet that used SQL injection attacks combined with result from search engine like Google to automatically infect Microsoft IIS powered websites? We did a talk (slides) at last Virus Bulletin about that, and for about a month now, we’ve been seeing some new variants in the wild. Like last December, [...]