Security Research | Page 59

Fortinet is conducting a 2010 network security survey. Completing the 15 multiple choice questions automatically enters takers into a drawing for a chance to win one of three new Apple iPads. By taking this survey, you are helping us better understand what the users see as significant trends that are occurring in the security industry. While your answers will remain anonymous, we ask for your email at the end of the survey so that you can be notified should you be one of the three lucky iPad winners. Winners will be announced in August. Questions... [Read More]
by RSS Rick Popko  |  May 26, 2010  |  Filed in: Security Research
Waiting for the next transit flight is usually particularly boring, except in a very few circumstances. I was lucky, as this is what happened while I was on my way to CONFIDENCE 2010 in Krakow: I am always amused by such errors, especially when they occur in others' code and in unexpected situations. In that particular case, I wonder what happened to nsclient++.exe (a 'secure' monitoring daemon) - apart from obviously a NULL pointer issue - and how this error message is supposed to be of any help to passengers. Well, of course, maybe this was... [Read More]
by RSS Axelle Apvrille  |  May 25, 2010  |  Filed in: Security Research
It's a little known fact that the month of May is actually Zombie Awareness Month. While many pay homage with movie marathons and even reenacting zombie activities (well, some zombie activities) during pub crawls and horror conventions, we thought we’d give you some life-saving details on how to stop a different kind of zombie… The Zombie Computer! While an infected zombie computer won't eat your brains for sustenance, they can still inflict a great deal of pain and misery to computer users. A zombie computer allows an unauthorized person... [Read More]
by RSS Rick Popko  |  May 20, 2010  |  Filed in: Security Research
Some time ago, we came across a new Windows Mobile Trojan dialer named WinCE/Terdial!tr.dial. Under the cover of a FPS game (Antiterrorist 3D) or a Windows Mobile codec package (, this Trojan actually has the victim's phone call international premium rate phone numbers (IPRN), i.e phone numbers for which a given service is provided and, of course, higher prices are charged ;). More information is available in our Virus Encyclopedia, or just search the web for numerous alerts on the matter. On my side, I have been playing Sherlock... [Read More]
by RSS Axelle Apvrille  |  May 17, 2010  |  Filed in: Security Research
[Read More]
by RSS Rick Popko  |  May 12, 2010  |  Filed in: Security Research
Recently, Facebook unveiled its strategy to conquer the web. The company introduced a new kind of plugin deemed "Social Plugins", essentially allowing third-party "partner" sites to access your Facebook profile information upon visiting them -- in order to "improve your experience". While the idea is great, from a webmaster's point of view, there are obvious privacy concerns for Facebook users. The first week, about 50,000 third parties websites had already integrated it. It adds up to the recent changes at Facebook's policies, implying that... [Read More]
by RSS David Maciejak  |  May 12, 2010  |  Filed in: Security Research
Although it is not a new idea to run an executable from within a PDF, the researcher Didier Stevens present a trick technique to make it more practical, "in the real world". In this post I will dissect a PDF document using this trick (MD5: 1dcd4a3f5d05433fcebf88d9138a1966), indeed found in the wild. As one of vendors affected, Adobe was investigating this issue and give a temporary solution. But no patch is available yet. In fact there maybe no patch at all... and although CVE number CVE-2010-1240 is assigned for this issue, Some people think it... [Read More]
by RSS Bin Liu  |  May 04, 2010  |  Filed in: Security Research
Our latest Threat Landscape Report is up, and for the second time in a row, MS.IE.Userdata.Behavior.Code.Execution (CVE-2010-0806) remained our second-most detected malicious network activity. Thankfully, this was patched out of band by Microsoft on March 30th via MS10-018. However, we detected the most significant in-the-wild activity for this threat prior to the patch - when the vulnerability remained in its zero-day state (a window of at least 21 days). In fact, as of writing, one of the malicious domains attacking this vulnerability still remains... [Read More]
by RSS Derek Manky  |  May 03, 2010  |  Filed in: Security Research
As I'm specializing in mobile malware, lately I really could not miss the bunch of articles concerning an alleged iPad virus. It's just everywhere, with titles such as "iPad attacked by virus", "early iPad virus strikes users", "iPad hardly out and already hacked", "First virus for the iPad", "iPad suffers virus attack" or pictures of an iPad with the words "iPad virus". So scary. The problem with all those titles is that ... there is NO iPad virus at all. This is all about a Windows virus that lures iPad owners into executing a malware on their... [Read More]
by RSS Axelle Apvrille  |  May 03, 2010  |  Filed in: Security Research
People frequently ask me about certifications and what they all mean. Here at Fortinet, we realize that looking at marketing specs or documentation isn’t always enough when you’re looking for the ideal security solution. After all, just because it looks good on paper doesn’t mean it’s the right product for you, right? So, we invest a lot of time getting our firmware and hardware products certified on a regular basis. This is why we know it’s important to invest in third-party certifications, and make it a regular part of our development... [Read More]
by RSS Langley Rock  |  Apr 29, 2010  |  Filed in: Security Research