Fortinet Blog | News and Threat Research

Zitmo Attack Scenario - taken from my slides at ShmooCon, January 2011 Zitmo’s attack scenario, taken from CheckPoint’s and VerSafe’s white paper (Dec 2012) Recently, Check Point and Versafe published a wh...

Feel free to browse through our Zitmo timeline. Please note that variant naming depends on many factors including but not limited to chronology. Hence variant letters (.A) don’t always reflect the order of appearance in t...

Thank you to everyone who tried to solve our FortiChallenge 2k11! We’ve had way more participants than expected, and two winners : 1. Shirley Chen 2. Nagy Ferenc László Shirley and Nagy found the secret sentence, witho...

It’s high time the Crypto Girl talks about Crypto, isn’t it? A few days ago, I analyzed a malicious Opera Updater, named SymbOS/OpFake.A!tr.dial, and was surprised to discover it uses a** 91-byte XOR key** to conce...

Any progress on our FortiChallenge 2k11? After the first clue, here is the second. Just a reminder that the first hint is meant to help you to find the good way with hashes. Don’t miss the modification, Crypto Girl hate...

Stuck on our FortiChallenge 2k11? Here’s a first hint! Translations: La fin est encore loin surtout quand on est sur le mauvais chemin !Wrong track, go back! La fin est proche, l’anneau est inclus.Dawn is close, ...

Hello all, At Insomni’Hack 2011, we created a challenge dedicated to static reversing of Symbian executables (using SDK S60 Ed3 FP1). Sadly, nobody found the full solution, so we finally decided to put it online for you ...

Last week we attended Insomni’Hack 2011, where our Crypto Girl (Axelle Apvrille) presented  on mobile phone threats. Debriefing of the conference  may be found here and there. Both blog authors highlighted the main goal...

Is Symbian still the leader for smartphone operating systems or not? How far have Android and iPhones penetrated the market? Who’s the leader for smartphone OS: Symbian? BlackBerry? Android? iPhone? A quick search on Inte...

Zitmo is a mobile malware Fortinet has particularly been focusing on since the beginning (see our first blog post and my presentation at ShmooCon 2011) as it is one of the first palpable signs organized criminals show interest ...

Our analyst, Ruchna Nigam, had been analyzing a sample of SymbOS/InSpirit.A!tr. SMS dropped in the victim’s inbox by SymbOS/InSpirit.A!tr A couple of months ago, this malware received some attention in China (for examp...

An Internet Access Point, shortened IAP, is a “a collection of settings that define how a connection to a particular network is made” 1. For example, it stores the Access Point Name (APN) for GPRS networks, the SSID...

During the weekend, in our monitoring of the Zeus botnet, my colleague Kyle Yang stumbled upon an unexpected payload: a brand new mobile malware piece we named SymbOS/Zitmo.A!tr (Zitmo standing for “Zeus In The MObileR...

The analysis of SymbOS/NMPlugin.A!trshows that, once again, a mobile malware was signed using the Symbian’s Express Signed procedure. It is the fourth malware we notice doing so since 2009 (and it is likely I missed a couple). ...

The more I analyze the SymbOS/Album malware, the more it scares me. The main malicious executable, Album.exe, is actually capable of processing incoming commands included in SMS messages sent by the value-added service provide...