Latest Posts | Page 136


As promised, Fortinet's Android challenge begins. hashdays-challenge.apk sha1: 0b12fd28a2d912762d37379e69189cd427eb8bbc sha256: 8acfac2d1646b7689e09aab629a58ba66029b295068ca76cdaccbdc92b4e5ea9 (it's useless to search on the servers, the solution is not there ;) The first one to bring back the correct secret code at Fortinet's booth at Hashdays wins a FortiGate 60C, with AV/IPS/Spam filtering updates for 12 months. You will also be asked to provide a write-up of your solution in the next few days. Prize for #days challenge: a personal UTM... [Read More]
by RSS Axelle Apvrille  |  Oct 29, 2012  |  Filed in: Security Research
While I was reviewing last month Wildlist samples, I found out W32/Lethic was still alive. Although being one of World's topmost spambot, it seems to stick with the "KISS" principle (aka: Keep It Simple, Stupid). Comparing to contemporary malware, Lethic looks small, and low-profile. Almost feeble... Which may be the secret of its longevity. It's so simple that displaying its data structures suffices to reveal its structure, and to partly understand how it operates: Figure 1, Coding Structures Lethic operates in two distinct steps: first injection,... [Read More]
by RSS Dong Xie  |  Oct 26, 2012  |  Filed in: Security Research
Tags: spambot
As you may know, Fortinet will be at Hashdays 2012. And the reverse naM and I have designed a challenge for you. As it is a difficult challenge [subtle sentence to pique your curiosity] we will be opening the contest a few days before the conference. Check our blog on Monday October 29, 2012. The first person to come at Fortinet's stand at #days with the right code wins a top notch small office / home UTM Firewall: a Fortigate 60C, full bundle for 12 months! Prize for #days challenge: a personal UTM firewall FortiGate 60C -- the Crypto Girl PS.... [Read More]
by RSS Axelle Apvrille  |  Oct 23, 2012  |  Filed in: Security Research
In a previous post, I mentioned the new scheme used by the author of Android/Fakemart to make money. Basically, the trick consisted of infecting phones to silently and automatically register to play an online quiz and then steal the winning prize. When the online quiz required a captcha, the malware would solve it with OCR. Yesterday, we learned that the author has been identified, a 20-year old man in Amiens, France. We know his fraud was active for a few months starting at the end of 2011. From the number of SMS messages to the author's lines... [Read More]
by RSS Axelle Apvrille  |  Oct 19, 2012  |  Filed in: Security Research
It’s a rare month that we don’t see the term Advanced Persistent Threat grace news headlines, wreaking havoc on nuclear power facilities, Iranian intelligence agencies and international banking systems.In recent months, the term APT has seemed to take center stage, drilled into our everyday vernacular as researchers continue to discover new and increasingly sophisticated threats one after the other. And like sequels to a blockbuster movie, each successor seems bigger and badder, with more special effects. The metaphor isn’t too far from... [Read More]
by RSS Stefanie Hoffman  |  Sep 27, 2012  |  Filed in: Industry Trends
Network World and Fortinet's monthly discussion of security issues for IT pros has Keith Shaw from IDG Enterprise chatting with Derek Manky, North American threat researcher for Fortinet. This month's episode jumps into Windows 8 security features worth looking at, why it's probably better to upgrade from an earlier Windows version, and what's going on with the near-field communications hack discovered on the Samsung Galaxy S III smartphone. [Read More]
by RSS Rick Popko  |  Sep 25, 2012  |  Filed in: Industry Trends
Tags:
Another Android malware is currently in the wild in France, as we have recently discovered. This malware poses as a Flash Player installer and steals your incoming SMS messages by forwarding them to a remote server. We have named it Android/Fakelash.A!tr.spy. Contrary to many Android malware which are downloaded from underground or legitimate marketplaces (see here, here, here, here... ), this one is propagating via a link in a SMS. For example, the victim below complains he received an SMS from 10052 saying "For proper function of your device,... [Read More]
by RSS Axelle Apvrille  |  Sep 21, 2012  |  Filed in: Security Research
While going through our regular (and never-ending) supply of malicious Android samples, we came across an interesting variant a couple of days back. Like most Android Trojans these days, the piece of malware benefits by sending out SMS messages from the victim's phone, monitoring incoming SMS messages and selectively blocking certain messages. This particular variant, however, has earned itself a notorious reputation after having infected 500,000 Android users in China. The Trojan comes in the form of wallpaper application package files (APKs),... [Read More]
by RSS Ruchna Nigam  |  Sep 18, 2012  |  Filed in: Security Research
In June 2008, Microsoft officially announced that it planned to discontinue support for its popular but aging Windows XP operating system by April 2014. To many system administrators’ chagrin, the move will galvanize many organizations to begin migrating to newer operating systems, such as Windows 7 or the much anticipated and soon-to-be-released Windows 8. Unfortunately, during this process, legacy XP systems will become increasingly vulnerable to zero-day attacks and other security threats. The sudden absence of support for XP leaves a void... [Read More]
by RSS Stefanie Hoffman  |  Sep 13, 2012  |  Filed in: Industry Trends
Tags:
Recently, a new trojan named Android/Fakemart caught our attention as it is operating in France, where our EMEA labs are located. The malware poses as a Winamp Pro application or a Black Market application (Black Market is an alternative to Android's Google Play market) but has none of its functionalities. Instead, it sends SMS messages to premium phone numbers - at the victim's expense - and contacts a few remote servers. See details here. Sending SMS to premium phone numbers is a common method among mobile malware to make money. At one point... [Read More]
by RSS Axelle Apvrille  |  Sep 03, 2012  |  Filed in: Security Research