Archive | November, 2007

Doubleclick Involved in Malware Distribution

Find your website's Achilles' Heel


We recently reported on thousands of people being hooked by big sites distributing malware, it now seems Doubleclick was the one at fault.

It’s a pretty neat trick and a good spin on Social Engineering leveraging on the trustworthy nature of the sites.

CNN even?

Rogue anti-spyware software that pushes fraudulent PC scans has found its way onto DoubleClick and legitimate sites, including CNN, The Economist, The Huffington Post and the official site of the Philadelphia Phillies.

DoubleClick officials told eWEEK that they have recently implemented a security monitoring system to catch and disable a new strain of malware that has spread over the past several months. This system has already captured and disabled about 100 ads, the company said in a statement, although it didn’t mention this episode in particular.

The bogus anti-spyware onslaught is only part of a bigger wave that’s also included porno ads being swapped for normal ads on sites such as The Wall Street Journal. It’s not yet clear whether the same fraudsters are behind both the porn and the fraudulent anti-spyware ads.

I really hope they do put some serious measure in place that don’t just use a signature for this particular case…something a little more intelligent I hope.

Sunbelt Software has confirmed that Trojans were being downloaded from ads served by DoubleClick as recently as Nov. 11. This malware is the kind that repeatedly pops bogus warning messages about computer infections in users’ faces until they give up in despair and pay $30 to $40 for a junk “security” program.

“The stuff that’s installed is this rogue anti-spyware software that … gives you fake alerts, [such as] ‘Your computer is infected, you must run this.’ Basically it’s extortion. … They try to push you to buy their software,” Sunbelt President Alex Eckelberry told eWEEK.

The malware application is a variant on WinFixer, a piece of malware that pretends to be a diagnostic tool.

I hope we can educate people about these kind of things, sad to say as some of the comments mentioned in the previous post…a lot of people will fall for this – why? Simply because they don’t know any better.

Source: eWeek


Posted in: Malware, Social Engineering

Tags: , , , , , ,

Posted in: Malware, Social Engineering | Add a Comment
Recent in Malware:
- CuckooDroid – Automated Android Malware Analysis
- Android Malware Giving Phones a Hummer
- Cuckoo Sandbox – Automated Malware Analysis System

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,547 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,665 views
- US considers banning DRM rootkits – Sony BMG - 44,998 views

Get protected with Sucuri


Inguma 0.0.5 Released for Download – Penetration Testing Toolkit

Your website & network are Hackable


Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.

We did mention it back in August when it first hit the streets.

With new QT interface:

Inguma Interface

If you haven’t used it for a while there’s a WHOLE lot of new stuff, it was pretty basic when we first mentioned it but it’s fairly comprehensive now with the addition of a disassembler, a fuzzer, a bunch of libraries, exploits and brute-forcers.

Most of the bugs have been fixed so it’s pretty stable.

You can download Inguma 0.0.5 here:

inguma-0.0.5.1.tar.gz

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools, Password Cracking

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Password Cracking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Massive Yahoo Hack – 500 Million Accounts Compromised
- Tesla Hack – Remote Access Whilst Parked or Driving
- PunkSPIDER – A Web Vulnerability Search Engine

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,899 views
- AJAX: Is your application secure enough? - 120,272 views
- eEye Launches 0-Day Exploit Tracker - 85,746 views

Get protected with Sucuri


‘Security Consultant’ Caught for Running Large Bot Network

Your website & network are Hackable


Apparently he stopped his naughty activities back in 2006, but still…a guy that is supposed to securing machines was installing malware and had a bot totaling about a quarter of a million zombies.

Most used for info gathering, Paypal accounts and installing Malware for comission, he claims to have made $19,000 in a week installing TopConverting (read more).

A Los Angeles security professional has admitted to infecting more than a quarter million computers with malicious software and installing spyware that was used to steal personal data and serve victims with online advertisements.

John Kenneth Schiefer, 26, variously known online as “acid” and “acidstorm,” agreed to plead guilty to at least four felony charges of fraud and wiretapping, charges punishable by $1.75 million in fines and nearly 60 years in prison.

Investigators say Schiefer and two minors — identified in the complaint only by their online screen names “pr1me” and “dynamic” — broke into about 250,000 PCs. On at least 137,000 of those infected systems, Schiefer and his cohorts installed programs that allowed them to control the machines remotely.

That’s a pretty reasonable sized network, enough to rent out for some serious DDoS attacks, and certainly enough Paypal accounts to earn some good money.

Schiefer said he and his friends spread the bot programs mainly over AOL Instant Messenger (AIM). By using malicious “spreader” programs such as Niteaim and AIM Exploiter, Schiefer and his co-conspirators spammed out messages inviting recipients to click on a link. Anyone who took the bait had a “Trojan horse” program downloaded to their machine, an invader that then tried to fetch the malicious bot program.

Schiefer admits he and friends used several hjacked PayPal accounts to purchase Web hosting that helped facilitate the spreading of their bot programs.

Pretty lame, but most of the infections were done with pre-built AIM tools. This is ultimate script kiddy stuff, but hey I guess it works right.

Source: Washington Post


Posted in: Legal Issues, Malware

Tags: , , , , , , , , ,

Posted in: Legal Issues, Malware | Add a Comment
Recent in Legal Issues:
- Two Israeli Men Arrested For Running VDoS-s.com DDoS Service
- Criminal Rings Hijacking Unused IPv4 Address Spaces
- The Panama Papers Leak – What You Need To Know

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,725 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,665 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,635 views

Get protected with Sucuri


WifiZoo v1.2 – Gather Wifi Information Passively

Find your website's Achilles' Heel


WifiZoo is a tool to gather wifi information passively. Similar to dsniff but for wireless work, the author wanted to do something wifi-related somewhat helpful in wifi pentesting. Something of an extension of Ferret from Errata.

It’s essentially a tool to get information from open wifi networks without joining any network, and covering all wifi channels. Most of the packet parsing is done by Scapy.

WifiZoo does the following:

  • Gathers bssid->ssid information from beacons and probe responses
  • Gathers list of unique SSIDS found on probe requests
  • Gathers the list and graphs which SSIDS are being probed from what sources
  • Gathers bssid->clients information and outputs it in a file
  • Gathers ‘useful’ information from unencrypted wifi traffic (like passwords/credentials etc)

Requirements

  • Python
  • Scapy
  • Kismet (if you want to do channel hopping)
  • Logs are stored in ./logs/ (so make the directory)

You can download WifiZoo here:

wifizoo_v1.2.tgz

Or you can read more here.


Posted in: Hacking Tools, Network Hacking, Wireless Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Wireless Hacking | Add a Comment
Recent in Hacking Tools:
- OWASP OWTF – Offensive Web Testing Framework
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,992,413 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,478,498 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 687,200 views

Get protected with Sucuri


Skavenger – Source Code Auditing Tool!

Find your website's Achilles' Heel


Skavenger? Yes, because scavenger is already used?!?

What is skavenger? Skavenger is a source code auditing tool, firstly though for php, but also used for any kind of source code file; as long as you know what to look for…

Yes I thought is as a replacement tool for egrep/sed under Windows! because not everybody installs cygwin (for example) under there windows boxes to perform source code auditing. I’ve seen people who most of the time used notepad to audit source code!

And more…
Skavenger is more than a replacement for egrep/sed because it has the ability to parse conforming to a regular expression or a series of regular expressions more than one file; even a directory; and prints out line number… isn’t that sup4 l33t?


Anyway… for download and more info check out http://code.google.com/p/skavenger/, because you can have a lot of fun with it; did I mention it was a console application?

P.S. You need php in order to use this script. Default values in regex.def check for primordial sql injection and XSS….

Happy auditing!


Posted in: Programming, Web Hacking

Tags: , , , , , , , , , , , , ,

Posted in: Programming, Web Hacking | Add a Comment
Recent in Programming:
- shadow – Firefox Heap Exploitation Tool (jemalloc)
- movfuscator – Compile Into ONLY mov Instructions
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode

Related Posts:

Most Read in Programming:
- FLARE – Flash Decompiler to Extract ActionScript - 67,267 views
- Modern Exploits – Do You Still Need To Learn Assembly Language (ASM) - 28,192 views
- 4f: The File Format Fuzzing Framework - 23,878 views

Get protected with Sucuri


Graphics Cards – The Next Big Thing for Password Cracking?

Your website & network are Hackable


Interesting research from Elcomsoft, using the parallel processing capacity of graphics cards to speed up the password cracking process.

Pretty inventive thinking, as graphics cards get more and more powerful, and they are created to do massive parallel tasks for all the latest and greatest games, why not apply it to password cracking!

A technique for cracking computer passwords using inexpensive off-the-shelf computer graphics hardware is causing a stir in the computer security community.

Elcomsoft, a software company based in Moscow, Russia, has filed a US patent for the technique. It takes advantage of the “massively parallel processing” capabilities of a graphics processing unit (GPU) – the processor normally used to produce realistic graphics for video games.

Using an $800 graphics card from nVidia called the GeForce 8800 Ultra, Elcomsoft increased the speed of its password cracking by a factor of 25, according to the company’s CEO, Vladimir Katalov.

A top end graphics cards makes your cracking 25 times faster, now that’s a pretty impressive increase if you ask me. Worth investing for regular pen-testers who do a lot of cracking to test password strength.

The toughest passwords, including those used to log in to a Windows Vista computer, would normally take months of continuous computer processing time to crack using a computer’s central processing unit (CPU). By harnessing a $150 GPU – less powerful than the nVidia 8800 card – Elcomsoft says they can cracked in just three to five days. Less complex passwords can be retrieved in minutes, rather than hours or days.

Elcomsoft says it took three months to develop code to take advantage of a GPU, and the company plans to introduce the feature into some of its password cracking products over time.

I’ll be watching where this goes and will be interested to see if any open source tools come out capitalise on the GPU capability.

Source: New Scientist


Posted in: Hardware Hacking, Password Cracking

Tags: , , , , , , ,

Posted in: Hardware Hacking, Password Cracking | Add a Comment
Recent in Hardware Hacking:
- In 2016 Your Wireless Keyboard Security Still SUCKS – KeySniffer
- Intel Hidden Management Engine – x86 Security Risk?
- Fitbit Vulnerability Means Your Tracker Could Spread Malware

Related Posts:

Most Read in Hardware Hacking:
- Elevator/Lift Hacking !!!!! - 79,507 views
- Military Communications Hacking – Script Kiddy Style - 49,832 views
- Hackers Crack London Tube Oyster Card - 45,240 views

Get protected with Sucuri


untidy – XML Fuzzer

Your website & network are Hackable


Seen as though untidy was mentioned again fairly recent, it sparked my memory that I have a fairly old draft regarding untidy the XML Fuzzer.

Fuzzing is definitely becoming an important part of Pen Testing and especially application security – we’ve published about quite a few and I’m sure there are more in development.

Anyway, back to topic.

I’m glad to release the second beta version of untidy; untidy is general purpose XML Fuzzer. It takes a string representation of a XML as input and generates a set of modified, potentially invalid, XMLs based on the input. It’s released under GPL v2 and written in python.

It’s currently in it’s second release (Beta 2).

There are no prerequisites for running untidy, you will have to change it slightly though as it will output a LOT of XML to the screen, you’ll need to find the “print i” and change it to something more appropriate (sending to the server you want to test or outputing to a file with a newline for each iteration).

You can download untidy here:

untidy-beta2.tgz

Or read more here.


Posted in: Hacking Tools, Programming, Web Hacking

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Programming, Web Hacking | Add a Comment
Recent in Hacking Tools:
- OWASP OWTF – Offensive Web Testing Framework
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,992,413 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,478,498 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 687,200 views

Get protected with Sucuri


October Commenter of the Month Competition Winner!

Your website & network are Hackable


Competition time again!

We unfortunately lost quite a few comments due to the server crash in early October, but activity after that was pretty good with some excellent quality comments.

As you know we started the Darknet Commenter of the Month Competition on June 1st and it ran for the whole of June and July. We have just finished the fifth month of the competition in October and are now in the sixth, starting starting a few days ago on November 1st – Sponsored by GFI.

We are offering some pretty cool prizes like iPods and PSPs, along with cool GFI merchandise like shirts, keyrings and mugs.

And now the winner will also get a copy of the Ethical Hacker Kit.

GFI Goodies

Keep up the great comments and high quality interaction, we really enjoy reading your discussions and feedback.

Just to remind you of the added perks, by being one of the top 5 commenter’s you also have your name and chosen link displayed on the sidebar of every page of Darknet, with a high PR5 (close to 6) on most pages (4000+ spidered by Google).

So announcing the winner for October…it’s dre! dre left us with some excellent insight, links and really high quality comments.

Sandeep Nain actually had the most comments, but he can’t win again until next year.

Commenter October

Thanks to everyone else who commented and thanks for your links and mentions around the blogosphere!

Feel free to share Darknet with everyone you know :)

Keep commenting guys, and stand to win a prize for the month of November.

We are still waiting for pictures from backbone, Sandeep and TRDQ of themselves with their prizes!

Winner of the month for June was Daniel with 35 comments.
Winner of the month for July was backbone with 46 comments.
Winner of the month for August was TheRealDonQuixote with 53 comments.
Winner of the month for September was Sandeep Nain with 32 comments.


Posted in: Site News

Tags: , , , , , , , , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights
- Yes – We Now Have A Facebook Page – So Please Like It!

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,620 views
- Get the ball rollin’ - 19,007 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,274 views

Get protected with Sucuri


Thousands Hooked by Malware from Big Sites

Your website & network are Hackable


If I recall this is not the first time this has happened, delivering viral payloads via banner ads and flaws in scripting.

It seems that malware peddlers are getting more aggressive though, it obviously shows there is actual monetary value in infecting people and stealing their data.

A subtle form of social engineering too, by leveraging on the trust a user gives to a big name site, they also pass that trust on to the banner ads displayed on that site.

Thousands of PC users have been duped into surrendering sensitive information and installing malicious software after falling victim to a complex scam that continues to plague well-known websites, a researcher warns.

The scam is the latest to piggyback on banner ads that are fed to high-traffic destinations. Malicious code hardwired into the ads prompts a pop-up that warns of a bogus security threat on the visitor’s machine. It offers to fix the problem in exchange for a fee and for credit card information. The ad then attempts to install a back door on the victim’s machine.

There are thousands of sites with these malware infested banner ads running, so be careful. It seem you’re no longer safe even if you stay away from the seedier parts of the web.

I’d guess though the vast majority of readers here wouldn’t be stupid enough to download a prompted ‘security’ fix which randomly appeared.

Jackson estimates the rogue ads have appeared on anywhere from “several hundred to 1,000” sites, which tend to be related to television and entertainment. Based on unique signatures of the javascript used in the attack, which researchers have seen passing over the net, he estimates thousands of people have fallen for the ruse.

Jackson has managed to shut down at least two servers serving the bad ads, but warns at least two more are still operational. He declined to identify the servers or the websites by name.

I hope they manage to shut down the rest and save all the witless morons surfing the web from more infestations and information leakage.

Source: The Register


Posted in: Malware, Social Engineering

Tags: , , , , , ,

Posted in: Malware, Social Engineering | Add a Comment
Recent in Malware:
- CuckooDroid – Automated Android Malware Analysis
- Android Malware Giving Phones a Hummer
- Cuckoo Sandbox – Automated Malware Analysis System

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,547 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,665 views
- US considers banning DRM rootkits – Sony BMG - 44,998 views

Get protected with Sucuri


WSBang – Python Based SOAP Services Testing Tool

Your website & network are Hackable


WSBang is designed to be a lightweight, open source fuzzer for web services. It takes as input the URL or file system location of a WSDL for the web service to be tested. Upon completion, a simple HTML view of the test results will be displayed.

Method parameters are fuzzed based on their type as specified by the WSDL. The data used for each type can be specified in the “DataDef.xml” file supplied. In addition, default arguments for parameters can be specified in the same file in the Argument definitions.

  • Takes URL of WSDL as input
  • Fuzzes all methods and parameters in the service
  • Identifies all methods and parameters, including complex parameters
  • Fuzzes parameters based on type specified in WSDL
  • Reports SOAP responses and faults

Prerequisites:
SOAPpy version 0.11.6.

Use:
WSBang.py [URL of WSDL]

Files included:
WSBang.py – The main execution code for WSBang.
Fuzzer.py – Classes that support WS analysis and the fuzz engine.
DataProvider.py – Classes that provide fuzz data and default arguments.

You can download WSBang here:

WSBang.zip
WSBang.tar.gz

Or you can read more here.


Posted in: Hacking Tools, Programming, Web Hacking

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Programming, Web Hacking | Add a Comment
Recent in Hacking Tools:
- OWASP OWTF – Offensive Web Testing Framework
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,992,413 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,478,498 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 687,200 views

Get protected with Sucuri