[ General ] 26 August, 2010 13:51

    SyScan'10 Taipei (official site here: http://syscan.org/Tpe/index.php ) just finished in end of last week, AegisLab also have some professionals attended this conference. Some topics are quite interesting and we highlight here.


[ Security Alert ] 23 August, 2010 13:41

**Update 2010-08-27**

   Yahoo.js has new vulerable sites and download executable is changed. Till now, Google SafeBrowsing didn't include the download site yet.

   The new vulerable sites:



     Detection rate of the latest new "s.exe " in VT: 17 /42 (40.5%)

     Lionic WebGuard can stop this download path from 2010-8-26.


[ Security Alert ] 18 August, 2010 18:28

1. Affection Version


Adobe ColdFusion 9.0.1 and earlier versions


2. Description


  1. Adobe ColdFusion is a web server which can execute CFML (ColdFusion Markup Language). The CFML is a script language like as JSTL ( JSP Standard Tag Lib).


  1. There is a vulnerability found in Adobe ColdFusion that doesn't handle the URL correctly. The malicious user would send the specific URL request to the server and the file content would show in the web pages automatically. This vulnerability is labeled as CVE-2010-2861. (More)

[ Security Alert ] 16 August, 2010 14:26
    AegisLab constantly monitor the "yahoo.js" malicious script mentioned in previous security alerts. Today we discover that the downloaded executable is changed and detection rate is lowered.


[ Sample Analysis ] 13 August, 2010 15:03

    The recently news about first Android virus, links: http://pocketnow.com/android/first-android-virus , Kaspersky Vireus News http://www.kaspersky.com/news?id=207576152, Lookout http://blog.mylookout.com/2010/08/security-alert-first-android-sms-trojan-found-in-the-wild/#comments.

    Thanks for contagio, offers the sample.

    After both disassembling and runtime analysis, one malicious behavior is observed. It sends SMS messages to '3353' or '3354' with text '798657' once launched for the first time. After that it remains silent. This may cost money if 3353 or 3354 is available in that country.

    There are already some static analysis available on Internet, like here http://www.alienvault.com/blog/jaime/Malware/Analysis_of_Trojan-SMS.AndroidOS.FakePlayer.a.html, we do a bit differently. If we slightly modify its behavior, change destination number from 3353 to 5556(emulator number)
and assemble back to apk. We can simulate the user who receives the SMS, see below:

[ Security Alert ] 12 August, 2010 14:49


    AegisLab constantly monitor the "yahoo.js" malicious script mentioned in previous security alerts. Today we found a new host used by this attack. At the time we release this information, the Google SafeBrowsing didn't label this site as malicious yet.

     The vulnerable web sites listed as example and the attack path is presented as following.

   [root]hxxp://www.yun-diing.com.tw (PageRank:2)

    www.yxf.me was not detected by VirusTotal webscan: 0 /6 (0.0%)
  ( http://www.virustotal.com/url-scan/report.html?id=6bb391fc145faa58fa1bee9a3054c20c-1281583808

   But Lionic WebGuard Solution stops  www.yxf.me from 2010-08-12.

By AegisLab

«Previous   1 2 3 ... 14 15 16 17 18 19 20  Next»