Androrat - Android Remote Access Tool
Androrat Androrat is an appropriately named remote access tool (or RAT) for Android. In case you're unfamiliar, RATs provide backdoor functionality to an operator, giving access to your system and private data. Androrat recently fell into the spotlight thanks to this Webroot
Microsoft Update Tuesday: July 2013: an issue of TrueType fonts
This month's Update Tuesday looks pretty interesting. As usual, there's quite a few CVEs covered and most of them are once again in IE: there's a total of 7 bulletins, covering 34 CVE issues. However, one CVE is shared between 3 bulletins. MS13-052 covers the .NET fr
Microsoft Update Tuesday, June 2013: mostly about Internet Explorer
Another month brings us another Update Tuesday. This month is pretty light with respect to the updates that Microsoft is releasing. They're releasing a total of 5 bulletins, covering 23 CVEs. First and foremost are the critical updates for Internet Explorer (MS13-047). They
Java Web Start or as it should be called "Sure go ahead and run what you like"
Late last month, Immunity published a blog post concerning a new way to escape the Java security warnings using a novel and simple method, by using the convenient Java Web Start framework. The Immunity team discovered a parameter called __applet_ssv_validated that sets whether yo
Microsoft Update Tuesday: Update for IE8 0-day and More
Today is Update Tuesday and Microsoft is releasing updates for 33 CVEs across 10 bulletins. We'll be discussing some of the highlights here. One of the most important updates (MS13-038) that is being released is for the recent 0-day in Internet Explorer, which was used in a
Changing the IMEI, Provider, Model, and Phone Number in the Android emulator
Pincer I was having a look at the Pincer family of Android malware and came across some code designed to hinder analysis. From the decompilation of com/security/cert/a/a/c.class: String str1 = com.security.cert.b.b.b(paramContext); String str2 = com.security.cert.b.b.c(para
25 years of vulnerabilities: 1988-2012, the report
We here at the VRT are all about backing up opinions with facts, and there are a lot of opinions about the nature of the vulnerability landscape out there. That in mind, we decided recently to study the numbers, and put conventional wisdom to the test. At a high level, the numbe
Life Cycle and Detection of an Exploit Kit
Exploit kits may not be as hot a topic as the recently released Mandiant Report, but they're still an important part of today's threat landscape. As the success of the Cool Exploit Kit lets its author buy vulnerabilities, for example, these kits are not only one of the mo
25 years of vulnerabilities: 1988-2012
While the answers to some of these questions are predictable, others are surprising. We will be presenting the answers to these questions in a talk at RSA Conference San Francisco 2013. If you're attending RSA and are interested in the answers to these questions, please join