IBM Computer, Laptops and Servers

May 14, 2008 Kuala Lumpur, Malaysia May 14, 2008 F-Secure Corporation, the global leader in providing security as a service through mobile operators and Internet Service Providers, today announced that it has joined the International Multilateral Partnership Against Cyber-Terrorism (IMPACT), with Chief Research Officer Mikko Hypponen representing the company on IMPACT International Advisory Board. laptop battery

The Malaysian IMPACT initiative seeks to establish a unique platform that brings together governments and the international private sector as partners in the global fight against cyber threats. IMPACT will host the World Cyber Security Summit in Kuala Lumpur, Malaysia, from 20 to 22 May 2008, in conjunction with the World Congress on Information Technology (WCIT). In addition to the IMPACT inaugural International Advisory Board meeting, a Ministerial Roundtable will also be taking place. The inaugural IMPACT Summit will be the largest ever gathering of governments, regulators and industry experts on cyber terrorism, with ministers and officials representing over 40 governments invited for the event. thinkpad

e are honored and proud to be part of the IMPACT initiative. We see IMPACT as an important global collaboration and a catalyst against cyber threats. We look forward to contributing to the direction and strategies of IMPACT, said Mikko Hypponen, Chief Research Officer at F-Secure. microsoft

Downloads Press and News Weblog Contacts F-Secure.co.uk Products

Products A-Z laptop computers

F-Secure Products Security Suites

• F-Secure Anti-Virus Small Business Suite
• F-Secure Anti-Virus Corporate Suite
• F-Secure Anti-Virus Enterprise Suite

Inside a malicious flash file - F-Secure Weblog : News from the Lab AddressBanner TitleBanner MAIN INDEX

ARCHIVES ABOUT US SECURITY CENTER SUBMIT SAMPLE FSLABS TUBE LINUX BLOG laptop computer

Thursday, May 29, 2008 desktop computer

Inside a malicious flash file

Posted by Gerald @ 19:13 GMT | notebooks

---

We ve been receiving lots of malicious flash file lately. Most of the flash file that we received has obfuscated shellcodes. lenovo

I stumble on one sample and gave a closer look on it. The obfuscation is simple, it only uses XOR and ADD instruction. Basically, this flash file is taking advantage of the recent 0-day vulnerability in Adobe Flash Player. It downloads and execute a file from the following site: hxtp://www.psp1122.cn/[removed].exe We detect the downloaded EXE file as Trojan-PSW.Win32.OnlineGames.ayju and the flash file as Exploit.SWF.Downloader.a hard drive

Here s an animated image of decrypted shellcode: Comments Flash w/ SQL travelstar

| gateway

Google Earth with Worms, Spam and Malware - F-Secure Weblog : News from the Lab

---

Google Earth is cool. We ve been using it to track worms. If a worm contacts our monitoring system, its IP address is logged and is then converted to latitude and longitude. It alls goes into an XML feed that we use with Google Earth s network links. It looks something like this: Google Earth with Worms Click the image for a 1400x1050 view. And while that s pretty neat, worms aren t really today s threat. So we re working on some new data feeds. laptop parts

Lets take spam. This is what the source of spam from a single personal account looks like: Google Earth with Worms and Spam Then there s our worldmap.f-secure.com data. It also feeds an internal system that we use in the lab. We ve adapted that data for Google Earth which then looks like this: Google Earth with Worms, Spam and Malware software

Bot monitoring feeds are in the works as well. We ll do a video demo sometime next week. Comments Inside a Malicious Flash File hard drives

| electronics

DHS PDF AddressBanner TitleBanner MAIN INDEX

ARCHIVES ABOUT US SECURITY CENTER SUBMIT SAMPLE FSLABS TUBE LINUX BLOG canon

Sunday, June 1, 2008 desktop pc

DHS PDF

Posted by Mikko @ 12:14 GMT | desktop computers

---

We get samples lots of samples every day. Like tens of thousands of them. think pad

They come from various sources: from our customers; from honeypots and honeynets; via our online scanners; submitted directly from our products; from operators and ISPs; via sample exchange with our competitors; and so on. repair

We also get copies of samples that people submit to online virus scanning services such as VirusTotal, Jotti, and VirSCAN. We d like to give big thanks to these services for their valuable cooperation. data recovery

When we get samples via such online services, we have absolutely no idea where the sample is coming from and who submitted it. Sometimes such samples can be real mysteries. Take for example this PDF file that we got a sample of via VirusTotal. The only information we have on this 130kB file is that it was named .pdf (after its MD5 hash) and that it was submitted on the 23rd of May. cisco

When you open this document, this is what you ll see: Department of Homeland Security G-325A Looks like a Department of Homeland Security form G-325A. Look again. What s the filename It s not .pdf. It s 0521.pdf. This is not the document we opened. So what happens here Apparently this PDF has been used in a targeted attack against an unknown target. keyboard

When this PDF is opened in Acrobat Reader, it uses a known exploit to to drop files. Specifically, it creates two files in the TEMP folder: D50E.tmp.exe and 0521.pdf. Then it executes the EXE and launches the clean 0521.pdf file to Adobe Reader in order to fool the user into thinking that everything is all right. D50E.tmp.exe is a backdoor that creates lots of new files with innocent sounding filenames, including: monitor

\windows\system32\avifil16.dll \windows\system32\avifil64.dll \windows\system32\drivers\pcictrl.sys \windows\system32\drivers\Nullbak.dat \windows\system32\drivers\Beepbak.dat The SYS component is a rootkit that attempts to hide all this activity on the infected machine. nbsstt.3322.org The backdoor tries to connect to port 80 of a host called nbsstt.3322.org. Anyone operating this machine would have full access to the infected machine. desktop

Well, 3322.org is one of the well known Chinese DNS-bouncers that we see a lot in targeted attacks. Does nbsstt mean something Beats us, but Google will find a user with this nickname posting to several Chinese military related web forums, such as bbs.cjdby.net. infosys

Where does nbsstt.3322.org point to nbsstt.3322.org IP address 125.116.97.19 is in Zhejiang, China. And it s live right now, answering requests at port 80. Comments Google Earth with Worms, Spam and Malware refurbished laptops

| wipro

Creating Malicous PDF Files

f 1 be 1 cdea 0 bcc 5 a 1574 a 10771 cd 4 e 8 e 8 f 1 be 1 cdea 0 bcc 5 a 1574 a 10771 cd 4 e 8 e 8 lap top

Creating Malicous PDF Files - F-Secure Weblog : News from the Lab

Yesterday s post discussed a mystery PDF file that was booby trapped to drop a backdoor. Today we ll look at how these documents are created. Here s an example of a tool called Y08-40 aka GenMDB. GenMDB When run, it displays this user interface: y08-04 by Noble The apparent purpose of this tool is to create trojanized PDF files. You select which EXE you want to embed, which PDF file you want to trojanize, and which platform you expect the victim to be using. refurbished

Cool. Now, the real question is this: How on earth did we get our hands on such a tool You d never guess it. We received it inside a trojanized PDF file. Here s what we believe happened: Someone, somewhere was using this tool for the first time. They did a test run, selecting a random PDF file and a random EXE to create a trojanized PDF, just as a test. As a random EXE, they selected wait for it GenMDB.EXE itself! memory

Then the perpetrator was probably curious to find out if the trojan PDF would be detected by virus scanners or not. So he uploaded the trojanized PDF to an online scanner. Hey, thanks. Keep up the good work. Comments DHS PDF intel

| as400

Symbian Jailbreak AddressBanner TitleBanner MAIN INDEX

ARCHIVES ABOUT US SECURITY CENTER SUBMIT SAMPLE FSLABS TUBE LINUX BLOG averatec

Tuesday, June 3, 2008 hardware

Symbian Jailbreak

Posted by Jarno @ 18:32 GMT | dual xeon

---

A Spanish modder has developed an easy to use privilege escalation hack for Symbian S60 3rd Edition phones. The hack provides unlimited access to the phone s file system. With this access any number of modifications can be made. storage

Another vector for drive-by downloads are infiltrated ad networks. We are seeing more and more advertising displayed on high-profile websites. By infiltrating the ad networks, the criminals don have to hack a site but their exploit code will still be shown to millions of users, often without the knowledge of the webmaster of those sites. Examples of where this has happened include TV4.se, Expedia, NHL, and MLB. seagate

It is important to be aware of this shift from SMTP to HTTP infections, which can be exploited by the criminals in many ways. Companies often measure their risk of getting infected by looking at the amount of stopped attachments at their e-mail gateway. Those numbers are definitely going down, but the actual risk of getting infected probably isn t. computer sales

Individuals and companies should therefore be scanning their web traffic for malware as well as filtering their FTP traffic. In parallel to the switch from SMTP to HTTP as a way of spreading malware, we are now also seeing more and more malicious e-mails that link to malware via FTP links. computer hardware

Advanced rootkit emerges

A MBR rootkit known as Mebroot is probably the stealthiest recent malware we have observed, and has so far been distributed by drive-by downloads. Mebroot replaces the infected system s Master Boot Record (MBR), which is the first physical sector of the hard drive and contains the first code loaded and executed from the drive during the boot process. It keeps the amount of system modifications to a minimum and is very challenging to detect from within the infected system. printers

MBR viruses used to be the most common form of viruses at the time of the DOS operating system about 15 years ago. Recently there were academic papers published in conferences discussing whether this kind of MBR stealth could ever happen in the age of Windows. We have been very surprised to see it happening for real now in 2008. technology

This means that the criminals have both the funds and the high level expertise to develop such complex attacks. They have succeeded in developing code that loads from the boot sector of the hard drive, stays alive while Windows boots up, then loads parts of itself and injects to the operating system when Windows is up and running, and manages to hide all this very effectively. mainframe

We are likely to see this technique being used by quite a variety of malware. These first MBR rootkits are banking Trojans targeting several online banks, where the criminals are clearly seeing an opportunity to make a return on their investment. samsung

First mobile ransom Trojan

Making money is what today malware is all about and the first ransom Trojans for smartphones have been found in China. We have already seen similar Trojans on the PC side before which infect your computer, take your data ostage or somehow disrupt your computer capabilities, and then offer to restore everything back to normal if you pay out the ransom money. Typically, the ransom Trojan first encrypts your hard drive and then sends you a password after you have sent money to the criminals via an online money transfer system. computer repair

In the case of Kiazha, the first smartphone ransom Trojan, you get infected by downloading a shareware lookalike program on your phone, which then drops several known older viruses on your phone. Next it sends a message explaining that you can only get the phone fixed by transferring the equivalent of seven dollars to the attackers through an online payment system. Today smartphones are so important to many people that they are prepared to pay a ransom to get back their phonebook, calendar and mobile emails, so we might well be seeing much more of this type of malware in the future. used computers

More mobile trouble

The Beselo worms spread via MMS and Bluetooth by using a novel form of social engineering to trick users into installing an incoming SIS application installation file. What makes Beselo interesting is that instead of a standard SIS extension, the Beselo family uses common media file extensions. This leads the recipient to believe that he or she is receiving a picture or sound file instead of a Symbian application. The recipient is then far more likely to answer yes to any questions the phone prompts after clicking on such an incoming file. network

The filenames used by Beselo are beauty.jpg, sex.mp3, and love.rm. So if you have a Symbian S60 phone and receive a media file, answer no to any installation prompt that appears when trying to open the file. There is no reason for any image file to ask installation questions on the Symbian platform, so any image or sound file that does something else than play immediately is definitely not what it claims to be. digital cameras

Beselo worms are compiled for S60 2nd Edition phones. Attempting to open the file on a 3rd Edition phone will probably cause an error message rather than an installation prompt. HatiHati.A is another troublemaker, a worm-like application that spreads via MMC cards. Once the worm has copied itself to a new device, it starts sending SMS messages to a predefined number which can prove very expensive. desktops

For a video about mobile threats, please go to our video channel at http://www.f-secure.com/video-channel/ Both PC and smart phone users can protect themselves by using an up-to-date security services from well known vendors. For more information about F-Secure solutions, please go to www.f-secure.com More information about current threats in general is available on our weblog at http://www.f-secure.com/weblog/ cognos

F-Secure.com F-Secure includes firewall with Mobile Security for the Windows Mobile platform eStore Products Support Downloads Press and News Weblog Contacts F-Secure.com F-SECURE

ABOUT F-SECURE Pressroom Corporate News F-Secure includes firewall with Mobile Security for the Windows Mobile platform hosting

F-Secure includes firewall with Mobile Security for the Windows Mobile platform

Apr 1, 2008 F-Secure Corporation, the global leader in providing security as a service through mobile operators and Internet Service Providers, today announced its award-winning Mobile Security solution for the Windows Mobile platform. The solution brings new levels of protection for Windows Mobile Smartphone and PocketPC users. F-Secure Mobile Security enables smartphone users to enjoy the full potential of their devices without the fear of mobile threats. The application combines real-time antivirus and antispyware functionality with a firewall, ensuring complete protection in today connected lives. A firewall provides additional security for all mobile devices that access public networks like Wi-Fi. The solution also delivers automatic over-the-air antivirus updates. netfinity

F-Secure Mobile Security prevents malware from

• causing unwanted billing as they try to spread or call premium rate numbers internet

• deleting valuable information from the device cheap computer

• making the device unusable digital camera

• sending information from the device to third parties printer

With this latest launch of its Mobile Security product, F-Secure now provides a complete security suite with firewall, antivirus and antispyware functionality for all the main mobile platforms running an open operating system: Windows Mobile, Symbian S60 and UIQ. F-Secure Mobile Security can be subscribed from selected mobile operators as a service, purchased directly from the F-Secure eStore at: http://www.f-secure.com/estore/, or bought from resellers worldwide. The product will be available during the second quarter. xseries

The list of supported devices is constantly expanding and consists today of over 150 smartphones. The up-to-date information can always be found from the mobile-device optimized F-Secure Mobile Portal under http://mobile.f-secure.com maxtor

For more information, please contact: F-Secure Corporation Anton von Troyer, Marketing Manager, Mobile Solutions Business Unit Mobile: +358405808670 Email: firstname.von.lastname@f-secure.com Samu Konttinen, Vice President, Mobile Solutions Business Unit Tel. +358 9 2520 0700 Email: firstname.lastname@f-secure.com data storage

News headlines Phorm Factor - F-Secure Weblog : News from the Lab AddressBanner TitleBanner MAIN INDEX

ARCHIVES ABOUT US SECURITY CENTER SUBMIT SAMPLE FSLABS TUBE LINUX BLOG hitachi

Tuesday, April 15, 2008 rational

Phorm Factor

Posted by Stefan @ 09:13 GMT | websphere

---

For some time now, several ISPs in UK have been lobbied by an advertising company called Phorm. The online advertising business generates a great deal of revenue and so it s easy to listen to riches and fortune when opportunity knocks. But is the potential opportunity worth the potential risk to privacy battery

Phorm, http://www.phorm.com

Phorm s technology is a tracking solution for ISPs that would enable the display of contextual advertisements. When ISP subscribers browse the web, their content will be deep packet scanned to gather information about their interests. Advertisement banners will then be selected based on those interests. The effect is similar to most adware solutions today except it s installed on your ISP instead of your home computer. it support

It was decided that the annual compensation for the chairman is EUR 55, 000, for the chairmen of Executive and Audit Committee EUR 40, 000 and for members EUR 30, 000. Approximately 40% of the annual remuneration will be paid as company shares. western digital

In its assembly meeting, the Board of F-Secure Corporation elected Mr. Risto Siilasmaa to chair the Board. In the beginning of 2008, the Board has decided to establish an Audit Committee and an Executive Committee (nomination and remuneration topics). It has nominated Mr. Pertti Ervi to chair the Audit Committee and Ms. Sari Baldauf to chair the Executive Committee. music

During 2007 the Board has had 14 meetings and the attendance has been close to 100 %. The majority of F-Secure Corporation Board of Directors, five members out of six, has no dependence on the company. Mr. Risto Siilasmaa is a major shareholder of the company. Board of Directors Rules of procedure of the Board of Directors Charter of the committees networks

CEO

The Board of Director shall appoint the CEO and decide upon his/her remuneration and other benefits. CEO duties include managing the business according to the instructions issued by the Board of Directors, present the matters to be dealt with in the Board of Directors meeting, implement the matters resolved by the Board of Directors and other issues determined in the Companies Act. The Board of Directors confirms the salary and other benefits of the CEO. The CEO retirement age and the determination of his/her pension conform to the standard rules specified by Finland Employee Pension Act. The period of notice for the CEO is twelve (12) months both ways and there are no separate compensations for dismissal. During 2007, the CEO, Mr. Kimmo Alkio, was paid a total amount of EUR 426, 750 including all bonuses. toner

Executive Team

F-Secure Corporation Executive Team assists the CEO in the management and development of the Group. The CEO appoints the executive team members and decides upon the terms and conditions of their employment. The Board of Directors approves the compensation for the executive teams. The bonuses and grant of stock options are based on performance of the group and the individual. It assembles regularly once a month and separately as needed. cheap laptops

Executive Team

Auditors and Internal Controls

F-Secure Corporation auditor is Ernst Young Oy, a firm of Authorized Public Accountants. The auditor term of service is one year. APA Erkka Talvinko is acting as responsible partner and is responsible for the direction and coordination of the audit work. The auditor will report to the Board of Directors at least once a year. wholesale

The Executive Team of F-Secure, Financial Management and Security Team are responsible for the internal control and instructions. Regular audits will be performed in the different business units as well as in the subsidiaries. The purpose is to ensure the compliance to the consistent administration, accounting practices and the information security in the Group. During 2007, the Group paid a total of EUR 108, 360 for auditing activities and EUR 71, 610 for other services. brother

Risk Management

The goal of risk management is to identify risks that may hinder the group to achieve its business objectives. The responsibility for the company risk management lies with the CEO and the Executive Team. The Board of Directors and the committees approve and follow up the reporting procedures, and monitor the adequacy, appropriateness and effectiveness of the Group business and administrative processes. netvista

Weekly and monthly financial reporting that covers the entire Group is used to monitor how well financial targets are being met. The reports include actual figures, plans and up-to-date forecasts. The company has sought to manage the risks relating to its business operations by developing its operating processes and control systems. F-Secure risk management team is regularly monitoring and coordinating activities to mitigate the threats. camera

F-Secure Corporation does not provide financing outside industry standard payment terms. Invoicing is mainly done in Euros. There is exchange rate risk with some currencies. In order to minimize the impact of the fluctuation of the exchange rates the goal is to hedge the estimated cash flow of these currencies. networking

The investment policy of the company for cash reserves is conservative. Cash is mainly invested in short-term funds and other low risk investments. Company critical IT systems are reviewed externally to ensure their security. Company monitors systems internally as well. sharp

Insider Regulations and Silent Period

The company follows the insider regulations of the OMX Nordic Exchange, Helsinki. Insiders are divided into three categories: (1) permanent insiders including the members of the Board, the auditors, and the Group s executive team, (2) permanent company-specific non-public insiders including persons who by virtue of their position or tasks learn inside information on a regular basis, and (3) project based insiders. cheap

Permanent public insiders and permanent company specific insiders are not entitled to trade shares, options or other securities 21 days prior to publication of interim financial statements or company accounts. windows

The Group has a Silent Period of 21 days before each quarterly financial report announcement. During the Silent Period the Group will not arrange meetings or conference calls with the investor community. monitors

List of Permanent Insiders

Last modified: Apr 14, 2008 linux

AGM 2008 Option Programs Analyst Coverage Contact F-Secure Investor Relations Careers Event Calendar Marketing eStore Products Support Downloads Press and News Weblog Contacts F-Secure.com F-SECURE

ABOUT F-SECURE Investor Relations CEO s Statement computer support

Dear F-Secure customers, shareholders, partners and employees,

I would like to express my sincere thanks for the exciting year with the F-Secure community all around the world! What used to be Information Technology is increasingly becoming Interaction Technology, and thus our modern lives are increasingly connected. We are connected to other people around the planet, we are connected to various services, and we connect through many different types of digital devices. Life has become Connected. used laptops

During 2007 approximately 166 million more people worldwide joined the 1.1 billion of us already enjoying the opportunities of Connected Life on the Internet. And what is very encouraging for F-Secure is the increasing amount of these new Internet citizens that protect their experience by using Security as a Service from the F-Secure partner community! As the role of Information and Communication Technology (ICT) continues to become more central in life and business, the importance of our work as the security experts and as a trusted partner for Service Providers globally will continue to increase. This also implies an increasing social responsibility of enabling safe and easy Internet experiences, and for safeguarding continuity in terms of service access and connectedness. cameras

It is an inspiring role for F-Secure Fellows to be serving on-line Internet users globally as we enable millions of customers to experience the Internet in a trusted manner. As Connected Life becomes a reality for more people (some estimate that 5 billion people will be connected by 2015, primarily through smartphones!) we can also foresee that the combination of information technology, value added services, and Internet security services continue to offer exciting service opportunities for our partners and ourselves. This opportunity to jointly innovate new services and to have an increasingly relevant role in serving society strongly motivates us to strive for new heights as a workplace and as a company. scanners

On-line wellbeing spurs growth of on-line services

As our lives become connected through ICT the protection of our digital devices and the quality of the service experience become aspects of our wellbeing. This is what we call on-line wellbeing, and it is the approach that F-Secure has adopted for planning its future. Increasing the level of on-line wellbeing for Internet users will be an effective way to encourage higher adoption rates for new value added services. panasonic

Availability of on-line services is nothing new to the global Internet community. What is changing is the innovation of new tailored services for specific customer segments. With the natural evolution of Internet related services, the industry is recognizing that the requirements for a great on-line experience differ between unique customer segments. By nature, as the Internet offers an expanded set of opportunities, we will see a clear segmentation of needs between technically advanced users on one hand, and on the other hand the bulk of Internet users where ease of use and support is valued the most. workstation

monebaggasse