Latest Posts | Page 152


On 15th november 2011, Google's mobile operating system Android reached 52.5% of the global smartphone market share. And with it an almost sixfold increase in malware threats. Gartner's share of worldwide 2011 Q2 smartphones sold to end-users by operating system. Fortinet numbers show an increase of 83% for malware creation in 2011 compared to 2010 even though the end of the year has not been reached. ] Number of distinct Android samples received by Fortinet in 2011 The Top 5 malware families, in the number of variants, accounting for nearly... [Read More]
by RSS Karine de Ponteves  |  Nov 23, 2011  |  Filed in: Security Research
Tags:
In the AV industry, one of the golden rules is to make sure that, during analysis, we do not in any way help the malware authors and/or propagate their offspring. This requires special care in the case of malware for mobile phones, because, on the one hand, many of them won't run if the phone is offline, but on the other hand, if the phone is online, the malware is free to call or send SMS messages in the wild without any way to block those actions. So, we thought building our own local GSM operator, using a USRP coupled with a Linux box running... [Read More]
by RSS Axelle Apvrille  |  Nov 16, 2011  |  Filed in: Security Research
Thank you to everyone who tried to solve our FortiChallenge 2k11! We've had way more participants than expected, and two winners : Shirley Chen Nagy Ferenc László Shirley and Nagy found the secret sentence, without even using the hints. A special mention for another participant (StalkR) who tried to solve it in the wake of Insomni’Hack 2011, and managed to reach the md5 collision step. Stay tuned for the official solution! -- the Reverse naM [Read More]
by RSS Alexandre Aumoine  |  Nov 15, 2011  |  Filed in: Security Research
It's high time the Crypto Girl talks about Crypto, isn't it? A few days ago, I analyzed a malicious Opera Updater, named SymbOS/OpFake.A!tr.dial, and was surprised to discover it uses a** 91-byte XOR key** to conceal one of its configuration file. 91 bytes?! Yes, bytes, so 728 bits. This is quite a lot. AES only uses keys up to 256 bits, though I do not mean it would be less secure than this XOR. But it is a first for mobile malware where we had only seen XOR used with a single byte key. Have a look at the disassembled decryption routine below. Actually,... [Read More]
by RSS Axelle Apvrille  |  Nov 08, 2011  |  Filed in: Security Research
Any progress on our FortiChallenge 2k11? After the first clue, here is the second. Just a reminder that the first hint is meant to help you to find the good way with hashes. Don't miss the modification, Crypto Girl hates MD5 for this reason ! By the way, challenge's submission deadline is extended to Nov 13th, 2011. -- The Reverse naM [Read More]
by RSS Alexandre Aumoine  |  Nov 03, 2011  |  Filed in: Security Research
We are pleased to announce Android support for FortiClient Lite. Our beta version is now officially available on the Android Marketplace and features SSL VPN functionality. The FortiClient Android SSL VPN application works with your organization's FortiGate security appliance to establish a secure sockets layer VPN connection. With this application, you can work remotely and securely with your organization's digital assets anywhere and everywhere you have an Internet connection. Key Benefits Flexible, easy and secure access to your organization's... [Read More]
by RSS Derek Manky  |  Oct 28, 2011  |  Filed in: Security Research
Tags:
Much like Ninja Turtles, DroidKungFu now comes in different flavours (5 so far), discovered by Pr. Xuxian Jiang (and research team) and Lookout. If, like me, you are having difficulties keeping track of those variants, this post is for you :) The similarities and differences between all 5 variants are depicted below. The various blocks represent each variant, and their intersection shows how many methods they share exactly*. All variants share the same malicious commands (CMD box). They can download and install new package, start a program (called... [Read More]
by RSS Axelle Apvrille  |  Oct 26, 2011  |  Filed in: Security Research
This concludes my overview of VB2011, with the final notes for the last tasks I attended. Enhancing filtering proactivity with reverse IP and reverse whois queries - Claudiu Musat (presenting) and Alin Octavian Damian The most typical methods to filter spam is by URLs they contain or domain names. The main problem of those methods is the delay the filter becomes active: somebody has to decide that this URL or domain is malicious, and before that decision is made, the spam is not blocked. There are other methods, which seem more proactive: reverse... [Read More]
by RSS Axelle Apvrille  |  Oct 25, 2011  |  Filed in: Security Research
Stuck on our FortiChallenge 2k11? Here's a first hint! Translations: La fin est encore loin surtout quand on est sur le mauvais chemin ! Wrong track, go back! La fin est proche, l'anneau est inclus. Dawn is close, search for the ring. Mon precieux My precious Hint: -6D01BAE018694CDB446DC7EADBA08BE497A8CBE78BCFE91478AB120B4400E357 -ad23ebc59b720eac0979ead3176de3331ddaa1356466ecc8e8c9fb82f62a6dca -BCA85F09D8D174844C5D5B80095E6EF595181AAB0CABA9144324418B9F291645 -3EE90318AA2881118B8C09A777D52129E61760CCAE1EF679C744A25E9EB50789 -5868049FE51A60811D2C75C3B8896B956EE42114C568DE47531E436CEA2E0F77 –... [Read More]
by RSS Alexandre Aumoine  |  Oct 21, 2011  |  Filed in: Security Research
A second life in a virtual environment: from simple socialization to revealing sensitive information - Sabina Raluca Datcu ** Sabina conducted a study on how much security-aware people are likely to reveal on social networks. To do so, she took 50 people from a hacking community, and 50 from the IT security world, and built a fake female profile in both cases with similar interests. She shows that she makes contact with all 100 people over time, and that over time, all 100 people do reveal some personal information to her. Personal information... [Read More]
by RSS Axelle Apvrille  |  Oct 18, 2011  |  Filed in: Security Research
Tags: vb2011