windows


A Windows 2003 RDP Zero Day Exploit In this blog, the FortiGuard team takes a look at Esteemaudit, which is an exploit that was included in the set of cybertools leaked by the hacker group known as "Shadow Brokers." They claim that they collected this set of cybertools from the compromised data of "Equation Group," a threat actor alleged to be tied to the United States National Security Agency (NSA). Esteemaudit is a Remote Desktop Protocol (RDP) exploit that targets Microsoft Windows Server 2003 / Windows XP. The vulnerability... [Read More]
by RSS Dehui Yin  |  May 11, 2017  |  Filed in: Security Research
This is the second part of FortiGuard Labs’ deep analysis of the new Emotet variant. In the first part of the analysis we demonstrated that by bypassing the server-side Anti-Debug or Anti-Analysis technique we could download three or four modules (.dll files) from the C&C server. In that first blog we only analyzed one module (I named it ‘module2’). In this blog, we’ll review how the other modules work. Here we go. [Read More]
by RSS Xiaopeng Zhang  |  May 09, 2017  |  Filed in: Security Research
Background Last week, FortiGuard Labs captured a JS file that functions as a malware downloader to spread a new variant of the Emotet Trojan. Its original file name is Invoice__779__Apr___25___2017___lang___gb___GB779.js.  A JS file, as you may be aware, is a JavaScript file that can be executed by a Window Script Host (wscript.exe) simply by double-clicking on it. In this blog we will analyze how this new malware works by walking through it step by step in chronological order. A JS file used to spread malware The original JS code... [Read More]
by RSS Xiaopeng Zhang  |  May 03, 2017  |  Filed in: Security Research
In the blog we posted on March 22, FortiGuard Labs introduced a new Word Macro malware sample that targets both Apple Mac OS X and Microsoft Windows. After deeper investigation of this malware sample, we can confirm that after a successful infection the post-exploitation agent Meterpreter is run on the infected Mac OS X or Windows system. Meterpreter is part of the Metasploit framework. More information about Meterpreter can be found here. For this to work, the attacker’s server must be running Metasploit as the controller to control the... [Read More]
by RSS Chris Navarrete & Xiaopeng Zhang  |  Mar 29, 2017  |  Filed in: Security Research
I've kept more than my share of legacy systems alive over the years. Sometimes they've running applications that aren't compatible with newer operating systems. More often, there simply isn't the time or money to deal with an upgrade. But with the end of support for Microsoft Server 2003 coming and going this week, I can't help but wonder at the sheer number of businesses still running the OS or what appears to be a general sense of apathy over its end of life.     As Fahmida Rashid over at PCMag put it, "...Windows... [Read More]
by RSS Chris Dawson  |  Jul 17, 2015  |  Filed in: Industry Trends & News
[Read More]
by RSS Michael Perna  |  Nov 14, 2014  |  Filed in: Industry Trends & News
A few months ago, Tinba’s source code was leaked in the wild. It is now inevitable that a different and enhanced version of it is out there. Tinba, also known as Tiny Banker, made its debut a couple of years ago. Though it is small, it is capable of doing what its big brothers can do. For more details on some of its features, you can read my article posted on Virus Bulletin. 64-bit Injected Code As expected, we have seen some new changes added to the original malware. Tinba is now capable of injecting its code into a 64-bit running process. The... [Read More]
by RSS Raul Alvarez  |  Oct 06, 2014  |  Filed in: Security Research
[Read More]
by RSS Michael Perna  |  May 24, 2014  |  Filed in: Industry Trends & News
[Read More]
by RSS Michael Perna  |  Apr 12, 2014  |  Filed in: Industry Trends & News
Guillaume Lovet, senior manager of Fortinet's EMEA FortiGuard Labs On April 8, 2014, Microsoft will stop support for Windows XP even while its market share is still high (29.53% in February 2014 according to Net Applications). What will be the security impact of this decision? In practical terms, computers that are still running Windows XP after this date will no longer receive updates including those to address security vulnerabilities of the operating system. Whether you are an individual or a company, is it certain that you will become the favorite... [Read More]
by RSS Guillaume Lovet  |  Mar 20, 2014  |  Filed in: Industry Trends & News