Jarkko Turkulainen, a Senior Researcher on our Threat Intelligence team, has (today!) publicly released a research tool called Reflash. It’s a proof-of-concept framework for analyzing Adobe Flash files. It produces an SQL database of Flash VM stack trace by injecting dynamically generated instrumentation to Flash files. The SQL database can later be analyzed with various […]

I recently installed Audacity, an open source audio editor… And while verifying the current version to download, I came across an interesting security notification. Before I read the details, I fully expected to discover yet another case of some crypto-ransomware group hijacking and trojanizing an application installer. But not so! Audacity’s download partner was infiltrated […]

Today I was testing iOS 9 “Split View” multitasking with Freedome and KEY… …and discovered that we have a new Freedome exit node? A happy Festivus to us all!

On December 15th, US Senator Ron Wyden sent a letter to FBI Director James Comey regarding crypto-ransomware. The reported costs are quite surprising. $10,000? My guess is that this is due to multiple computers being hit rather than one overall fee. Here are Wyden’s questions. Hopefully the FBI will provide a detailed reply sooner than […]

Available from F-Secure GitHub: SEE Introduction: Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors (Qemu, VirtualBox, LXC) can be employed to run the Test Environments. Plugins can be added to a Test Environment […]

I’ve been doing some password research and was recently reminded of this iOS 9 feature. Apple: “The default for passcodes on your Touch ID–enabled iPhone and iPad is now six digits instead of four. If you use Touch ID, it’s a change you’ll hardly notice. But with one million possible combinations — instead of 10,000 […]

We noticed an unusual spike in “Flash redirector” detection hits during October. The source was compromised websites. The compromised websites had an injected code which loaded a malicious flash object that attempted to redirect users to the Angler exploit kit. This flash redirector is not a new thing. It was written about by MalwareBytes a […]

In the era of APT’s, it feels like something is amiss when there is a forum of governments and no malware arises. But the 3rd ASEAN-United States Summit on 21 November 2015 did not disappoint. A few days before the Kuala Lumpur summit, a subdomain under asean.org for the ASEAN Secretariat Resource Centre (ARC) was compromised. Malicious code was appended […]

Bad news: Dell has installed a rogue root CA on customer PCs. Dell ships laptops with rogue root CA. https://t.co/70LCd9JAoZ #reddit #DellRoot pic.twitter.com/25QhJTRzZs — Mikko Hypponen (@mikko) November 23, 2015 Why is it bad? Because it’s trivial to perform man-in-the-middle attacks against any computer with the cert installed. Dan Goodin has an excellent writeup here. […]

Artturi Lehtiö, a researcher on our Threat Intelligence team, recently presented a paper on abusing third-party web services as C&C channels at VB2015. Here’s the abstract: A secure, reliable and undetectable method of communicating with and controlling malware is essential for modern malware operations. But designing, implementing and maintaining your own communication infrastructure isn’t an […]