Papers & Presentations

Papers and presentations from the FortiGuard Labs Research Team

[BotConf 2014] A Timeline of Mobile Botnets

The concept of this paper came about with the idea to create an inventory of sorts of known mobile botnets and, more importantly to study differences and commonalities between them. By means of thi...

Posted: 08 December 2014

[Hack.Lu 2014] SherlockDroid, an Inspector for Android Marketplaces

With over 1,200,000 Android applications in Google Play alone, and dozens of different marketplaces, Android malware unfortunately have no difficulty to sneak in and silently spread. This puts a hi...

Posted: 04 November 2014

[BlackHat Europe 2014] Hide Android Applications in Images

Malware authors are always interested in concealing their goals to evade detection. We have discovered a technique which enables them to hide whatever payload they wish in an Android package (APK)...

Posted: 20 October 2014

[Hacktivity 2014] Android Packers: Separating from the Pack

In the context of Android applications, packers were introduced with the intention of providing protection for legitimate applica- tions from modifications and tampering. The flipside of the coin i...

Posted: 20 October 2014

[Area41 2014] Android Packers: Separating from the Pack

Android malware has been around for a while now and is significant enough to bypass the "Is Android malware really an issue?" introduction to this abstract. 2014 saw the introduction of the first p...

Posted: 12 June 2014

How Android malware fight (and we fight back)

Malware authors certainly are creative when it comes to hiding their payloads from analysts' eyes: emulator detection, application icon hiding, reflection etc. In this talk, we specifically focus o...

Posted: 22 May 2014

Head First Into the Sandbox

This paper provides a deeper look into Sandboxing technology, and how it practically applies to the modern threat landscape. 32 vs. 64 bit code analysis is discussed, as well as Sandbox evasion tec...

Posted: 11 April 2014

Pre-filtering Mobile Malware with Heuristic Techniques

With huge amounts of new Android applications released every day, in dozens of different marketplaces, Android malware unfortunately have no difficulty to sneak in and silently spread, and put a hi...

Posted: 21 November 2013

Playing Hide and Seek with Dalvik Executables

Android's Dalvik Executables (DEX) are full of sneaky corners, and this is just perfect for a game of Hide and Seek. The first round of the game begins by hiding an entire method within a DEX fil...

Posted: 25 October 2013

Analysis of Android In-app Advertisement Kits

Android captured 70% of smartphone shipments in the December quarter of 2012. With this explosion, Android has become the world's biggest magnet for smartphone applications, and mobile malware. Ind...

Posted: 07 October 2013

Push To Stalk : The Latest in Mobile Technologies

With smartphones getting smarter by the day, a modern day cellphone presents an attacker with the perfect attack scenario - a device that the victim carries around at almost all times that stays co...

Posted: 28 August 2013

Guns and Smoke to Defeat Mobile Malware

You've already reversed Android applications with baksmali and apktool? That's great! But how about learning a few new tricks with those tools and others? This talk will discuss some advanced featu...

Posted: 05 November 2012

Reducing the Window of Opportunity for Android Malware

This paper is all about finding new Android malware in the wild (crawling Google Play but also spotting suspicious applications among loads of genuine apps using a heuristic engine). Was presented ...

Posted: 10 May 2012

An Attacker's Day into Human Virology

Computer virology bares such a strong resemblance with Human virology that both worlds have often been compared humorously. In this presentation, we wish to push the comparison further down into th...

Posted: 10 May 2012

Android Reverse Engineering Tools

Android Reverse Engineering Tools, from an anti-virus analyst's perspective. Presents known reversing tools: apktool, baksmali, dex2jar, androguard, ded, dedexer... Tutorial on reversing of Android...

Posted: 05 March 2012

Defeating mTANs for profit

Malware on mobile phones has existed for several years, but until recently it had not been used for organized crime involving large amounts of money. This changed in September 2010 when the infamou...

Posted: 27 October 2011

Cryptography for mobile malware obfuscation

Malware for mobile phones are perhaps less known than Windows viruses, but they are nevertheless a fact now, confirmed by the recent trojans on Android (Geinimi, DrdDream). In this session, we addr...

Posted: 24 October 2011

An OpenBTS GSM Replication Jail for Mobile Malware

There is one golden rule in the Anti-Virus industry all AV analysts are very cautious about: making sure they do not spread samples which are under study. On PCs, vendors commonly use replication h...

Posted: 24 October 2011

Understanding and Exploiting Flash ActionScript Vulnerabilities

Understanding and Exploiting Flash ActionScript Vulnerabilities

Adobe's Flash Player has become the most popular rich internet application (RIA) today. Recent years we have seen many Fl...

Posted: 01 March 2011

Mobile Malware..In Practice

Recent examples of malware for mobile phones, what they do, how they do it and frequent symptoms

Posted: 01 March 2011

Defeating mTANs for profit

Nowadays, many banks try to secure their online transactions by sending an additional one-time password by SMS (mTAN) to the end-user. Unfortunately, in September 2010, the infamous ZeuS gang has w...

Posted: 04 January 2011

Rearing its Seven Ugly Heads: The DLL-Preload Attack

Posted: 01 August 2010

The Four Horsemen: Malware on Mobile Phones in 2009-2010

This talk selects four malware targeting mobile phone platforms, currently among the most prevalent. A technical description is provided for each: how it infects the phone, its malicious payload ...

Posted: 01 May 2010

Symbian Worm Yxes: Towards Mobile Botnets?

In 2009, a new Symbian malware named SymbOS/Yxes was detected and quickly hit the headlines as one of the first malware for Symbian OS 9 and above all as the foretaste of a mobile botnet. Yet, the ...

Posted: 01 May 2010

Four Malware and a Funeral

This paper selects four malware targeting mobile phone platforms, namely Eeki, Yxes, Redoc and GameSat. They are currently among the most relevant malware in terms of prevalence, or because they a...

Posted: 01 May 2010

Adobe Reader's Custom Memory Management: a Heap of Trouble

This is a PDF-specific exploitation research focusing on the custom heap management on Adobe Reader. When Adobe Reader is processing a PDF file, in most allocation cases, it does not directly use t...

Posted: 01 April 2010

'I am not a numero!': assessing global security threat levels

Late last year Gartner analyst Greg Young wrote a blog post about the varying worldwide security threat levels as indicated in vendor online threat centres. He pointed out that, since global vendor...

Posted: 01 September 2009

Fighting cybercrime: technical, juridical, and ethical challenges

Since the massive rise of cybercrime in 2005, which now steadily drains several billion dollars (if not hundreds of billions) per year, a variety of challenges in efficiently fighting cybercriminal...

Posted: 01 September 2009

Botnet-powered SQL injection attacks: a deeper look within

Looking back, the past year has seen botnet-powered SQL injection attacks reaching a rampant level, sparing no category of websites in their malicious code injection campaigns. With several million...

Posted: 01 September 2009

Vital Threat Management for Enterprise Carrier

Posted: 01 June 2009