Archive | April, 2007

Recent in Programming:
- shadow – Firefox Heap Exploitation Tool (jemalloc)
- movfuscator – Compile Into ONLY mov Instructions
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode

Related Posts:

Most Read in Programming:
- FLARE – Flash Decompiler to Extract ActionScript - 67,250 views
- Modern Exploits – Do You Still Need To Learn Assembly Language (ASM) - 28,158 views
- 4f: The File Format Fuzzing Framework - 23,878 views

Get protected with Sucuri


Bot Infections Surges to 1.2 Million

Find your website's Achilles' Heel


I have noticed an increase in Spam activity lately, especially in Spam blog comments there has been a noticeable surge in the frequency and number.

That’s why we’ve implemented stricter measures against spammers on Darknet and our other sites.

It seems there has been a big raise in the number of bot infected systems, so it’s suggested you ramp up your anti-spam filters and get ready for the onslaught.

The number of compromised computers that are part of a centrally controlled bot net has tripled in the past two weeks, according to data gathered by the Shadowserver Foundation, a bot-net takedown group.

The weekly tally of bot-infected PCs tracked by the group rose to nearly 1.2 million this week, up from less than 400,000 infected machines two weeks ago. The surge reversed a sudden drop in infected systems–from 500,000 to less than 400,000–last December.

A pretty big change in the numbers.

The threat to Internet users from bot nets has steadily increased over the past few years. Increasingly, computer systems in China have become infected with bot software and used to attack or spam other targets, according to the latest Internet Security Threat Report published by Symantec, the owner of SecurityFocus. Spammers have taken a shine to bot nets as a way to reliably send stock-touting e-mail campaigns and other mass mailings of junk advertisements. Worms are rapidly being replaced by Trojan horse programs, such as the misnamed Storm Worm, that use a bot net to spam out more copies of the malicious code.

As far as I know the stats are collected by Shadowserver, the guys who are battling the botnets.

Wonder how many of these hosts are Linux based machines, I guess not many.

Source: Security Focus


Posted in: Malware, Spammers & Scammers

Tags: , , , , , , , , ,

Posted in: Malware, Spammers & Scammers | Add a Comment
Recent in Malware:
- CuckooDroid – Automated Android Malware Analysis
- Android Malware Giving Phones a Hummer
- Cuckoo Sandbox – Automated Malware Analysis System

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,547 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,661 views
- US considers banning DRM rootkits – Sony BMG - 44,998 views

Get protected with Sucuri


SSA 1.5.1 Released – Security System Analyzer an OVAL Based Scanner

Find your website's Achilles' Heel


A new version of SSA (Security System Analyzer) has been released – version 1.5.1.

SSA is a scanner based on OVAL, the command line tool provided by MITRE is not very easy to use so the guys at Security Database decided to write a GUI to make it simple to use and understand and then free the security testers community to take advantage of it.

+Based on OVAL 5.2 build 11 (bugs fixed)
– Corrected bug in EntityComparator::ParseVersionStr(). Added error checking to the function to enusre that the input version strings are in a valid format.
-Removed VC7 project from source distributions.

Now SSA relies on CPE (common Platform Enumeration) names to display inventories.

+ SSA now supports VISTA definitions.

+ Added Menu Help
-PDF documentation : link to SSA PDF doc.
-OVAL Concept documentation : link to OVAL FAQS.
-CPE Concept documentation : link to CPE docs.
-[New Security-Database Feature]: Submit a bug about SSA
-Security-Database Vulnerability Search : Search information into our cross linked Vulnerability database

+ Fixed bugs into scan() function
-Handle exception: Error while parsed corrupted XML File
-Handle exception: Error while using unsupported schema

+ Fixed a latency in function “stop/reload”

+ Fixed the PATH bug. Now SSA can be installed in any directory.

You can download the latest version here:

SSA 1.5.1


Posted in: Exploits/Vulnerabilities, Security Software

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Security Software | Add a Comment
Recent in Exploits/Vulnerabilities:
- PunkSPIDER – A Web Vulnerability Search Engine
- Dropbox Hacked – 68 Million User Accounts Compromised
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,826 views
- AJAX: Is your application secure enough? - 120,268 views
- eEye Launches 0-Day Exploit Tracker - 85,738 views

Get protected with Sucuri


Social Engineering Gets a Big Jewel Heist

Find your website's Achilles' Heel


It just goes to show, sometimes the simple things are the most effective. A box of chocolates can defeat all the most hi-tech security systems if you add a little charm.

21 million Euros of diamonds, that’s one hell of a catch.

A thief has evaded one of the world’s most expensive hi-tech security systems, and made off with €21m (£14.5m) worth of diamonds – thanks to a secret weapon rarely used on bank staff: personal charm.

In what may be the biggest robbery committed by one person, the conman burgled safety deposit boxes at an ABN Amro bank in Antwerp’s diamond quarter, stealing gems weighing 120,000 carats. Posing as a successful businessman, the thief visited the bank frequently, befriending staff and gradually winning their confidence. He even brought them chocolates, according to one diamond industry official.

Sounds like a long term operation, very slickly done indeed!

Mr Claes said of the thief: “He used no violence. He used one weapon -and that is his charm – to gain confidence. He bought chocolates for the personnel, he was a nice guy, he charmed them, got the original of keys to make copies and got information on where the diamonds were.

“You can have all the safety and security you want, but if someone uses their charm to mislead people it won’t help.”

My dear friend, education is the key..not more locks and bolts.

Source: Independent UK


Posted in: Social Engineering

Tags: , , , ,

Posted in: Social Engineering | Add a Comment
Recent in Social Engineering:
- Phishing Frenzy – E-mail Phishing Framework
- FSFlow – A Social Engineering Call Flow Application
- Source Code Hosting Service Code Spaces Deleted By Hacker

Related Posts:

Most Read in Social Engineering:
- How to get Ops and takeover a channel on IRC Hack Hacking - 180,817 views
- Domain Stealing or How to Hijack a Domain - 45,331 views
- Michael Jackon Spam/Malware – RIP The King Of Pop - 25,562 views

Get protected with Sucuri


Techm4sters Releases ProTech Security Distribution

Your website & network are Hackable


Techm4sters e-mailed us recently to let us know about their new security distro called ProTech, we haven’t had time to download it and test it yet but it certainly looks promising.

– What is PROTECH? Protech is a very light live security distribution based on Ubuntu Linux.

– Is this like Nubuntu? It is similar, yes! But we wanted something friendlier to the end-user and so we tried a different approach and tested new tools. You’ll see that there are many differences amongst them. Many ideas have been taken from NUbuntu as well as other security distributions to try to make the most complete, reliable and easiest tool for your use. I hope you can appreciate our work.

If you have chance to check it out, do let us know what it’s like and if it’s comparable to BackTrack 2.0, which was released fairly recently.

Protech is based on the latest Ubuntu feisty, it is an beta, the final version should be released later in April or in May.

ProTech is currently using Fluxbox for the GUI because of its light weight. It has a large collection of security software installed and can work both as a LiveCD or a hard disk installation.

There some good info on Getting Started here.

And you can download the latest release of ProTech here:

Protech-x86-beta.iso


Posted in: Hacking Tools, Linux Hacking

Tags: , , , , ,

Posted in: Hacking Tools, Linux Hacking | Add a Comment
Recent in Hacking Tools:
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework
- DET – Data Exfiltration Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,991,952 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,476,690 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 686,955 views

Get protected with Sucuri


LLTD – Link Layer Topology Discovery Protocol

Your website & network are Hackable


Gomor released a LLTD (Link Layer Topology Discovery Protocol) implementation written in Perl (using Net::Frame framework).

You may use this two modules to write fuzzers, or anything.

You can find the modules here:

Net Frame LLTD


Posted in: Hacking Tools, Network Hacking, Programming

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Programming | Add a Comment
Recent in Hacking Tools:
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework
- DET – Data Exfiltration Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,991,952 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,476,690 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 686,955 views

Get protected with Sucuri


Google’s Blogger Platform Used to Aid Phishing Attacks

Your website & network are Hackable


I’ve known for a while you can buy software for spamming and MFA (Made for Adsense) site generation for a few hundred USD which utilises Google’s Blogger platform (blogspot.com sites).

You will have seen all the splogs as they are called (spam blogs) hosted on Blogger, a lot of them scrape Darknet articles and repost them there with a hope of getting a few hits and some Adsense clicks.

That’s why we limit RSS feeds to only a few hundred characters, so they can’t syndicate our whole content. Anyway that’s beside the point, the point is now people are using Blogger sites for phishing aswell.

Surfing Google’s Blogger Web site is dangerous, warns Fortinet. Several of the blogs on the site have been taken over by miscreants and redirect to phishing Web sites or try to load malicious software onto PCs, the security firm said in an alert Wednesday.

In one example a Blogger blog redirects to what appears to be an online pharmacy, but is in fact a site hosted in China that’s part of a scam to trick people into giving up personal details and financial information, Fortinet said.

In another example, a blog site that appears to belong to a Honda CR450 enthusiast actually tries to install a Trojan horse, Fortinet said. The blog likely was hacked, Fortinet said.

Launching some malware from over there too, seems like people are getting more into online fraud as more and more less savvy users join the Internet masses and are easily conned out of their bank details or Paypal accounts or similar.

“These are not legitimate blogs that were compromised. They appear to be deliberately set up to promote phishing, which is against our terms of service,” a Google representative said in an e-mailed statement. “We are investigating, and blogs found to include malicious code or promote phishing will be deleted.”

Safe surfing tools such as Exploit Prevention Labs’ LinkScanner and McAfee’s SiteAdvisor could help protect against such malicious sites. Additionally, staying up-to-date on security patches, as well as turning off scripting in a Web browser and using common sense and caution help people to stay safe when traversing the Web.

Most of them are made for the purpose of conning people, I guess Google should be pretty strict with these and make sure they are closed down fast.

Source: Cnet


Posted in: Phishing, Spammers & Scammers

Tags: , , , , , , , ,

Posted in: Phishing, Spammers & Scammers | Add a Comment
Recent in Phishing:
- Phishing Frenzy – E-mail Phishing Framework
- Gophish – Open-Source Phishing Framework
- sptoolkit Rebirth – Simple Phishing Toolkit

Related Posts:

Most Read in Phishing:
- Twitter DM Phishing Scam - 28,969 views
- yahoo password grabber - 19,161 views
- Digital Underground Offering Cheap Botnets For Hire - 15,538 views

Get protected with Sucuri


IE 7 Flaw Could Help Phishers – Error Message Processing

Find your website's Achilles' Heel


Ah another way for phishers and people wanting to steal login credentials to con IE7 users.

Yet another reason to use Firefox or Opera?

Not saying these browsers are perfect…but look at the amount of problems Internet Exploder Explorer has had.

The flaw lies in the way IE7 processes a locally stored HTML error message page that is typically shown when the user cancels the loading of a Web page, said Aviv Raff, a security researcher based in Israel.

The error message tells the user that “navigation to the Web page was canceled,” and offers the user the opportunity to “refresh the page.” If the refresh link is clicked, IE can be tricked into displaying the wrong Web address for a page. Raff has published proof of concept code that shows how IE can be made to display a Web page on his Web site as if it is from the cnn.com domain.

I’m not sure if any phishers would go to this length to try and con people into visiting their sites, but with some of the creative things they’ve been coming up with lately, it wouldn’t surprise me!

This flaw could be exploited by phishers who want to make their spoofed Web sites appear legitimate, Raff said.

“I can inject a script that will display anything I want in the page when the user clicks the ‘refresh’ link,” he said via instant message. “Combining this with the design flaw, an attacker can render in the browser whatever he wants with whatever URL he wants in the address bar.”

This type of bug is known as a cross-site scripting vulnerability. It affects IE 7 on Vista and Windows XP, Raff added.

Vista is vulnerable too, so be careful. And don’t use IE!

Yes this article was originally published about a month ago, we know that….thanks.

Source: Network World


Posted in: Exploits/Vulnerabilities, Phishing, Windows Hacking

Tags: , , , , , , ,

Posted in: Exploits/Vulnerabilities, Phishing, Windows Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- PunkSPIDER – A Web Vulnerability Search Engine
- Dropbox Hacked – 68 Million User Accounts Compromised
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,826 views
- AJAX: Is your application secure enough? - 120,268 views
- eEye Launches 0-Day Exploit Tracker - 85,738 views

Get protected with Sucuri


Damn Vulnerable Linux – DVL – IT-Security Attack and Defense

Your website & network are Hackable


Damn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti-Security and Attack & Defense. It was initiated for training tasks during university lessons by the IITAC (International Institute for Training, Assessment, and Certification) and S²e – Secure Software Engineering in cooperation with the French Reverse Engineering Team.

Damn Vulnerable Linux

Damn Vulnerable Linux (DVL) is provided without any fee or charge!

Actually, it is a perverted Linux distribution made to be as insecure as possible. It is collection of IT-Security and IT-Anti-Security tools. Additional it includes a fullscaled lesson based environment for Attack & Defense on/for IT systems for self-study or teaching activities during university lectures.

It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. As well it can be run within virtual machine environments, such as qemu or vmware. There is no need to install a virtual machine if you use the embedded option. Its sole purpose in life is to put as many security tools at your disposal with as much training options as it can.

It contains a huge amount of lessons including lesson description – and solutions if the level has been solved.

Damn Vulnerable Linux (DVL) is meant to be used by both novice and professional security personnel but is not ideal for the Linux uninitiated. Damn Vulnerable Linux (DVL) assumes you know the basics of Linux as most of your work will be done from the command line. If you are completely new to Linux, it’s best you stop playing with this system.

You can find more at the DVL website:

http://www.damnvulnerablelinux.org.

You can download it here:

Damn Vulnerable Linux

Damn Vulnerable Linux (DVL) is for educational purposes only!


Posted in: Hacking Tools, Linux Hacking

Tags: , , , , , ,

Posted in: Hacking Tools, Linux Hacking | Add a Comment
Recent in Hacking Tools:
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework
- DET – Data Exfiltration Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,991,952 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,476,690 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 686,955 views

Get protected with Sucuri


Microsoft Loves you to Pirate Their Software

Your website & network are Hackable


I’ve heard this ‘rumour’ plenty of times, I always suspected it was true and Adobe have said similar things about their software.

If you are going to pirate, Microsoft wants you to pirate their software as when you go legit you are already locked in to their proprietary system.

All the more grounds for OSS if you ask me.

A senior Microsoft exec has admitted that some software piracy actually ends up benefiting the technology giant because it leads to purchases of other software packages.

In this way, some software pirates who might otherwise never try Microsoft products become paying customers, according to Microsoft business group president Jeff Raikes.

“If they’re going to pirate somebody, we want it to be us rather than somebody else,” Raikes told delegates at last week’s Morgan Stanley Technology conference in San Francisco, Information Week reports.

A pay as you go model for lower income countries? Sounds interesting.

Rather than saying that piracy isn’t a problem per-se, Raikes reckons that between 20 and 25 per cent of US software is pirated, he argues pragmatically that it can have benefits over the long-run. “We understand that in the long run the fundamental asset is the installed base of people who are using our products,” Raikes said. “What you hope to do over time is convert them to licensing the software,” he said.

Although Microsoft has no intentions of scaling down (much less abandoning) its effort to chase software counterfeiters, Raikes argues that it’s against its interests to push illegitimate users so hard that they wind up using alternative products. “You want to push towards getting legal licensing, but you don’t want to push so hard that you lose the asset that’s most fundamental in the business,” Raikes said, adding that Microsoft is developing “pay-as-you-go” software pricing models in a bid to encourage low-income people in emerging countries to use its technology.

So basically go ahead, pirate MS. Not so say we support Piracy as we don’t we support Open Source and the freedom to modify and control your own software infrastructure (especially useful when it comes to security).

Security through obscurity and patches with a 1 month lead time is never good.

Come let’s pirate Ubuntu instead.

Source: The Register


Posted in: General News

Tags: , , , , ,

Posted in: General News | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,442 views
- eEye Launches 0-Day Exploit Tracker - 85,738 views
- Seattle Computer Security Expert Turns Tables On The Police - 44,372 views

Get protected with Sucuri