GLOBAL SECURITY ADVISOR RESEARCH BLOG

Password Best Practices

Tue, 24 Jan 2012 18:17:51 GMT

Often the disclosure of a password is no fault of our own but rather the result of a website or application compromise. Use these tips to develop a password management strategy that will dramatically decrease your overall risk if any one of your passwords is compromised. Hopefully the next time you have to create a strong password it won't take nearly as long to think up something secure.

Ransomware Exploits the Italian Police

Mon, 19 Dec 2011 23:12:31 GMT

Today, Total Defense Research Team was informed of new ransomware circulating among Italian users pretending to be an official statement by the Italian Police. This malware is spread by drive-by-download through websites compromised with malicious JavaScript code.

Detailed analysis of malware sample removed from android market

Tue, 13 Dec 2011 00:00:00 GMT

Earlier yesterday, a few SMS Trojans were found in Android Market and subsequently removed from the market place. In this blog post, we will be demonstrating some of the interesting behaviours uncovered through dynamic analysis.

The woes of a Physical Security breach

Fri, 09 Dec 2011 00:00:00 GMT

This blog is written to emphasize the importance of physical security in this current day and age. I myself am a victim to a recent physical security breach that happened with Lucky Superstores in the United States, which has resulted in the theft of debit card details of many of its customers. It has been confirmed that more than 20 stores are affected through the 500 or more self-checkout...

New Zero-Day Attack in Adobe Products (CVE-2011-2462)

Thu, 08 Dec 2011 00:00:00 GMT

Recently, Adobe has released a new security advisory, APSA11-04, alerting users about a critical vulnerability in Adobe Reader and Acrobat. The U3D memory corruption vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. This means that the malicious files could be downloaded or dropped on the affected system. Adobe is in the...

‘Duqu’ 0-day exploit gets a temporary fix

Tue, 08 Nov 2011 00:00:00 GMT

Not long ago, the malware called Stuxnet made its foray into the world of Internet capturing people's attention. This was the first malware of its kind which embodied payload that impacted not only software running on infected machines but also affected attached Industrial processes. This malware's impact was very unique, targeted and revolutionary in nature. In September 2011, a new malware...

Analysis of an Android Malware family doing multi impersonations

Mon, 03 Oct 2011 00:00:00 GMT

Last week, we have blogged about an Android malware that was impersonating as a popular browser (http://totaldefense.com/securityblog/2011/09/23/The-SMSer-Trojan-Returns-as-Fake-Browser-Again.aspx). This time we present the analysis of another interesting Android malware to highlight its noteworthy features that users need to be aware of. This sample shows how easily such kind of impersonating...

Mac OS X Threat Disguises as Adobe Flash Player Installer

Wed, 28 Sep 2011 00:00:00 GMT

Another new Mac OS X Threat has been discovered and disguises as Adobe Flash Player Installer. Like other malware, it also uses social engineering tricks to lure users to download the malware. Once the user unknowingly visited a malicious website to watch a video, it will prompt the user that the Adobe Flash plugin has crashed

Mac OS X Threat Masquerading as a PDF Document

Tue, 27 Sep 2011 00:00:00 GMT

A new Mac OS X Threat has been discovered masquerading as an innocent PDF document with a controversial topic. It is implementing one of the techniques used by windows malware to hide its malicious activity. When the Mac malware is executed, it attempts to drop and execute a non-malicious PDF file in the /tmp folder [Figure 1]. The PDF file and the content is intended to distract the user and...

The SMSer Trojan returns as Fake Browser Again.

Fri, 23 Sep 2011 00:00:00 GMT

A few months ago, we blogged about an increasing trend of SMSer Trojans disguising themselves as popular browser applications targeting the users of smart phones with support for J2ME. For the past few days, we have been observing a similar trend in the influx of SMSer Trojans posing as browser applications in our sample processing channels. However this time, they are actually targeting Android...

The Case of Spitmo, Analysis with Andbug and Profiler.

Tue, 13 Sep 2011 21:44:02 GMT

A few weeks ago, we have witnessed Zitmo arriving to Android landscape http://totaldefense.com/securityblog/2011/08/29/ZBot-Targeting-Android-Users.aspx. As it was widely predicted earlier, fellow researchers at Trusteer discovered that now Spitmo emerges for the Android platform. We, like the worldwide research community, have taken the the growth of Android malware very seriously.

Free Facebook t-shirts at the cost of your Personal Information?

Fri, 09 Sep 2011 16:06:41 GMT

Free Facebook t-shirts at the cost of your Personal Information? Just like the many other social-engineering spam attacks observed on Facebook, the recent one which offers victims free t-shirts as its 7th Anniversary special gift, seem to have gained quite a bit of popularity. If stats are to be believed, [Figure 1, courtesy hacker9] quite a few people have fallen victim to this like-jacking...

Stay Safe With Your Twitter Account.

Fri, 09 Sep 2011 00:00:00 GMT

Twitter is a nice social network that allows you to send very quick messages to your colleagues and friends alike indicating what you are doing, where you are located and so on. The main feature of this social network is the so-called “Following Tweets,” which is a way to inform you that somebody is following your tweets. Twitter is a powerful platform because it easily allows you to...

How to mitigate the “Supercookies”

Mon, 22 Aug 2011 00:00:00 GMT

"Supercookies" (Local Shared Object), or flash cookies as they are otherwise commonly called, and their implication on the privacy of Internet users have been a hot topic in the security- news blogs lately. "Cookies", as most of you already know, are small text files that are used to keep small pieces of browsing information stored on a computer to track and retain user preference information...

China’s Black Market: an Analysis

Mon, 15 Aug 2011 00:00:00 GMT

The Black Market is not new at all, and we know it exists because illegal products or services are readily available, such as drugs, sex, stolen goods, etc. These days I have been impressed by the increase in the number of emails targeting Italian users with offers of electronic goods sold at very interesting prices. Everyday my personal inbox is stuffed with emails coming from people pretending...

New SDK, Old tricks - SillyDl repackaged!

Thu, 04 Aug 2011 00:00:00 GMT

Routine processing of our large volume collections has unearthed a sample that seems noteworthy to be mentioned. Digging deeper revealed it was indeed a simple variant descending from a very old and familiar family of Java based Trojans [Java/SillyDl] Intricacies of its execution This sample's payload is same as what the age old downloader agents are known to do. By Design, It downloads...

SpyEye Behind Cyber-fraud

Thu, 04 Aug 2011 00:00:00 GMT

SpyEye is now very well known within all security communities and security blogs of the world. The latest version of the SpyEye tool includes very powerful capabilities, specifically designed to steal sensitive data from Windows users conducting monetary transactions over the Internet. The Trojan tool is sold on the underground market and in cybercrime forums to be used by cybercriminals....

A Trojan spying on your conversations

Mon, 01 Aug 2011 00:00:00 GMT

We have been recently blogging about many Android malware as the threat landscape has been witnessing an increasing trend in targeting the mobile platforms and today we have received an Android package to our collection and observed that this piece of malware walks an additional mile by having a neat configuration and has a capability to record the telephonic conversation the infected victim...

LulzStorm hits Italian Universities

Tue, 19 Jul 2011 00:00:00 GMT

Lulz team seems to have their signature on the Security page almost on a weekly basis. Just today, “The Sun” newspaper’s online home-page has been defaced, playing on the recent Murdoch issue but the most recent and interesting case certainly remains the attack to Italian Universities. On its Twitter page LulzStorm posted a supposed dump of the databases of 18 Italian...

UNIFORM TRAFFIC TICKET Not from New York State Police

Mon, 11 Jul 2011 00:00:00 GMT

The first thing that most computer users do in the morning is to check their email. So recently just as usual I too checked my Inbox and spam folder. However there was one email [Figure 1] in my Spam folder that got my attention. It seemed suspicious and I did not want to fall into a trap so I carefully reviewed it. This blog details my findings. The email is disguised as a "Traffic Ticket"...

ZBot Targeting Android Users

Fri, 08 Jul 2011 00:00:00 GMT

Earlier this week, in the security researcher forums there have been a round of discussions regarding Zbot attacking Android users and today fellow researchers from Fortinet have managed to find a sample that actually does it. Though this sample has been in the wild for some time, it was found now that it is actually the one that Zbot uses to target its victims. In this blog, we will...

Dynamic Analysis of Golddream.A Trojan

Thu, 07 Jul 2011 00:00:00 GMT

This is a recent malware that targets the Android platform. This Trojan like many typical social engineering Trojans, comes bundled with a game. The credit for discovering it goes to Prof.Xuxian Jiang. Since we have published static analysis of such Trojans in our earlier blogs, this blog covers the dynamic analysis of the Trojan in a controlled environment. Please note that this blog post...

Rootkit Infection: MBR wanted!

Thu, 30 Jun 2011 00:00:00 GMT

We recently witnessed another rootkit infection which raised the attention of the press and Microsoft users. It is again a high profile malware whose target is the hard drive’s master boot record (MBR) corrupting the bootstrap of the Windows Operating System. Once run the malware follows the steps below:Open file: \\.\PhysicalDrive0Create File: hello_tt.sys The first step of the malware is...

QR Code: a channel to spread malware?

Mon, 14 Feb 2011 00:00:00 GMT

Not everyone knows what a QR Code is or how they can be used. A QR Code is a specific matrix barcode (or two-dimensional code), readable by dedicated QR barcode reader. There are many QR Code Reader apps available today for camera phones. The code consists of black modules arranged in a square pattern on a white background. The information encoded can be text, like a URL, or other data.