by 
Axelle Apvrille
| December 07, 2012
| Category: Security Research
Axelle Apvrille
| December 07, 2012
| Category: Security Research
Zitmo Attack Scenario - taken from my slides at ShmooCon, January 2011
Zitmo’s attack scenario, taken from CheckPoint’s and VerSafe’s white paper (Dec 2012)
Recently, Check Point and Versafe published a wh...
Read More >>
by Karine de Ponteves
| November 19, 2012
| Category: Security Research
Karine de Ponteves
| November 19, 2012
| Category: Security Research
Feel free to browse through our Zitmo timeline. Please note that variant naming depends on many factors including but not limited to chronology. Hence variant letters (.A) don’t always reflect the order of appearance in t...
by Axelle Apvrille
| June 21, 2012
| Category: Security Research
Axelle Apvrille
| June 21, 2012
| Category: Security Research
A new sample of Zitmo is out, pretending to be an Android Security Suite. Like others in Zitmo, the malware is a SMS spy: it forwards incoming SMS message to a remote server. This particular sample responds to a few basic SMS c...
by Axelle Apvrille
| July 18, 2011
| Category: Security Research
Axelle Apvrille
| July 18, 2011
| Category: Security Research
This is a short update to our prior post concerning Zitmo on Android.
Is this really Zitmo?
This fake Trusteer malware shows several differences with prior Symbian variants, but, for simplicity (and because it’s easy to...
by Axelle Apvrille
| July 08, 2011
| Category: Security Research
Axelle Apvrille
| July 08, 2011
| Category: Security Research
Zitmo has been used by the ZeuS gang to defeat SMS-based banking two-factor authentication on Symbian, BlackBerry and Windows Mobile for a several months (see my ShmooCon slides).
Lately, there’s been an active discussio...
by Axelle Apvrille
| February 23, 2011
| Category: Security Research
Axelle Apvrille
| February 23, 2011
| Category: Security Research
Zitmo is a mobile malware Fortinet has particularly been focusing on since the beginning (see our first blog post and my presentation at ShmooCon 2011) as it is one of the first palpable signs organized criminals show interest ...
by Guillaume Lovet
| January 27, 2011
| Category: Security Research
Guillaume Lovet
| January 27, 2011
| Category: Security Research
Tomorrow starts the quite famous - and ever sold-out - security conference Shmoocon, held in Washington DC until Sunday. The keynote this year will be filled by Peiter Mudge Zatko, inventor of L0phtcrack and early pioneer of ...
by Axelle Apvrille
| November 12, 2010
| Category: Security Research
Axelle Apvrille
| November 12, 2010
| Category: Security Research
A few days ago, an application named ‘SMS Replicator Secret’ was pulled out of the Android market. Like many other spyware of its kind, it silently forwarded incoming SMS messages to a configurable phone number, the...
by Rick Popko
| September 30, 2010
| Category: Security Research
Rick Popko
| September 30, 2010
| Category: Security Research
In the September edition of Security Minute with Fortinet, researcher Derek Manky talks about the most prevalent threats and threat trends plaguing the internet over the last 30 days, including the latest Twitter worm, Zeus and...
by Axelle Apvrille
| September 28, 2010
| Category: Security Research
Axelle Apvrille
| September 28, 2010
| Category: Security Research
While wearing my eyes off on the assembly code of the Symbian malware Zitmo, I had been quite embarrassed not to find any clear link with stealing online banking credentials as the rest of the ZeuS attack seemed to indicate. Th...
by Axelle Apvrille
| September 27, 2010
| Category: Security Research
Axelle Apvrille
| September 27, 2010
| Category: Security Research
During the weekend, in our monitoring of the Zeus botnet, my colleague Kyle Yang stumbled upon an unexpected payload: a brand new mobile malware piece we named SymbOS/Zitmo.A!tr (Zitmo standing for “Zeus In The MObileR...
Twitter
Facebook
LinkedIn
Youtube