Archive | May, 2006

New Password Stealing Trojan Targets WoW Players

Your website & network are Hackable


It really does seem like the Malware/Spyware folks are really into making money nowdays, what with $15 spyware kits and Viruses that place your machine under lockdown until you pay the ransom..

What happened to people just doing stuff for learning, for enhancement of knowledge, deep understanding..not a quick few hundred dollars.

I have to say though targetting WoW users is a pretty smart and unique vector, as quite a lot of money does come from Virtual sources, selling level 60 characters, selling certain items, selling information and so on.

A new password-stealing Trojan targeting players of the popular online game “World of Warcraft” hopes to make money off secondary sales of gamer goods, a security company warned Tuesday.

MicroWorld, an Indian-based anti-virus and security software maker with offices in the U.S., Germany, and Malaysia, said that the PWS.Win32.WOW.x Trojan horse was spreading fast, and attacking World of Warcraft players.

The trojan spreads through the normal VB virus of the week vectors (email, network etc), but specifically targets WoW accounts.

The Trojan spreads via traditional vectors, such as e-mail and peer-to-peer file sharing, added Rammurthy, but it has also been watched while it installs in a drive-by download from gaming sites’ pop-up ads. The surreptitious installation is accomplished by exploiting various vulnerabilities in Microsoft’s Internet Explorer Web browser.

Interesting to see what comes next..

Source: Information Week


Posted in: Malware

Tags: , , , , , , , ,

Posted in: Malware | Add a Comment
Recent in Malware:
- movfuscator – Compile Into ONLY mov Instructions
- MISP – Malware Information Sharing Platform
- PEiD – Detect PE Packers, Cryptors & Compilers

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,488 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,618 views
- US considers banning DRM rootkits – Sony BMG - 44,982 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


The MIT IP Packet Spoofing Project – Can We Spoof IP Packets?

Your website & network are Hackable


Now this is a VERY interesting project, as I’ve always said the majority of DoS attacks and DDoS attacks (90%+) could be stopped if all the ISP’s null routed packets which DO NOT originate from IP blocks they own, e.g. spoofed packets.

Basically the project has been established to see if you can spoof IP packets or not, and what percentage of ISPs already drop the packets.

It seems in general about 20-25% of systems are able to spoof packets.

Packet Pie Charts

The classic design tenets of Internet architecture produced a network capable of remarkable scalability while relegating security to the end hosts. As a result, the public Internet includes no explicit notion of authenticity and will forward packets with forged headers. Malicious users capitalize on the ability to spoof” source IP addresses for anonymity, indirection, targeted attacks and security circumvention. Compromised hosts on networks that permit IP spoofing enable a wide variety of attacks. Despite being first exploited over two-decades ago, IP spoofing is a persistent problem and a continued threat. In addition to mounting spoofed-source bandwidth-based denial-of-service (DoS) attacks, new exploits utilizing IP spoofing surface regularly.

You can read more of the intro to the ANA spoofing project here.

Some may suspect the project and the software involved is somewhat nefarious, but oh well, if you are going to get r00ted by someone, let it be MIT ok? Anyway you can always run it in a sandbox or in a fresh VMware machine.

If you don’t care either way, you can download the spoofer software here.

Please note though, it won’t run under Windows XP SP2, due to the whole raw sockets issue I would imagine.

The majority of systems tested so far have been Windows systems though (64%).

A summary of the results:

Total Completely Failed Spoof Attemps: 1823
Failed as a result of Windows XP SP2: 528
Failed as a result of (non-Windows) Operating System block: 111
Failed as a result of being Behind a NAT: 702

The various types of tests show which restrictions are in place.

Packet Summary Results

A full summary of the results are here.

Digg This Article


Posted in: Network Hacking

Tags: , , , , , , ,

Posted in: Network Hacking | Add a Comment
Recent in Network Hacking:
- CapTipper – Explore Malicious HTTP Traffic
- SubBrute – Subdomain Brute-forcing Tool
- WAFW00F – Fingerprint & Identify Web Application Firewall (WAF) Products

Related Posts:

Most Read in Network Hacking:
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,420,531 views
- Wep0ff – Wireless WEP Key Cracker Tool - 514,319 views
- THC-Hydra – The Fast and Flexible Network Login Hacking Tool - 327,400 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


AV Firms Say Windows Vista Security Claims are Bullsh*t

Find your website's Achilles' Heel


It seems the faith in Microsoft from the security industry is at an all time low, not surprising really with the amount of flaws that have been coming out in both the OS and the crapware forced upon its users like Internet Explorer Exploder.

Anti-virus firms at Infosec say they expect Vista and IE7 to change nothing for the industry. Microsoft used its presence at the show to laud the security features they’ve been busy building in the the upcoming software.

In particular, Microsoft was eager to talk about how Vista will finally jettison the need to run Windows as an administrator most of the time.

Basically what they are saying is, your mom, your gran and anyone else technically unsavvy is still going to be subjected to huge risks, even if they upgrade to Vista. Nothing is going to change in essence.

Eugene Kaspersky, founder of the eponymous Russian AV outfit said he expects the new privilege regime to have little effect. He said: “Of course they [virus writers] will find a way round it. Within a year there will be something like a rootkit for Vista.”

John Kay, Chief Technical Officer at Blackspider reckons on a “bug per line of code”. With the traditionally Heath-Robinsonian construction of MS browsers he’s not hopeful for IE7. He said: “I dread to think how many lines of code there are in there.”

1 bug per line of code? Amazingly bad, but I don’t think it would be quite so terrible. Even so, the people in the know say Windows is the worst hodge podge of spaghetti coding they’ve ever seen. It was pretty much confirmed when the Win2k & NT4 source code leaked out.

Let’s all stick to *nix & Open Source hey, but then that’s not perfect either. At least it’s improving at a rate of knots…I’m just waiting for Firefox to have a decent Bookmark manager ;)

Source: The Register


Posted in: Malware, Windows Hacking

Tags: , , , , , , , ,

Posted in: Malware, Windows Hacking | Add a Comment
Recent in Malware:
- movfuscator – Compile Into ONLY mov Instructions
- MISP – Malware Information Sharing Platform
- PEiD – Detect PE Packers, Cryptors & Compilers

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,488 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,618 views
- US considers banning DRM rootkits – Sony BMG - 44,982 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Homeland Security Uncovers Critical Flaw in X11

Your website & network are Hackable


An open-source security audit program funded by the U.S. Department of Homeland Security has flagged a critical vulnerability in the X Window System (X11) which is used in Unix and Linux systems. A missing parentheses in a bit of code is to blame. The error can grant a user root access, and was discovered using an automated code-scanning tool.

The flaw has been fixed.

It was a change from this:

if (getuid() == 0 || geteuid != 0)

to this:

if (getuid() == 0 || geteuid() != 0)

The best part was the CVS comment:

Fri Mar 10 17:29:51 2006 UTC (7 weeks, 4 days ago) by deraadt:
proper geteuid calls because suse hires people who mistype things

From the article:

Coverity, the San Franciso-based company managing the project under a $1.25 million grant, described the flaw as the “biggest security vulnerability” found in the X Window System code since 2000.

The X Window System, also called X11 or X, provides the toolkit and protocol to build GUIs for Unix and Unix-like operating systems. It is used to provide windowing for bit-map displays.

Source: Yahoo News

Apparently OpenBSD already fixed this during a code-cleanup.


Posted in: Exploits/Vulnerabilities, Linux Hacking

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Linux Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,758 views
- AJAX: Is your application secure enough? - 120,107 views
- eEye Launches 0-Day Exploit Tracker - 85,538 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Medusa Password Cracker Version 1.1 Now Available For Download

Your website & network are Hackable


Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at Foofus.net. It currently has modules for the following services: CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), PcAnywhere, POP3, PostgreSQL, rexec, rlogin, rsh, SMB, SMTP (VRFY), SNMP, SSHv2, SVN, Telnet, VmAuthd, VNC, and a generic wrapper module.

While Medusa was designed to serve the same purpose as THC-Hydra, there are several significant differences. There is a Comparison between Medusa and THC-Hydra Here.

This release adds several new modules, additional OS support, and fixes numerous bugs. A somewhat detailed report is available here:


http://www.foofus.net/jmk/medusa/ChangeLog

You can download Medusa Here:

Medusa 1.1 Download

Author Note:

Medusa was developed on Gentoo Linux and FreeBSD. Some limited testing has been done on other platforms. If people wish to contribute patches to fix portability issues, I’d be happy to accept them. There are probably lots of bugs which have yet to surface. Please let me know if you encounter issues, fix a bug or just find the application useful.

More information on Medusa Here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,978,174 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,420,531 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,997 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Who is Gouki?

Find your website's Achilles' Heel


Well the original Gouki (also known as Akuma) is a character from the Street Fighter game series. I started using this handle approximately 10 years ago, when I was a big fan of the game.

My name is Tiago, and I’m a 20-something geek living in Portugal (all over the place).

I am interested in Information Security and everything related to GNU/Linux. I consider myself a free culture activist and free software supporter. I’m involved in the FSF, the GNU project, I do a lot of tracing and editing on the Open Street Map project and I do all sorts of contributions to the Ubuntu GNU/Linux distribution.

I also use a fair part of my free time working on the Tor Project, where I’m the core translator off all projects under Tor to Portuguese, run several relay nodes and one bridge node. I also keep a server with hidden services up and running for people on the .onion land.

During the day, I maintain my own small business dealing mostly with disaster recovery, teach LPI (I’m LPIC-3 and UCP-1 certified) and CompTia (A+, Network+, Security+ and Linux+ certified) courses and maintain a few Drupal/Wordpress websites for clients. Basically doing what I can to pay the bills.

My posts on Darknet will, obviously, be related to Information Security with special interest on Wireless, Linux kernel and general news.

My homepage is available at http://xroot.org/. Feel free to contact me if I can help you in any way.

Tiago


Posted in: Authors

Tags: , , , , , , , ,

Posted in: Authors | Add a Comment
Recent in Authors:
- Whos is tonyenkiducx? Who the hell are you?
- Who is Haydies? Me my self and quite possibly some one else.
- Who is Darknet?

Related Posts:

Most Read in Authors:
- Who is Haydies? Me my self and quite possibly some one else. - 179,674 views
- Who is Darknet? - 15,779 views
- Who is Navaho Gunleg? - 7,209 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Microsoft Shelves Support for RSA SecurID in Vista

Find your website's Achilles' Heel


Switchback? For the worst? Aww Microsoft would never compromise our security for the sake of convenience or their profit line right?

Microsoft has shelved plans to include native support for RSA’s SecurID tokens in Windows Vista, even though the company has been trialling the technology for almost two years.

In February 2004, Microsoft chairman Bill Gates announced that Windows would be able to support easy integration with RSA Security’s ubiquitous SecurID tokens, which meant that enterprises would find it far easier to deploy a two-factor authentication system for logging on to networks and applications.

However, almost two years after the SecurID beta programme kicked off, the chief executive of RSA Security Art Coviello has revealed that Windows Vista will not natively support the technology.

Yeah, you read it right, Vista will not support SecurID. Shame really it opened up a whole load of new capabilities.

Microsoft had said they would include the ability to support all kinds of One Time Password (OTP) and challenge response type authentication in Vista but they were unable to get it in with all the other issues they have had — so it is going to take longer

Seems like they may retrofit it some time in the future.

Source: Zdnet


Posted in: General News, Windows Hacking

Tags: , , , , , , , , ,

Posted in: General News, Windows Hacking | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,393 views
- eEye Launches 0-Day Exploit Tracker - 85,538 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,843 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Proof of Concept for Internet Explorer Modal Dialog Exploit

Your website & network are Hackable


Pretty interesting and imaginative way to exploit the flaw in IE…yeah I know linked to ActiveX again, all the more reason to use Firefox right?

It just shows that the browser really is a point of entry, this could be useful for a penetration test, another way to show how easy it is to get in via internet explorer, the frequency with which IE exploits have been coming out recently is scarier than normal.

A particular scenario was identified that involved the exploitation of the modal ActiveX prompt delivered by some systems. The user is asked to type a certain string of characters (ala captcha). A prompt will be displayed (hopefully during the time the user is typing the string) to install the Microsoft Surround Video Control.

If you’re still typing the “captcha” when the prompt appears, you’ll install the control. This works as advertised against all systems EXCEPT Windows XP SP2 and Windows Server 2003 SP1. If the software you install hoses your box, just remember that it’s signed by Microsoft. In
other words… don’t look at me.

You can check the PoC here:

Proof of Concept for IE Modal Dialog Issue

It just crashes IE for me, I’m not sure if it’s a null pointer or what, but I’m sure there’s some way to exploit it to take over the machine, it’s a another vulnerability, which usually can be mashed together with a couple of others to get complete control.

By Matthew Murphy spotted on Vulnwatch


Posted in: Exploits/Vulnerabilities, Windows Hacking

Tags: , , , , , ,

Posted in: Exploits/Vulnerabilities, Windows Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,758 views
- AJAX: Is your application secure enough? - 120,107 views
- eEye Launches 0-Day Exploit Tracker - 85,538 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95