[ Security Alert ] 31 March, 2011 13:36

     According to WebSense blog, more than 28,000 injections of LizaMoon malicious script was found.  This massive SQL injection attacks inserting the following link:

<script src=hxxp://lizamoon.com/ur.php></script>

    The malicious URL is not available now. It was reported that the script redirects user to Rogue AV site: hxxp://defender-uqko.in.

    AegisLab WebGuard had blocked its IP address ( since Mar 27. Related Rogue AV domains also includes:


[1] http://community.websense.com/blogs/securitylabs/archive/2011/03/29/lizamoon-mass-injection-28000-urls-including-itunes.aspx


By AegisLab

Luke Tsai

[ Activity ] 25 March, 2011 16:39

    AegisLab is very glad to announce we will have a speech in Asia-Pacific Info Security Forum to share our idea and solution in Android platform and mobile devices. The speech will be started in 11:50AM and fourty minutes long.

   Time: 2011-04-22 11:50 AM.

   Place: TWTC Nangang Exhibition Hall, 4F, Room  403.

   You can register to attend this fourm in http://www.secutechinfosecurity.com/11/tw/seminar_register.aspx?exhibition_id=726&e_ref=2&topic_id=0#pagetop

   Besides, in the same building and from 04-20 to 04-22, there is the 10th Taipei International Info Security Expo, we will be at booth number (N229) to show our AegisLab Antivirus Elite, welcome to visit us!

By AegisLab 

[ Product News ] 21 March, 2011 18:25

     With the download rate exceeds 100,000 in Google market, more and more users aware the existance of this tool and have good experience with it. However, in order not to confuse with IBM's "AppScan", which is a security vulnerability scanning tool for web application, we decide to rename our applications.

     Therefore, "AppScan Beta" was renamed to "AegisLab Antivirus Free". It can be downloaded here: http://market.android.com/details?id=com.aegislab.sd3prj.antivirus.free.

     To maintain the consistency, our paid full version "Egis Mobile Antivirus Security tool" was renamed to "AegisLab Antivirus Elite". It can be purchased here: http://market.android.com/details?id=com.aegislab.sd3prj.egismobile


By AegisLab

[ Security Alert ] 21 March, 2011 16:35

     [Updated] For victims who already grant the permissions to this malicious app, please see procedures listed in the bottom of this alert. 

     AegisLab found a new chat spam now is circulating on Facebook. The sympton is there are some chat messages from your friends with words like "Hey, check out this girl, lol, she must be out of her mind for making that video!". These message includes a shorten-URL such as "bit.ly/dG9Qdj".


      When you click the URL in the chat message, the app requests the permission to access your Facebook profile and Facebook Chat as shown in below figure.

      Once you confirm the request, you will be redirected to a video page with a security check dialog.


      Either one of the options in the dialog will redirected to some suspicious pages like this.


      In the same time, the app will send the same message to your friends but includes a different shorten-URL.

      How to protect yourself from attack? Our suggestion is : Don't click any shorten-URL in Facebook chat.

     For user who had clicked the URL and granted the permission, you can follow the procedures listed in below.

  • Change your password.
  • Remove the app. 
      a. Click Account-> privacy setting -> Apps and Websites

              b. Click "Remove unwanted or spammy apps."

           c. Click "x" and "Remove"


By AegisLab.

Researcher: Luke.

[ Security Alert ] 10 March, 2011 13:00

   In few days ago, Google released "Android Market Security Tool" that intented to recovery devices from the modification made by "DroidDream" trojans. This tool was automatically deliver to devices of users who had downloaded and installed infected applications.

   But according to the report in mobile.malware discussion group, a repackaged version was distributed in China local forum. Thanks for Justin Case offering the sample, and we identify it was the same as the "Fake10086" we discovered in one week before. Both of them utilize a Google Code project http://code.google.com/p/mmsbg/. Also thanks for Tim Wyatt from Lookout who send us private mail dated in March 05 to disclose this information.

    Related analysis can be found at:

By AegisLab

[ Product News ] 10 March, 2011 10:35

    Even with humble GUI and without advertisement, our free Android anti-malware scanning tool "AegisLab Antivirus Free" (Originally called "Appscan Beta") is still eye-catching for users who seriously compares the functionalities and who has good user experience. Recently, we found it was also recommended by Network World article "8 essential Android security apps".

    Network World describles "Appscan Beta" as "While DroidDream Killer is designed to help you deal with malware after it's already been installed, Aegislab's AppScan Beta is designed to stop you from ever downloading it in the first place. The application scans other apps on the Android Market and identifies any spyware or malware they may have on them by flagging them as "suspicious." It can also scan apps for any unwanted advertisements." IMHO, very precisely.

   And another blogger "23corner" (Traditional Chinese), the writer is also impressive about our scanning engine and also the newly added feature - network bandwidth usuage breakdown for each apps.

   Thanks every people who loves and enjoys with "AegisLab Antivirus Free"(Appscan beta), we will continuously improve it and treat every feedback as most valuable thing for us. If you prefer more perfessional version, please purchase the paid version "AegisLab Antivirus Elite" which contains remote wipe & lock and also SMS phishing filter.


By AegisLab 


1 2  Next»