2015 Network Security Retrospect and Prospect

2015 Network Security Retrospect and Prospect 2015 Antiy Annual Security Report Antiy CERT Download       First Edition: 14:21, Dec 8, 2015 Pub Date: 09:00, Jan 7, 2016 Update: 17:30, Jan 7, 2016     Content   Introduction The Layered APT                        Th……

Continue Reading

An Analysis on the Principle of CVE-2015-8651

An Analysis on the Principle of CVE-2015-8651 Antiy PTA Team 0x00 Preface   On December 28, 2015, Adobe issued a security announcement that they have repaired 19 vulnerabilities in one breath. The vulnerability CVE-2015-8651 submitted by Huawei security research department was mentioned in t……

Continue Reading

AN ANALYSIS ON TARGETED TROJAN ATTACK WITH “INTERVIEW” AS A SOCIAL ENGINEERING TOOL

An Analysis on Targeted Trojan Attack with “Interview” as a Social Engineering Tool By Antiy CERT Download   First release: December 3, 2015, 10:21 Update: December 5, 2015, 5:21   1. Overview   In the evening of December 2, 2015, Antiy earlier-warning monitor system perceived the……

Continue Reading

AN ANALYSIS REPORT OF BLACKMAILER TROJAN SPREAD BY EMAILING JS SCRIPT

An Analysis Report of Blackmailer Trojan Spread by Emailing JS Script By Antiy PTA Group Download First draft: December 4, 2015, 11: 11 1      Introduction   A new blackmailer variant email with new transmission characters was captured by Antiy Threat Situational Awareness System on Decembe……

Continue Reading

UNCOVERING THE FACE OF RANSOMWARE

UNCOVERING THE FACE OF RANSOMWARE ——Antiy CERT Download 1          Introduction Recently, more and more security threats posed by ransomware, researchers from Antiy Labs felt obliged to investigate them to uncover the face of ransomware. September 2013, SecureWorks, the threat response departmen……

Continue Reading

COMPREHENSIVE ANALYSIS REPORT ON TROJAN/ANDROID.EMIAL.AS[RMT,PRV,EXP], “PHOTO ALBUM”

COMPREHENSIVE ANALYSIS REPORT ON TROJAN/ANDROID.EMIAL.AS[RMT,PRV,EXP], “PHOTO ALBUM” Download AVL Mobile Security Team of Antiy     First Release Time: 15:02 May 15, 2015 Update Time of This Version: 21:13 May 15, 2015 Current Latest Version: V2.1   1          Overvie……

Continue Reading

Analysis on the Encryption Techniques of EQUATION Components

First Edition: April 16, 2015 Second Update Version: April 18, 2015   Antiy analysis team has started the analysis of “EQUATION” since February 2015. After the report of the first article, the subsequent analysis did not make more progress or even highlight. Based on this situat……

Continue Reading

The Latest APT Attack by Exploiting CVE2012-0158 Vulnerability

Format overflow vulnerabilities are often exploited by APT attacks. In this type of vulnerabilities, CVE2012-0158 is the most commonly used one in the past year. Generally, the carrier of such vulnerability is a Rich Text Format (RTF) file, the internal data of which is saved as a hexadecimal stri……

Continue Reading

Antiy Labs Will Attend RSA Conference 2013

Antiy Labs will attend RSA Conference 2013 in San Francisco from February 25 to March 1. Antiy Labs is a vender of antivirus engine and solution, providing the best-in-breed antivirus engine and next generation antivirus services to confront PC malware and mobile malware. During the Expo, the prod……

Continue Reading

Our Mobile Antivirus Engine was Certified by AV-TEST

Key words: Antiy, AVL SDK for mobile, AV-TEST, certification In the just-ended test held by AV-TEST, AVL SDK for Mobile, the mobile antivirus engine of Antiy Labs, obtained the certification of AV-TEST with the result of being the first position in the world in terms of malware detection rate. ……

Continue Reading

Challenge Caused by DLL Hijacking Malware against Active Defense Technology

The malware, taking advantage of DLL to hijack vulnerabilities, which appeared in 2000 has begun to make further use of normal signature software to confront active defense now. This method has become more and more popular. This kind of malware is usually made up of the following two parts: the no……

Continue Reading

Antiy Is a Top-performer in AV-TEST’s Android Review

Since the non-public Android antivirus product test that was held by AV-TEST in November 2012, AVL for Android of Antiy Labs has become a top-performer in both malware detection and PUP detection. AV-TEST is the leading independent antivirus research institution and service provider which regularl……

Continue Reading

Antiy Labs Joins AVAR

The AVAR 2012 Annual Conference (The 15th Asia Anti-Virus Security Conference) was held in West Lake, Hangzhou on November 13th and 14th in 2012. Several technical directors and technicians of Antiy Labs attended it. Tong Zhiming and Kang Xuebin, who come from the Anti-virus Engine R&D Center ……

Continue Reading

Antiy Becomes MUTE Member

The group of MUTE (Malicious URLs Tracking and Exchange) was founded in 2008 to facilitate the exchange of malicious URLs between trusted security researchers. The MUTE’s mission is to minimize the exposure of end users from computing threats through timely tracking and exchange of URLs (mal……

Continue Reading

Malware in Mobile Platform from Panoramic Industrial View

Abstact: Malware has developed and broke through the traditional single concept of program code. It has penetrated into the whole system of society, politics, economy and life. It is impossible to resist malware effectively only relying on anti-virus vendors. The battle against malware requ……

Continue Reading

The Evolution Theory of Malware and Our Thought

  Abstact: The status of malware, similar to that of the living creatures, is the result of the comprehensive elimination and selection. Actually, it is the same with all the software programs. Fundamentally speaking, the theory of evolution is a science on life-death and evolution. Bot……

Continue Reading

Development, Confusion and Exploration of Honeypot Technology

Abstact: A honeypot is a security resource that can be scanned, attacked and compromised. This presentation systematically summarized the development and status quo of Honeypots, as well the technical challenges researchers face. In the final part, the writer explores the Honeypots’ potentia……

Continue Reading

Data Storage and Security Strategies of Network Identity

Abstact: This presentation focuses on data storage and security strategies in terms of network identity security. In the beginning, some background about the topic is introduced. Then, the writer summarizes the methods used in cipher text attacks and the current solutions. In the final,……

Continue Reading

Security Challenges of Antivirus Engines, Products and Systems

Abstact: This presentation explores the challenges anti-virus engines, products and systems face. In many cases, the security products are no longer the credible dams when facing with the surging malware waves; they become the trembling islands that are vulnerable sometimes. Time Top……

Continue Reading

The Encoding Rules about Floating-point Instruction

Recently, we find that some samples call floating-point instructions when OPCODE extracting them. The existing disassemble machine has no support for the floating-point instructions, so the support needs to be added. However, we have some difficulties when classifying the floating-point instructio……

Continue Reading

Analysis of Android Spyware

With the portable feature, intelligence terminals like mobile phone combine such privacy information as the user’s current location, contacts, and the communication record in one. Based on such feature, some applications have developed the functions of tracking and information monitoring to satisf……

Continue Reading

Analysis of a Sample Spread by New IE Zero-day (CVE-2012-4969)

On 17th, September 2012 the security researcher Eric Romang published an article Zero-Day Season Is Really Not Over Yet [1] at his blog, which reveals a new kind of IE Zero-Day vulnerability. This vulnerability has become the top topic and Microsoft has published the patch for it [2]. Antiy CERT a……

Continue Reading

Bitcoin Miner Malware

What is Bitcoin? Bitcoin [1] is a kind of digital currency generated by the open source P2P software. It possesses the quality of not being able to be frozen or tailed, no tax payment and low transaction cost. It can also be redeemed at real cash value according to the current exchange rate as sho……

Continue Reading

The Protection Mechanism and Removal Strategy of SMSZombie

Introduction In recent days, many security vendors like TrustGo and Symantec have followed the tracks of and made relevant analysis on this malware. More attentions are paid to its malicious behaviors (see references). The malware lures a user to install it by pornographic pictures or wallpaper ap……

Continue Reading

To Friends in Information Security and IT Industry

When we decided to initiate ISF (abbr. for Internet Security Forum) in 2008, we had a simple idea that although there were some information security meetings at home, most of them were held in Beijing. We thus hoped to hold a small party to enable fellows in southern China to communicate in their ……

Continue Reading

ISF2012: New Power, New Journey

The technology of information security, on which we depend for our business, is under heavy threats in every respect. All organizations have their own particular problems. Therefore, seeking solutions in an IT security perspective is the current vital task for all. With the remarkable rapid progre……

Continue Reading

Analysis on the Flame

It is the first time that we are faced with such a situation: our research team has been analyzing Flame worm for almost one month and we plan to continue. When Stuxnet broke out, we attempted to carry out long-term analysis, but due to certain limits, we stopped the analysis after 10 days. After ……

Continue Reading

Analysis of Android Trojan Gapp

The analysis report of the Gapp trojan can be downloaded from here.

Continue Reading

Antiy Sponsoring Open Source Project Androguard

In early February, Antiy Labs provided funding for the open source project Androguard. Androguard, one of the largest open source projects in the Android security field, was launched and led by Anthony Desnos, a French security researcher. It provides Android applications with reverse analysis, co……

Continue Reading

Antiy Released a New Version of Antiy Malware Wanted

Based on the 2011 version of Antiy Malware Wanted, we now release the 2012 version with an included board game. We will distribute the 2012 version of Antiy Malware Wanted to attendees at the RSA Conference as a free gift. The poker cards carry representations of notorious malware worldwide, such ……

Continue Reading

Comprehensive Analysis of the Carrier IQ’s Products

Background Recently, Android developer Trevor Eckhart found Carrier IQ software could gather user privacy information. This software is pre-installed into phones by Carrier IQ and its wireless carriers. Carrier IQ officially claims: “Carrier IQ is the leading provider of Mobile Service intelligenc……

Continue Reading

Patch for Vulnerability Used by the Duqu Delay

Microsoft released 4 patches in its security bulletin, but they weren’t able to repair the Windows kernel vulnerability (CVE-2011-3402) that is being exploited by Duqu. MS has recommended some security software which can defend against Duqu. Altogether 22 vendors, including Antiy Labs, were recomm……

Continue Reading

34 Repackaged Android Applications are Found in Official Market

On May 30, Software with embedded malware appeared on the official Android market. On June 2, according to statistics from multiple parties, there were 34 infected applications uploaded via 6 developer accounts (see the Appendix). It was reported that 30,000 to 120,000 users had downloaded the sof……

Continue Reading

Vulnerabilities Found in Industrial Control Systems from Different Vendors

According to an alert published by US-CERT’s control system security team, 36 remote attack vulnerabilities were found this week. Several SCADA products of Siemens, Iconics, 7-Technologies and RealFlex Technologies, as well as human-computer interaction products of BroadWin are affected. Currently……

Continue Reading

Temporary Solution for Adobe Zero-day Vulnerability (CVE-2011-0609)

On March 16, 2011, Antiy CERT intercepted a malware sample targeting a vulnerability in Adobe products. Antiy engineers have confirmed that the vulnerability has been widely exploited. Attackers can send an Excel (.xls) document with an embedded Flash (.swf) file as an attachment. If users open th……

Continue Reading

Analysis of Android Trojan Adrd

The trojan ADRD (aka HongTouTou), spreading through a number of forums and downloads, has been embedded into more than 10 legal applications. It can open several system services. It can also upload infected cell phone’s information (IMEI, IMSI, and version) to the control server every 6 hours and ……

Continue Reading

Report on the Worm Stuxnet Attack

Recently, numerous news media have reported incidence about Stuxnet worm. Described as “super weapon”, “Pandora’s Box”, it has attacked the SIMATIC WinCC SCADA system of Siemens. The Stuxnet worm erupted in July this year. It utilizes at least four vulnerabilities of Microsoft operating system, in……

Continue Reading

Antiy Labs has became Microsoft Gold Certified Partner

Antiy Labs passed the certificate of Microsoft Partner program, became Microsoft Gold Certified Partner, and obtained three ability quality certifications about Microsoft Business Intelligence, Microsoft Networking Infrastructure Solutions Competency and Microsoft Security Solutions. As a device-l……

Continue Reading

Virus Detection System

Abstact: Network virus monitoring has been explored academically and productively. It has now expanded into a new technology with its own direction. The path of virus defense leads us to the world of freedom. This presentation summarizes the virus trends in 2004, introduced the qualities of ……

Continue Reading

PE Trojan Detection Based on the Assessment of Static File Features

Abstact: Traditional signature detection technology builds a complete sample database and extracts malware signatures. Static assessment uses an intelligent algorithm to analyze and study known samples, extract signatures and assess unknown samples. This presentation explores related issues ……

Continue Reading

Embeddable Antivirus Engine with High Granularity

Abstact: In this presentation, the writer summarizes the challenges faced by AV principles, introduces the high granularity processing and embeddable AV engine. In the final, the writer makes a conclusion that AV principles are not invariable. Instead, they are evolving dynamic principles. T……

Continue Reading

Virus Detection Based on the Packet Flow

Abstact: Developers hope to extend the anti-virus capabilities of firewalls, IDS and GAP products. Though they can be combined with the file-level detection of traditional antivirus vendors, there are still some problems. This presentation attempts to explore the integration point of network……

Continue Reading