Security Research | Page 65

Our monthly Threat Landscape report is out for September, discussing many threats including Bredolabs, Scareware, and ZBot. For distribution through email, Bredolabs chose fake invoices from DHL/UPS, while ZBot disguised malicious links (all under the European Union ccTLD "EU") as a tax scare from the IRS. Of course, no report would be complete without highlighting email scams and breaking vulnerabilities, as summarized below: The Bredolab botnet continued aggressively this period with the rise of W32/Bredo.G, which began on September 17th and... [Read More]
by RSS Derek Manky  |  Sep 24, 2009  |  Filed in: Security Research
Last week Fortinet's vice president of Federal operations, Jeff Lake, participated in a webcast hosted by BreakingPoint Systems on cyber security and defense in depth. Other participants included Dennis Cox, BreakingPoint CTO, and Bruce Brody, managing partner and executive vice president of VISKO. As reported on the BreakingPoint blog, the team discussed the following points: Best practices for planning defense in depth The important role of training in securing your network How to break through the current "clique" of security professionals... [Read More]
by RSS Rick Popko  |  Sep 22, 2009  |  Filed in: Security Research
Links to malicious websites have frequently been used along with news headlines to provide an attractive lure to end users. The strategy is simple, and is quite effective due to its popularity. Most users can associate with recent news headlines, whether it be from a newsflash on TV, the radio, or simply talk at the water-cooler. Because of this, references to this content (in the form of links via e-mails or SEO campaigns) seem legitimate in nature, creating a false sense of security. Even worse, in the case of the latter - blackhat SEO campaigns... [Read More]
by RSS Derek Manky  |  Sep 16, 2009  |  Filed in: Security Research
At next week's Virus Bulletin VB2009 conference in Geneva, four members of the FortiGuard Global Security Research Team will be among the experts sharing their expertise on the topic of anti-malware. This is the fourth consecutive year that members of Fortinet's seasoned research team have been on the roster of the event, which is in its 19th year. Only 38 of more than 160 proposals were selected by the VB2009 committee for this year's conference program. That said, here are the presentations to check out: "Fighting cybercrime: technical, juridical... [Read More]
by RSS Rick Popko  |  Sep 15, 2009  |  Filed in: Security Research
Malicious links through instant messaging protocols are nothing new (think IM worms), however, recent attacks have been launched that leverage the popularity of social networking sites. I investigated a new link reported to be spreading through MSN, which is simple, yet potentially quite effective given the popularity of social networking sites and the ongoing use of instant messaging clients nowadays. The message (see Figure 1 below) read: "Hey, is this you?? haha :P http://facebook-photo/viewimage.php?". The last part of the link, a parameter... [Read More]
by RSS Derek Manky  |  Sep 11, 2009  |  Filed in: Security Research
Is there an upside to Payment Card Industry (PCI) compliance? In an interview with Kim Nguyen, Jason Wright, CISSP, reviews several security solutions that can help organizations achieve compliance. He also reveals an upside for those who may be frustrated by these industry mandates. [display_podcast] (Click the picture to watch the video) [Read More]
by RSS Rick Popko  |  Sep 09, 2009  |  Filed in: Security Research
Just happened to review our signature against virut-infected Web pages, and I would say, the infection is still very active until now. W32/Virut.CE is known to infect Web pages (HTML, ASP, and PHP) by injecting malicious iframe that redirects visiting users to Web sites serving malicious PDF and SWF files with different kinds of exploits. However, Virut is not the only agent of this iframe injection. Just minutes ago, I've searched a couple of infected Web sites specific for this injection compromise, and here's a good example. Figure 1 shows... [Read More]
by RSS Rex Plantado  |  Sep 01, 2009  |  Filed in: Security Research
There has been a lot of confusion lately concerning the SymbOS/Yxes worm. Among those, it has now dawned on me the so-called Transmitter.C reported in numerous articles on the net (for instance, here and here), is not sexySpace.sisx (detected as SymbOS/Yxes.E!worm): those are two different malware. Why ? As a matter of fact, several issues startled me (ordered from weakest to strongest point): Transmitter.C is reported to send a massive amount of SMS messages (they are talking about 500 SMS). If Transmitter.C is Yxes.E, it is surprising because... [Read More]
by RSS Axelle Apvrille  |  Aug 26, 2009  |  Filed in: Security Research
A team of British eccentrics has broken the 103-year-old record for a steam-powered car, previously standing at 127mph. The record now stands at close to 140mph, but with the super heated steam being injected into the turbine at more than twice the speed of sound, there is clearly more to the speed of the car than the speed of the steam. The good news about all this is that it does give us an excuse to look at the speed of security devices. Picking up your favourite data sheet, you can see speeds quoted based on link speeds, up to values... [Read More]
by RSS Darren Turnbull  |  Aug 26, 2009  |  Filed in: Security Research
Total detected malware volume continued a climbing trend this period, posting the highest levels detected to date this year. On top of this steep incline, highlighted since March 2009, the amount of distinct variants (malicious pieces of code) has also continued to gradually increase. Several malware attack waves were evident this period, most notably on the 24th of July when a huge surge of ZBot activity occurred through HTML/Agent.E!tr. In fact, this particular campaign posted record detection levels for a single-day run, surpassing that of the... [Read More]
by RSS Derek Manky  |  Aug 25, 2009  |  Filed in: Security Research