Latest Posts | Page 156

Some time ago, we came across a new Windows Mobile Trojan dialer named WinCE/Terdial!tr.dial. Under the cover of a FPS game (Antiterrorist 3D) or a Windows Mobile codec package (, this Trojan actually has the victim's phone call international premium rate phone numbers (IPRN), i.e phone numbers for which a given service is provided and, of course, higher prices are charged ;). More information is available in our Virus Encyclopedia, or just search the web for numerous alerts on the matter. On my side, I have been playing Sherlock... [Read More]
by RSS Axelle Apvrille  |  May 17, 2010  |  Filed in: Security Research
[Read More]
by RSS Rick Popko  |  May 12, 2010  |  Filed in: Security Research
Recently, Facebook unveiled its strategy to conquer the web. The company introduced a new kind of plugin deemed "Social Plugins", essentially allowing third-party "partner" sites to access your Facebook profile information upon visiting them -- in order to "improve your experience". While the idea is great, from a webmaster's point of view, there are obvious privacy concerns for Facebook users. The first week, about 50,000 third parties websites had already integrated it. It adds up to the recent changes at Facebook's policies, implying that... [Read More]
by RSS David Maciejak  |  May 12, 2010  |  Filed in: Security Research
Although it is not a new idea to run an executable from within a PDF, the researcher Didier Stevens present a trick technique to make it more practical, "in the real world". In this post I will dissect a PDF document using this trick (MD5: 1dcd4a3f5d05433fcebf88d9138a1966), indeed found in the wild. As one of vendors affected, Adobe was investigating this issue and give a temporary solution. But no patch is available yet. In fact there maybe no patch at all... and although CVE number CVE-2010-1240 is assigned for this issue, Some people think it... [Read More]
by RSS Bin Liu  |  May 04, 2010  |  Filed in: Security Research
Our latest Threat Landscape Report is up, and for the second time in a row, MS.IE.Userdata.Behavior.Code.Execution (CVE-2010-0806) remained our second-most detected malicious network activity. Thankfully, this was patched out of band by Microsoft on March 30th via MS10-018. However, we detected the most significant in-the-wild activity for this threat prior to the patch - when the vulnerability remained in its zero-day state (a window of at least 21 days). In fact, as of writing, one of the malicious domains attacking this vulnerability still remains... [Read More]
by RSS Derek Manky  |  May 03, 2010  |  Filed in: Security Research
As I'm specializing in mobile malware, lately I really could not miss the bunch of articles concerning an alleged iPad virus. It's just everywhere, with titles such as "iPad attacked by virus", "early iPad virus strikes users", "iPad hardly out and already hacked", "First virus for the iPad", "iPad suffers virus attack" or pictures of an iPad with the words "iPad virus". So scary. The problem with all those titles is that ... there is NO iPad virus at all. This is all about a Windows virus that lures iPad owners into executing a malware on their... [Read More]
by RSS Axelle Apvrille  |  May 03, 2010  |  Filed in: Security Research
People frequently ask me about certifications and what they all mean. Here at Fortinet, we realize that looking at marketing specs or documentation isn’t always enough when you’re looking for the ideal security solution. After all, just because it looks good on paper doesn’t mean it’s the right product for you, right? So, we invest a lot of time getting our firmware and hardware products certified on a regular basis. This is why we know it’s important to invest in third-party certifications, and make it a regular part of our development... [Read More]
by RSS Langley Rock  |  Apr 29, 2010  |  Filed in: Security Research
In a recent Inland Revenue scam, the FortiGuard Global Security Research Team uncovered a great deal of potentially compromised data, including credit card and bank details. While Fortinet took steps to secure this data, it provided a unique opportunity to collect statistics on the people most likely to succumb to such scams and to uncover the reasons why people would divulge such critical personal data when requested in the most basic of scam emails. The research showed that: The offer of money is the biggest driver in divulging critical... [Read More]
by RSS Carl Windsor  |  Apr 27, 2010  |  Filed in: Security Research
So you have your firewall in place and all is working great. You are collecting logs on everything that you need to keep an eye on. But then the problems start. You know something unexpected is happening in the network but what is it? You can look through all that data trying to find the problem, but this can become quite tedious and analogous to looking for the proverbial needle in a haystack. This is where a picture can greatly help; a chart to be specific. A chart can help for continuous monitoring and alert you to abnormal data patterns... [Read More]
by RSS Jeff Crawford  |  Apr 15, 2010  |  Filed in: Security Research
On Symbian phones, most malware are either implemented natively in C++ (over the Symbian API) or in Java (midlets). SymbOS/Enoriv.A!tr.dial uses another language called m. Usually, m scripts (.m extension) are run within the m environment, (mShell) using the various features offered by m library modules (messaging, obex, video, zip...). This is comparable to Java midlets, which run over a Java environment and use various Java API packages. The m scripts can also be compiled to be included in a stand-alone Symbian application. In that case, the... [Read More]
by RSS Axelle Apvrille  |  Apr 13, 2010  |  Filed in: Security Research