Archive | June, 2008

China Home to at Least HALF of Malicious Web Sites

Find your website's Achilles' Heel


It looks like China is becoming a hotbed for malware and malicious websites (those sites that push malware infections via browser exploits).

They often used to be found in Korea and Taiwan and parts of Eastern Europe. According to the latest data more than half of the sites are now located in China.

More than half of the Web sites foisting malicious software on visitors are located at networks in China, according to data released today.

Stopbadware.org, a joint project between researchers at Harvard, Oxford and Google, found that 52 percent of the more than 200,000 infected sites the group analyzed in late May were hosted at Chinese networks. In contrast, U.S.-based networks accounted for 21 percent of the bad sites, Stopbadware found.

The sites examined in the study were all reported as malicious by Google, which interestingly enough ranked as the 6th largest source of malicious Web sites in this report, with 4,261 malware sites. Most of those appear to be the result of scammers and virus writers devising ways to automate the creation of sites at Google-owned Blogger.com.

It’s somewhat ironic that it’s Google that labels malware sites…but a Google owned property is in the top 10 for malicious web sites!

With Blogger.com coming in as the 6th largest source of malware…I really think it’s something Google needs to take a serious look at.

The numbers from just one month prior paint a much harsher picture for Google. Stopbadware never published these figures, but a source involved in the group’s effort shared data with Security Fix showing Google and Blogger as the 4th largest source of malicious sites, with more than 10,000 such domains. See the comparison charts by clicking on the graphic to the left.

Max Weinstein, project manager for Stopbadware, said the group plans to begin releasing stats on a monthly basis. Weinstein said he believes the spike in malicious domains at Google properties was due to the company’s recent aggressiveness in scanning its own sites for malware.

“When that first happened, Google’s numbers shot way up,” Weinstein said.

Hmm interesting indeed, we’ll have to watch and see what Google is going to do about this, they really need to control it. Especially with many of the new botnet infectors leveraging on Blogger.com sites.

Source: Washington Post


Posted in: Exploits/Vulnerabilities, Malware, Web Hacking

Tags: , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Malware, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Mirai DDoS Malware Source Code Leaked
- mimikittenz – Extract Plain-Text Passwords From Memory
- Massive Yahoo Hack – 500 Million Accounts Compromised

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 236,476 views
- AJAX: Is your application secure enough? - 120,368 views
- eEye Launches 0-Day Exploit Tracker - 85,862 views


Bsqlbf V2 – Blind SQL Injection Brute Forcer Tool

Find your website's Achilles' Heel


There are quite a lot of SQL Injection Tools available and now there is one more to add to the stable for testing – Bsqlbf V2, which is a Blind SQL Injection Brute Forcer.

The original tool (bsqlbfv1.2-th.pl) was intended to exploit blind sql injection against a mysql backend database, this new version supports blind sql injection against the following databases:

  • MS-SQL
  • MY-SQL
  • PostgreSQL
  • Oracle

It supports injection in string and integer fields. The feature which separates this tool from all other sql injection tools is that it supports custom SQL queries to be supplied with the -sql switch.

It supports 2 modes of attack:

  1. Type 0: Blind SQL Injection based on True And Flase response
  2. Type 1: Blind SQL Injection based on True And Error Response(details)

You can download Bsqlbf V2 here:

bsqlbf-v2.1.zip

Or read more here.


Posted in: Database Hacking, Hacking Tools, Web Hacking

Tags: , , , , , , , , , , , , , ,

Posted in: Database Hacking, Hacking Tools, Web Hacking | Add a Comment
Recent in Database Hacking:
- Securing MySQL Installation on Ubuntu 16.04 LTS
- BBQSQL – Blind SQL Injection Framework
- DBPwAudit – Database Password Auditing Tool

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 77,681 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,609 views
- SQLBrute – SQL Injection Brute Force Tool - 41,816 views


Hackers Crack London Tube Oyster Card

Your website & network are Hackable


It just goes to show, having an aluminium lined wallet could really be useful! Hackers in the Netherlands found they could clone an access card using the Mifare chip, after that they traveled to London to try their technique out on the Oyster card (used on the London Underground), which uses the same chip.

It just goes to show…implementation of these cards really isn’t good yet.

Dutch security researchers rode the London Underground free for a day after easily using an ordinary laptop to clone the “smartcards” commuters use to pay fares, a hack that highlights a serious security flaw because similar cards provide access to thousands of government offices, hospitals and schools.

There are more than 17 million of the transit cards, called Oyster Cards, in circulation. Transport for London says the breach poses no threat to passengers and “the most anyone could gain from a rogue card is one day’s travel.” But this is about more than stealing a free fare or even cribbing any personal information that might be on the cards.

Oyster Cards feature the same Mifare chip used in security cards that provide access to thousands of secure locations. Security experts say the breach poses a threat to public safety and the cards should be replaced.

Apparently they can only use the cloned card for one day’s travel, but still…what would stop them from doing it every day?

Or cloning an access card to a more important place and wreaking some havoc there.


The hackers scanned one of the Underground’s many card readers to collect the cryptographic key that purportedly keeps the system secure. The keys were uploaded to a laptop, essentially turning them into portable card readers. The hackers then brushed up against passengers to wirelessly upload the information on their Oyster cars. That information in hand, it was a simple matter of using it to program new cards.

Jacobs says the same technique can clone smartcards that provide access to secure buildings. “An employee can be cloned by bumping into that person with a portable card reader,” he told the Times. “The person whose identity is being stolen may then be completely unaware that anything has happened. At the technical level there are currently no known countermeasures.”

So break out your tinfoil hats and alumnium hats, the smartcard hackers are coming to a building near you soon.

The Dutch government are taking this VERY seriously, planning to replace all 120,000 smart cards used by their employees for access. That will be an expensive excercise.

I wonder will Oyster make any changes following the media coverage on this?

And what rights does a consumer have after their card is cloned and their credit used, are they insured? Would they even notice? Who’s responsiblity is it?

Source: Wired Blog (Thanks to razta).


Posted in: Cryptography, Hardware Hacking

Tags: , , , , , , , , , , , ,

Posted in: Cryptography, Hardware Hacking | Add a Comment
Recent in Cryptography:
- Signal Messaging App Formal Audit Results Are Good
- SHA-256 and SHA3-256 Are Safe For the Foreseeable Future
- Up1 – Client Side Encrypted Image Host

Related Posts:

Most Read in Cryptography:
- The World’s Fastest MD5 Cracker – BarsWF - 47,908 views
- Hackers Crack London Tube Oyster Card - 45,433 views
- WPA2 Vulnerability Discovered – “Hole 196” – A Flaw In GTK (Group Temporal Key) - 33,373 views


NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance

Find your website's Achilles' Heel


You might remember a while ago we mentioned MP3 spam, which in October last year was the latest evolution in spam.

Currently there is a new type annoying mail-server owners the world over, it’s known as NDR or Backscatter Spam and involved NDRs or Non Delivery Reports (those emails you get when you send a mail to a non-working or no longer active account).

Research shows that up to 90% of emails received by companies are spam, and spammers have adopted a variety of methods to bypass spam filters used in anti-spam software. In the beginning, spam was mainly text based but over the past few years, spammers have resorted to using embedded images and attaching common file types such as mp3s and Excel documents in emails to gain access to mailboxes. Another option is NDR or non-delivery report spam.


NDRs are a common part of email exchanges. Users receive NDRs, for example, when an email does not arrive at a recipient’s address and notification is sent to the sender. However, spammers can cause a considerable increase in NDR activity because they send junk mail to thousands of email addresses. Some are genuine but others are not and these are used to generate NDR messages by manipulating the ‘From’ address to use a real domain sender. This results in email users receiving NDRs from people they had never sent an email to in the first place.

This white paper explains what NDR spam is and how administrators can take effective measures to reduce the impact on their email servers.

To download a copy of the white paper, please visit:

http://www.gfi.com/whitepapers/ndr-spam.pdf [PDF]


Posted in: Countermeasures, Spammers & Scammers

Tags: , , , , , , , , , ,

Posted in: Countermeasures, Spammers & Scammers | Add a Comment
Recent in Countermeasures:
- Signal Messaging App Formal Audit Results Are Good
- Snort – Free Network Intrusion Detection & Prevention System
- SHA-256 and SHA3-256 Are Safe For the Foreseeable Future

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,368 views
- Password Hasher Firefox Extension - 117,978 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,776 views


BackTrack Final 3 Hacking LiveCD Released For Download

Find your website's Achilles' Heel


If you don’t know, BackTrack is a top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.

Back in January we mentioned the BackTrack Live Hacking CD BETA 3 was released, at last the final version is ready for download!

New Stuff

SAINT
SAINT has provided BackTrack users with a functional version of SAINT, pending a free request for an IP range license through the SAINT website, valid for 1 year.

Maltego
The guys over at Paterva have created a special version of Maltego v2.0 with a community license especially for BackTrack users. We would like to thank Paterva for co-operating with us and allowing us to feature this amazing tool in BackTrack.

Nessus
Tenable would not allow for redistribution of Nessus on BackTrack 3.

Kernel
2.6.21.5. Yes, yes, stop whining….We had serious deliberations concerning the BT3 kernel. We decided not to upgrade to a newer kernel as wireless injection patches were not fully tested and verified. We did not want to jeopardize the awesome wireless capabilities of BT3 for the sake of sexiness or slightly increased hardware compatibilities. All relevant security patches have been applied.


Tools
As usual, updated, sharpened, SVN’ed and armed to the teeth. This release we have some special features such as spoonwep, fastrack and other cool additions.

Availability

For the first time we distribute three different version of Backtrack 3:

  • CD version
  • USB version
  • VMWare version

You can download BackTrack 3 Final here:

http://remote-exploit.org/backtrack_download.html

Or read more here.


Posted in: General Hacking

Tags: , , , , , , , , , , , , , , , ,

Posted in: General Hacking | Add a Comment
Recent in General Hacking:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,173,589 views
- Hack Tools/Exploits - 634,231 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 438,542 views


Botmaster Robert Matthew Bentley AKA LSDigital Sentenced

Your website & network are Hackable


Another one bites the dust with another reasonably hefty sentence, this time a botherder or botnet master.

Just under 4 years and a big chunk of change as a fine, I guess he probably has plenty of cash stashed somewhere though. These guys can really rake it in with their mass infectors of doom.

A US-based hacker has been sentenced to 41 months in jail for breaking into corporate computers in Europe and making them part of a money-generating botnet.

Robert Matthew Bentley, 21, of Panama City, Florida, was also ordered to perform three years of supervised release once his prison time is over and to pay $65,000 in restitution, according to federal prosecutors in Pensacola, Florida.

In March, Bentley, who sometimes went by the alias LSDigital, pleaded guilty to two felony counts related to his botnet activities, which inflicted more than $150,000 worth of damage on Newell Rubbermaid. Starting as early as December 2006, Bentley and several unnamed co-conspirators installed customized bots on hundreds of the company’s computers. The malware generated so much traffic on Rubbermaid’s servers that its network stopped functioning.

He pleaded guilty which might have saved him from getting an even heavier punishment, I guess he know they had enough evidence to nail him soundly so he may as well look after his interests.

I wonder if his conspirators will get busted too?

New infections from the attack were being detected as recently as March, four months after Bentley was arrested. Federal agents continue to investigate the uncharged suspects. At least one of them lived in Philadelphia.

Federal prosecutors began their case after the Metropolitan Police Computer Crime Unit in London fielded a complaint from Rubbermaid representatives in Europe. According to court documents, Bentley and his cronies generated “thousands of dollars” by installing adware from DollarRevenue.com on the infected machines.

The bot masters used the domain name smokedro.com as a command and control channel. They breached Newell Rubbermaid using at least three malicious files bearing the names 84785_redworld[1].exe, mssecure.exe and msiupdate.exe.

It looks like they had it pretty well wrapped up and by the looks of it (new infection in March) they are still going strong.

I wonder what the status is now?

They were busted as part of the FBI campaign known as Operation Bot Roast.

Source: The Register


Posted in: Legal Issues, Malware

Tags: , , , , , , , , , ,

Posted in: Legal Issues, Malware | Add a Comment
Recent in Legal Issues:
- UK Teen Earned More Than US$385,000 From DDoS Service
- Massive Yahoo Hack – 500 Million Accounts Compromised
- Two Israeli Men Arrested For Running VDoS-s.com DDoS Service

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,755 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,702 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,642 views


Technitium FREE MAC Address Changer v5 Released

Find your website's Achilles' Heel


Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit by the manufacturer. This hard coded MAC address is used by windows drivers to access Ethernet Network (LAN). This tool can set a new MAC address to your NIC, bypassing the original hard coded MAC address. Technitium MAC Address Changer is a must have tool in every security professionals tool box. Technitium MAC Address Changer is coded in Visual Basic 6.0.

Features

  • Support for Windows Vista SP1 and Windows Server 2008 added.
  • Allows you to remove all registry entries corresponding to Network Adapter that is no longer physically installed on the system.
  • Allows you to configure Internet Explorer HTTP proxy settings through configuration presets or command line.
  • Issues with installer program resolved. (Thanks to all your feedbacks)
  • Identifies the preset applied to currently selected Network Interface Card (NIC) automatically making it easy to identify settings.
  • Most known issues with Windows Vista removed. (Thanks to all your feedbacks)
  • Changes MAC address of Network Interface Card (NIC) including Wireless LAN Cards, irrespective of its manufacturer or its drivers.
  • Has latest list of all known manufacturers (with corporate addresses) to choose from. You can also enter any MAC address and know which manufacturer it belongs to.
  • Allows you to select random MAC address from the list of manufacturers by just clicking a button.
  • Restarts your NIC automatically to apply MAC address changes instantaneously.
  • Allows you to create Configuration Presets, which saves all your NIC settings and makes it very simple to switch between many settings in just a click and hence saves lot of time.
  • Allows you to Import or Export Configuration Presets to or from another file, which saves lot of time spent in reconfiguration.
  • Allows you to load any Configuration Presets when TMAC starts by just double clicking on any Configuration Preset File. (*.cpf file extension)
  • Has command line interface which allows you to perform all the tasks from the command prompt or you can even create a DOS batch program to carry out regular tasks. (see help for command line parameter details)
  • Allows you to export a detailed text report for all the network connections.
  • Displays all information you would ever need to know about your NIC in one view like Device Name, Configuration ID, Hardware ID, Connection Status, Link Speed, DHCP details, TCP/IP details etc.

You can download Technitium v5 here:

Technitium-MAC-Address-Changer

Or read more here.


Posted in: Network Hacking, Security Software

Tags: , , , , , , , , , ,

Posted in: Network Hacking, Security Software | Add a Comment
Recent in Network Hacking:
- PyExfil – Python Data Exfiltration Tools
- Netdiscover – Network Address Discovery Tool
- Censys – Public Host & Network Search Engine

Related Posts:

Most Read in Network Hacking:
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,509,808 views
- Wep0ff – Wireless WEP Key Cracker Tool - 514,758 views
- THC-Hydra – The Fast and Flexible Network Login Hacking Tool - 329,087 views


Disgruntled IT Worker Gets Heavy Prison Sentence

Your website & network are Hackable


It just goes to show, however smart you think you are…don’t bother trying to wreck someones data. In this case, even if the guy was pissed it was highly responsible as it involved medical records and could actually seriously effect someones life.

He was pretty careful but left a few clues behind, more than enough for the FBI to catch him (computer names, printers installed etc.).

An IT manager who sought revenge for an unfavorable job evaluation was sentenced to more than five years in federal prison after being convicted of intentionally triggering a massive data collapse on his former employer’s computer network.

Jon Paul Oson, 38, of Chula Vista, California, was sentenced to 63 months behind bars and ordered to pay more than $409,000 in restitution, according to federal prosecutors in San Diego. He was immediately taken into custody after the sentence was handed down on Monday. It is one of the stiffest penalties ever for a computer hacking offense.

It’s a pretty huge sentence for hacking – 63 months or just over 5 years! As mentioned it’s one of the stiffest sentences ever for a computer related crime.

It did cause some serious losses though with a staggered disruption of data, as he was familiar with the backup system he could disable it then wait until the cycle had finished…then once the data was gone it was gone.

On December 23, Oson logged onto servers belonging to his former employer and disabled the program that automatically backed up medical records for thousands of low-income patients. Six days later, he logged on again, and in the span of 43 minutes, methodically deleted the files containing patients’ appointment data, medical charts and other information.

The dollar cost of Oson’s rampage was pegged at $409,337.83 and accounted for expenses for technical investigations and moving to a paper-based system in the weeks following the attack. But the real toll came when doctors at North County Health Services no longer had medical records for thousands of low-income patients who sought medical care. North County Health Services contracted with Oson’s employer to store the records.

Pretty scary that one guy has this kind of power, it just shows it doesn’t pay to annoy the BOFH! Anyway what he did was wrong and he’s getting what he deserved, I mean he didn’t even get canned he just got a bad evaluation.

Any thoughts on this?

Source: The Register


Posted in: General Hacking, Legal Issues

Tags: , , , , , , , , ,

Posted in: General Hacking, Legal Issues | Add a Comment
Recent in General Hacking:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,173,589 views
- Hack Tools/Exploits - 634,231 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 438,542 views


WikiScanner – Find Interesting Anonymous Edits on Wikipedia

Find your website's Achilles' Heel


Now this isn’t a new tool, and it’s not quite up to date as the author hasn’t updated it for a while – but it’s still exceedingly cool!

As you know most IP addresses are registered to companies or organizations in blocks, so you can identify which network an edit is coming from as Wikipedia logs the IP address when an anonymous edit is made.

WikiScanner (also known as Wikipedia Scanner) is a tool created by Virgil Griffith and released on August 14, 2007, which consists of a publicly searchable database that links millions of anonymous Wikipedia edits to the organizations where those edits apparently originated, by cross-referencing the edits with data on the owners of the associated block of IP addresses. WikiScanner does not work on edits made under a username. The Associated Press reported that Griffith wanted “to create minor public relations disasters for companies and organizations [he] dislike[s].”

Source: Wikipedia

You can check out your current company, your previous company, your college or university and anything else that tickles your fancy.

There are some very interesting edits, you can see some here:

http://wired.reddit.com/wikidgame/

You can try it out here:

Wikiscanner


Posted in: General Hacking, Privacy, Programming

Tags: , , , , , ,

Posted in: General Hacking, Privacy, Programming | Add a Comment
Recent in General Hacking:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,173,589 views
- Hack Tools/Exploits - 634,231 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 438,542 views


16 Year Old Indian Hacker Busted for eBay Scam

Your website & network are Hackable


Looks like India has them moving into the hacking scene young, it’ll happen anywhere with decent network infrastructure and disparate levels of economy. Look at Eastern Europe and China as other examples, India though due to it’s outsourcing culture and plentiful legitimate jobs in the IT industry doesn’t seem to suffer so many problems with hacking.

I guess things might change though with the USD weakening and the World economy slowing down.

His face is cherubic and his mannerisms childish. But, when he talks to police officials, they find it hard to catch up with this whiz-kid. Ajay (16) is a perfect example of what parents should watch out for when they encourage their children to use computers. Being a teenager from a modest background, he wanted to achieve all the good things in life – right from the latest gadgets to a lavish lifestyle.

“His knowledge of the codes and payment gateways is as good as that of a professional hacker,” said a senior crime branch official who has been interrogating this teenager picked up from Mulund in Mumbai, involved in an online payment scam on eBay.

I don’t remember what exactly I was doing at 16 but I think it had something to do with BBS and was fairly advanced, it’s not a large leap of imagination for a 16 year-old to be doing these kind of things.

Paypal and eBay scams/fraud are pretty high on the list now as they are easy to pass off and you can just spend the money back online to buy the latest fashion items or gadgets which makes it very hard to trace.

Ajay was happy with the progress he was making in life and told the police he did not want to pursue college education as “it was useless for earning money”.

His life changed when he came in contact online with bigger hackers five months ago. He started visiting the forums meant for international hackers. One of the international sites with the tagline ‘We move the world to free’ attracted him. It was a gateway to a heaven where the CVV (customer verification value) numbers and personal details were available for a very cheap price.

The same website was being used by his Ahmedabad-based links for dealing on PayPal — a payment gateway — to purchase goods using someone else’s credit card number and bank account. Ajay used it wisely and never raised an alarm. He blames his ‘amateur’ associates of Ahmedabad for landing the whole gang in the police net.

It just shows, be very careful with your CVV number and be careful when using services like Paypal and eBay – sadly once again I think those reading here already are careful so it’s not the target audience for education.

Perhaps you can tell your friends and relatives they might be funding a 16 year olds haircut at Toni and Guy!

Source: Times of IndiaThanks to Navin.


Posted in: Legal Issues, Spammers & Scammers

Tags: , , , , , , , , , , , , ,

Posted in: Legal Issues, Spammers & Scammers | Add a Comment
Recent in Legal Issues:
- UK Teen Earned More Than US$385,000 From DDoS Service
- Massive Yahoo Hack – 500 Million Accounts Compromised
- Two Israeli Men Arrested For Running VDoS-s.com DDoS Service

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,755 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,702 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,642 views