Security Research


At the beginning of February 2018, FortiGuard Labs collected an email. The email message contains an order tracking number with a fake hyperlink that downloads a jar malware. After a quick analysis, I was able to determine that it is the jRAT/Adwind malware. [Read More]
by RSS Xiaopeng Zhang  |  Feb 16, 2018  |  Filed in: Security Research
On 6th December 2017, FortiGuard Labs discovered a compromised website - acenespargc[.]com. Looking into the source code, we noticed a suspicious encrypted script which the uses eval() function to convert all the characters into numbers. We used a tool called CharCode Translator to reverse the numbers back into characters. We were then able to retrieve a link which redirects to a scam page or phishing website. Part 1   Part 2 The above is just a simple example. The threat actor can actually... [Read More]
by RSS Eric Chong  |  Feb 07, 2018  |  Filed in: Security Research
Satori, a Mirai based IoT bot, has been one of the most actively updated exploits in recent months. It is believed that the hacker behind this bot is also the author of other Mirai variants, known as Okiru, and Masuta. FortiGuard Labs researchers recently observed a new Satori version that had added a known exploit chain (one which had been used in the past by the Persirai bot) to enable it to spread to vulnerable devices, particularly, wireless IP cameras that run a vulnerable custom version of the GoAhead web server. [Read More]
by RSS David Maciejak, Jasper Manuel and Rommel Joven  |  Feb 02, 2018  |  Filed in: Security Research
Educational institution networks continue to be a favorite playground for cybercriminals. Because of the age and interests of the majority of educational users, these networks tend to incorporate cutting edge technologies and strategies. [Read More]
by RSS Tony Giandomenico  |  Jan 31, 2018  |  Filed in: Industry Trends, Security Research
Over the last few weeks, ASUS released a series of patches aimed at addressing a number of vulnerabilities discovered in their RT routers running AsusWRT firmware. The models listed at the end of this post are known to be vulnerable. If you are not sure which model or firmware you are using, I recommend double-checking the ASUS support website to get the latest information and updates. [Read More]
by RSS David Maciejak  |  Jan 30, 2018  |  Filed in: Security Research
In addition to establishing an aggressive and proactive patch-and-replace protocol, it is essential that organizations have layers of security in place designed to detect malicious activity and malware, and to protect vulnerable systems. [Read More]
by RSS FortiGuard SE Team  |  Jan 30, 2018  |  Filed in: Security Research
The first Okiru sample appeared around October 2017 ,and FortiGuard Labs created a write up of its development last December, which included worm capabilities and the embedding of two different exploits. As a follow up, we will now share our findings on the latest Okiru variant that targets ARC processors. [Read More]
by RSS Rommel Joven & David Maciejak  |  Jan 25, 2018  |  Filed in: Security Research
One of the key features of Microsoft‘s patches is the “Kernel Virtual Address Shadow” (a term coined by Microsoft), or KVAS for short. This feature effectively blocks the Meltdown attack, as it leaves very little kernel memory accessible to user mode code. In this blog post we provide a deep dive analysis of this feature. [Read More]
by RSS Minh Tran  |  Jan 25, 2018  |  Filed in: Security Research
Fortinet FortiGuard Labs has come across a ransomware that only accepts Monero – an open source cryptocurrency created in 2014 – for payment, signaling a shift away from the widely used and accepted standard Bitcoin in the ransomware space. Ransomware authors are aware of current trends and events, and appear to be taking advantage of all the hype surrounding the cryptocurrency craze. [Read More]
by RSS FortiGuard SE Team  |  Jan 22, 2018  |  Filed in: Security Research
In this blog post, we will get into the details of the implementation of Spectre, the exploit that targets the vulnerbilities found in CPUs built by AMD, ARM, and Intel. We assume you are familiar with the concept of the attack, and you can inspect the Proof of Concept source code provided in the Appendix of the paper linked above. You might also find it easier to read this blog post with the source code side by side. [Read More]
by RSS Axelle Apvrille  |  Jan 17, 2018  |  Filed in: Security Research