FortiGuard Labs | Page 4


This was my first time at DefCamp in Romania, and it was definitely a good experience. DefCamp was an interesting mixture of not so technical talks (but with acute insights) and technical ones. Among the "not so technical" ones, I liked the following: Do Tinder bots dream of electric toys? Tinder is a match-making/dating application. Inbar Raz decided to test it. He created a profile according to online guidelines (images with animals, images looking official, etc.) and quickly got many matches. But...it turned out that they... [Read More]
by RSS Axelle Apvrille  |  Nov 18, 2016  |  Filed in: Security Research
Summary We recently found an Android banking malware masquerading as an email app that targets several large German banks. This banking malware is designed to steal login credentials from 15 different mobile banking apps for German banks. It also has the ability to resist anti-virus mobile apps, as well as hinder 30 different anti-virus programs and prevent them from launching. Install the malware The malware masquerades as an email app. Once installed, its icon appears in the launcher, as shown below. Figure 1. Malware App Icon   Figure... [Read More]
by RSS Kai Lu  |  Nov 18, 2016  |  Filed in: Security Research
This is our third week of the roundup, and things in the cyberthreat world continue to be interesting, including the return of several attacks we have seen for years. Here’s a quick summary of what happened this week. 1. It’s Still About Ransomware. While last week’s spike seems to have calmed down, we are still seeing an alarming amount of ransomware. This week our top 10 detections were all Javascript-based variants of Nemucod, with nearly 7 million attempts logged. It seems like attackers are producing a new Nemucod variant... [Read More]
by RSS Bill McGee  |  Sep 09, 2016  |  Filed in: Industry Trends
For those of you who don’t know, Fortinet publishes a threat intelligence roundup every Friday, the Fortinet Threat Intelligence Brief, that reviews new threats and trends. It is a treasure trove of analysis and information that ought to be part of your regimen every Friday. This week is no exception. Here are a couple of teasers and takeaways: 1. Ransomware isn’t going away any time soon. Every time organizations think they have a handle on this, ransomware developers come up with a new variant designed to evade detection.... [Read More]
by RSS Bill McGee  |  Aug 26, 2016  |  Filed in: Industry Trends, Security Research
Our automated crawling and analysis system, SherlockDroid / Alligator, has just discovered a new Android malware family, on a third party marketplace. Figure 1: Part of SherlockDroid report. Android/BadMirror sample found as suspicious The malware is an application whose name translated to "Phone Mirror". Because it is malicious, we have dubbed it 'BadMirror'.  The malware sends loads of information to its remote CnC (phone number, MAC adddress, list of installed applications...) - see Figure 2 - but it also has... [Read More]
by RSS Axelle Apvrille  |  Mar 07, 2016  |  Filed in: Security Research
It’s an annual tradition that security vendors and pundits alike can’t resist: threat predictions for the coming year. However, this is much more than an exercise in crystal ball gazing. Vendors need to accurately predict changes in the threat landscape to design products that effectively address emerging issues. Organizations need to plan appropriate defenses and deploy countermeasures before a novel attack occurs instead of trying to pick up the pieces afterwards.   So what are the trends beyond the buzzwords? Fortinet’s... [Read More]
by RSS Derek Manky  |  Nov 24, 2015  |  Filed in: Industry Trends
Vawtrak, also known as Neverquest, is a banking trojan that is capable of bypassing 2FA (two factor authentication) on some financial institutions. It is also one of your typical information stealer. One of the main strengths of Vawtrak is its use of layering techniques within its code. Within its layers, Vawtrak employs different armoring strategies such as Anti-Emulator, Anti-Debugger, Anti-Analysis, Encryption/Decryption/Hashing, Compression/Decompression, Garbage collection, and Code injection. TOR 101 The Onion Router, or simply known... [Read More]
by RSS Raul Alvarez  |  Jun 05, 2015  |  Filed in: Industry Trends
SPSS is one of the most widely used statistical analysis packages in the world. It was first released in 1968 and gained considerable traction among social sciences researchers. It grew steadily in popularity, especially among academics, but when IBM bought SPSS in 2009, the company made substantial inroads with business customers looking to add predictive analytics to their capabilities. Bottom line, SPSS users are often dealing with a lot of valuable intellectual property, from proprietary research to big data. This is what makes the vulnerability... [Read More]
by RSS Alex Harvey  |  May 18, 2015  |  Filed in: Industry Trends
An exciting announcement made at RSA 2015 was the strategic partnership between Fortinet and Exodus Intelligence (featured recently on the cover of Time magazine). This relationship is designed to facilitate information sharing between the two organizations, to further protect enterprises across the globe from looming cyber threats. The combination of Fortinet’s FortiGuard Labs' broad threat research coverage and the unique expertise Exodus provides on the latest emerging zero-day threats, brings a significant benefit in gaining premptive... [Read More]
by RSS Jonas Tichenor  |  May 06, 2015  |  Filed in: Industry Trends
There is so much marketing buzz around Threat Intelligence (TI) these days. The problem is, TI is a such a broad term and with the multitude of TI services offered in the market, many businesses are oftentimes confused as to what services to purchase and if they should even be looking at Threat Intelligence Services to begin with. Once the decision is made regarding the need for TI, how then do they go about choosing the right service for their organization? What constitutes a good threat feed? Is Threat Intelligence just for big business or can... [Read More]
by RSS Michael Perna  |  Apr 28, 2015  |  Filed in: Industry Trends