Archive | January, 2009

Complemento v0.6 – LetDown TCP Flooder, ReverseRaider Subdomain Scanner & Httsquash HTTP Server Scanner Tool

Your website & network are Hackable


We first wrote about Complemento 0.4b a little while ago when it first hit the public domain just last month (December 2008).

Now there have been 2 major updated versions, the latest being 0.6.

What is Complemento?

Complemento is a collection of tools that the author originally created for his own personal toolchain for solving some problems or just for fun. Now he has decided to release it to the public.

LetDown is a TCP flooder written after the author read the article by fyodor entitled article “TCP Resource Exhaustion and Botched Disclosure“. It has an (experimental) userland TCP/IP stack, and support multistage payloads for complex protocols, fragmentation of packets and variable TCP window.

ReverseRaider is a domain scanner that uses brute force wordlist scanning for finding a target sub-domains or reverse resolution for a range of ip addresses. This is similar to some of the functionality in DNSenum. It supports permutation on wordlist and IPv6.

Httsquash is an HTTP server scanner, banner grabber and data retriever. It can be used for scanning large ranges of IP addresses and finding devices or HTTP servers (there is an alpha version of a GUI for this). It supports IPv6 and personalized HTTP requests.

Improvements for v0.6

LetDown:

  • New (experimental) userland TCP stack
  • Support for multistage payloads (for complex and stateful protocol, such as FTP, SMTP…)
  • Variable TCP Window size
  • Fragmentation of packets
  • Polite mode (ACK received packets and/or closing the connection with FIR or RST packets)

ReverseRaider:

  • Support for IPv6

HttSquash:

  • Support for IPv6

You can download Complemento v0.6 here:

complemento-0.6

Or read more here.


Posted in: Hacking Tools, Network Hacking, Web Hacking

Tags: , , , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Web Hacking | Add a Comment
Recent in Hacking Tools:
- PyExfil – Python Data Exfiltration Tools
- Netdiscover – Network Address Discovery Tool
- Kautilya – Human Interface Device Hacking Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,000,364 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,509,238 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 691,716 views


Kyrgyzstan Taken Offline by Huge Denial of Service Attack

Find your website's Achilles' Heel


Isn’t it amazing in this day and age an entire country can be knocked offline by Denial of Service attacks! You’d have though it wouldn’t happen any more.

I do remember the days when it was fairly easy to take one of the smaller ISPs out in UK, so I guess the infrastructure of some developing countries is still susceptible to serious data floods.

Currently Kyrgyzstan is offline pretty much, even 48 hours after the attack began accessing major media sites is hit and miss.

The central Asian republic of Kyrgyzstan was effectively knocked offline for more than a week by a Russian cybermilitia that continues to flood the country’s internet providers with crippling data attacks, a security expert said.

The attacks, which began on January 18, bear the signature of pro-Russian nationalists believed to have launched similar cyber assaults on the republic of Georgia in August, said Don Jackson, a researcher with Atlanta-based security provider SecureWorks. The attacks on Kyrgyzstan were so potent that most net traffic in and out of the country was completely blocked during the first seven days.

Over the past 48 hours, ISP have managed to mitigate some of the damage by relocating the servers of their biggest customers to different IP address ranges and employing a technique known as source filtering, which is designed to block harmful traffic while still allowing friendly packets through. Some media organizations and government opposition groups in the country of 5.3 million have not been so fortunate.

Believed to have been the work of pro-Russian nationalists, cyber terrorism is getting pretty serious now. These bad guys have some hardcore botnets under their control and can produce some serious traffic.

Apparently the same group attacked Georgia earlier.

The attack on Kyrgyzstan crippled their Internet totally for the first 7 days – that’s some serious traffic!

Representatives from Kyrgyzstan Domain Registration Service and a service known as www.ns.kg didn’t respond to emailed requests for comment. The two services carry about 80 percent of the country’s traffic, Jackson said.

The attacks are the latest example of geopolitical disputes spilling into cyberspace, a trend that’s been growing in the past few years. Web and email traffic in Estonia came to a standstill in May of 2007 after civil unrest over that country’s removal of a Soviet-era memorial was accompanied by attacks on the Baltic nation’s internet infrastructure. Attacks on websites belonging to the Georgian government, on Radio Free Europe and cable television network CNN by Chinese hackers follow a similar pattern.

So-called distributed denial of service (DDoS) attacks, which flood a victim with so much malicious data it is unable to respond to legitimate requests, aren’t the only weapon in the arsenal of politically motivated hackers. The Israeli Defense Force recently paid a Texas company that specializes in search engine optimization to halt the online backlash generated by its military action in Gaza.

I wonder who will be next, first Georgia and now Kyrgyzstan – I’m sure there will be a new target in the future.

It’s always interesting to see these ‘politically’ motivated attacks and wonder what the people carrying them out really think they are achieving. Do they actually believe denying a whole country it’s Internet will cause any change or any positive action?

I guess they probably just do it because they can, a display of dominance and power.

Source: The Register


Posted in: General Hacking, Network Hacking

Tags: , , , , , , ,

Posted in: General Hacking, Network Hacking | Add a Comment
Recent in General Hacking:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,173,562 views
- Hack Tools/Exploits - 634,183 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 438,520 views


Independent Web Vulnerability Scanner Comparison – Acunetix WVS, IBM Rational AppScan & HP WebInspect

Find your website's Achilles' Heel


I saw a relevant paper published today by an individual that claims the comparison was ordered by a penetration testing company (a company which remains unnamed).

The vendors were not contacted during or after the evaluation.

Testing Procedure

The author tested 13 web applications (some of them containing a lot of vulnerabilities), 3 demo applications provided by the vendors:

And some tests were done to verify JavaScript execution capabilities.

In total, 16 applications were tested.

An attempt was made to try and cover all the major platforms, so applications in PHP, ASP, ASP.NET and Java were used.

Note for Application Tests:

The report only included “important/critical/major” vulnerabilities like SQL injection, Local/Remote File Inclusion, XSS – Vulnerabilities like “Unencrypted Login Form”, “Directory listing found”, “Email address found” were not included to avoid clutter.

SQL injection vulnerabilities can be discovered through error messages or blind SQL injection. Some scanners are showing 2 alerts: one for the vulnerability found through error message and another for the blind technique. In these cases only one vulnerability has been counted.

The scanners were rated as follows:

Scanner Scoring

You can download the full PDF report here:

WebVulnScanners.pdf

And the associated JavaScript files used for testing here:

WebVulnScanners-JS.zip

The original file location is:

http://drop.io/anantasecfiles/

Author’s blog – http://anantasec.blogspot.com/


Posted in: Countermeasures, Exploits/Vulnerabilities, Security Software, Web Hacking

Tags: , , , , , , , , ,

Posted in: Countermeasures, Exploits/Vulnerabilities, Security Software, Web Hacking | Add a Comment
Recent in Countermeasures:
- Signal Messaging App Formal Audit Results Are Good
- Snort – Free Network Intrusion Detection & Prevention System
- SHA-256 and SHA3-256 Are Safe For the Foreseeable Future

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,368 views
- Password Hasher Firefox Extension - 117,976 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,776 views


Gary McKinnon Wins Right to Appeal Against Extradition

Find your website's Achilles' Heel


We’ve been following the case of the ‘NASA Hacker’ Gary McKinnon since it started in April 2006 when we reported the British Hacker Gary McKinnon Fears Guantanamo.

So you can see the case has been going on for quite some time, the most recent news we published about it was UK Hacker Gary McKinnon Loses Appeal Against Extradition.

But now, the most recent turn of events is that he’s won the right to appeal against extradition, which I guess is quite a big deal for him.

Gary McKinnon, the man accused by U.S. prosecutors of “the biggest military hack of all time,” has won the right to a judicial review of a Home Office decision to extradite him to the U.S.

Lord Justice Maurice Kay made the ruling at the High Court in London on Friday. The Home Office had refused to halt the extradition proceedings, despite McKinnon having been diagnosed with Asperger’s Syndrome, a condition on the autistic spectrum.

McKinnon’s solicitor Karen Todner told ZDNet UK on Friday that she was “very pleased” about the High Court decision.

“It’s a step in the right direction,” Todner said. “We’ve got permission for a judicial review, and that shows we have an arguable case.”

McKinnon’s legal team applied for the review on the grounds that McKinnon’s medical condition had not been taken into account by the Home Office or any UK court in deciding his extradition. If convicted by the U.S., McKinnon faces a 70-year sentence in a maximum security prison, his barrister Edward Fitzgearld QC has argued.

It seems like they brought up his medical condition (Asperger’s) as an excuse to appeal against extradition, although I can’t blame them as the possible 70 year sentence does seem a little on the extrame to say he didn’t do any real damage.

Hopefully the judicial review will actually apply some common sense to the case and make a decent logical decision based on McKinnon’s actual crime, circumstance and condition.

Todner said the review was granted on the grounds that the extradition may breach Article 3 of the European Convention on Human Rights, which states that no one shall be subjected to “inhuman or degrading treatment or punishment.”

Professor Simon Baron Cohen, the Cambridge University specialist in developmental psychopathology who initially diagnosed McKinnon, said on Tuesday that McKinnon suffered the risk of “psychiatric difficulties” including depression and anxiety should he be extradited and imprisoned.

Home secretary Jacqui Smith turned down McKinnon’s second appeal against extradition in October 2008, after the diagnosis of Asperger’s syndrome in summer 2008.

The judicial review will not take place until after the director of public prosecutions, Keir Starmer, has decided whether to charge McKinnon. McKinnon sent a signed confession to Starmer in December admitting offenses under Section 2 of the Computer Misuse Act, in the hope of being prosecuted under UK law.

It looks like if he plays his cards right he might be able to get prosecuted under the Computer Misuse Act, under UK law rather than being tried as a terrorist in the US (which would obviously yield a much harsher sentence).

It’s taking a long time to pan out though, I wouldn’t like to be in McKinnon’s position right now either way – the big dogs are gunning for him and he’s gonna take some kind of fall.

Source: Cnet (Thanks Navin)


Posted in: General Hacking, Legal Issues

Tags: , , , , , , , ,

Posted in: General Hacking, Legal Issues | Add a Comment
Recent in General Hacking:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,173,562 views
- Hack Tools/Exploits - 634,183 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 438,520 views


List of Famous Hackers in Computer History Both White Hat and Black Hat

Find your website's Achilles' Heel


This is a very complete list, probably the most complete one I’ve seen and it includes pictures – pictures of people who rarely have their pictures taken or allow them out on the Internet.

The list is according to the proper original definition of a Hacker, as taken from the New Hacker’s Dictionary:

  1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users’ Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
  2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.
  3. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.

The list itself is described as:

The following list is presented in chronological order, except for those entries where the date of birth is unknown. It includes academic hackers working on early minicomputers, prominent hackers from the open source software movement, the computer underground/hacker scene, and security experts.

There is also a second section containing Black Hats & Phreakers. I’m pretty familiar with most of the names on the list, so I guess it’d be interesting for people who aren’t so familiar with hacker culture and history to browse through and get to know some of the people who have impacted how we use computers and the Internet.

Most of those in the list have Wikipedia entries too, so if you feel like researching further that’s a good place to move to using the list as a reference.

You can find the entire list here:

Legendary Hackers


Posted in: General Hacking

Tags: , , , , ,

Posted in: General Hacking | Add a Comment
Recent in General Hacking:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,173,562 views
- Hack Tools/Exploits - 634,183 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 438,520 views


CeWL – Custom Word List Generator Tool for Password Cracking

Your website & network are Hackable


It seems to be trendy lately to make tools which can create custom or more specific word lists for password cracking, just last week we posted about the web application The Associative Word List Generator (AWLG), which crawls the whole web to look for associated words with a given topic.

This application is more towards creating custom word lists from a specific domain by crawling it for unique words. Basically you give the application a spidering target website and it will collect unique words. The application is written in Ruby and is called CeWL, the Custom Word List generator. The app can spider a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

IF you combine the info output by CeWL and AWLG with the standard wordlists for password cracking – you should have a fairly comprehensive set.


By default, CeWL sticks to just the site you have specified and will go to a depth of 2 links, this behaviour can be changed by passing arguments. Be careful if setting a large depth and allowing it to go offsite, you could end up drifting on to a lot of other domains. All words of three characters and over are output to stdout. This length can be increased and the words can be written to a file rather than screen so the app can be automated.

Version 2 of CeWL can also create two new lists, a list of email addresses found in mailto links and a list of author/creator names collected from meta data found in documents on the site. It can currently process documents in Office pre 2007, Office 2007 and PDF formats. This user data can then be used to create the list of usernames to be used in association with the password list.

Installation

CeWL needs the rubygems package to be installed along with the following gems:

  • http_configuration
  • mime-types
  • mini_exiftool
  • rubyzip
  • spider

You can download CeWL here:

cewl_2.0.tar.bz2

Or read more here.


Posted in: General Hacking, Hacking Tools, Password Cracking

Tags: , , , , ,

Posted in: General Hacking, Hacking Tools, Password Cracking | Add a Comment
Recent in General Hacking:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,173,562 views
- Hack Tools/Exploits - 634,183 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 438,520 views


Using Twitter for Data Mining and Information Gathering

Find your website's Achilles' Heel


We’ve mentioned Twitter a few times lately as it has become a larger and larger part of the social web and the premier ‘micro-blogging’ platform.

There was a recent Phishing issue on Twitter and before that Twitter Jacking and a CSRF bug that allowed auto-following.

Due to the large update of Twitter, the amount of datable available on the site and it’s easily searchable nature it has become a great platform for data-mining and information gathering (the first and sometimes most important parts of any pen test/vuln ass or security test).

Twitter is fun. It’s also a powerful research tool. People increasingly use Twitter to share advice, opinions, news, moods, concerns, facts, rumors, and everything else imaginable. Much of that data is public and available for mining.

Here’s how to use Twitter to gather useful information about topics, companies, and individuals. I’ll cover native Twitter features, as well as third-party tools with catchy names, such as 5and2fish, Twitter Venn, TwitterFriends, PeopleBrowsr , Twitturly, Twitter Spectrum, and others.

Most of the techniques mentioned here don’t require you to be a registered Twitter user. If you use Twitter, consider what data tidbits you release there, and whether you need to be more careful.

People don’t tend to be so careful or post in such a considered manner when using Twitter as the tidbits posted are so short and off-the-cuff.

This leads to an interesting source of information for people like us doing research about an individual or organization. You can really get a good gauge on the publics feelings for a certain topic too by searching Twitter for relevant keywords.

For example if you search Twitter for ‘Darknet‘ you can see some people mentioning our posts and one guy pretty consistently re-syndicating our content onto the micro-blogging platform.

As you gather information on Twitter, be mindful of others attempting to manipulate you into arriving at their conclusions by feeding you misinformation. Cross-check data and understand its sources. For more on this, see Is Twitter A Market Manipulator’s Dream on the TwiTip blog. If the topic of reputational attacks interests you, also look at the SpinHunters blog.

If using Twitter to share information and stay in touch with your friends, be mindful of how others might misuse what you reveal about yourself, others, or your company. In the words of Wired magazine’s Steven Levy, “No matter how innocuous your individual tweets, the aggregate ends up being the foundation of a scary-deep self-portrait. It’s like a psychographic version of strip poker–I’m disrobing, 140 characters at a time.”

It’s an article well worth reading if you are a Twitter user or not, if you are an infosec professional it gives you another source to search when you are doing information gathering or data-mining tasks.

The Internet is always evolving along with the way people use it, as it becomes a more social platform – more information is bound to be ‘exposed‘ online – for us to find..

Source: SANS ISC


Posted in: General Hacking, Privacy, Social Engineering

Tags: , , , , , , , , , , , , ,

Posted in: General Hacking, Privacy, Social Engineering | Add a Comment
Recent in General Hacking:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,173,562 views
- Hack Tools/Exploits - 634,183 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 438,520 views


Acunetix Web Vulnerability Scanner 6 Review

Your website & network are Hackable


As you might know if you’ve been reading for some time, I do occasionally review commercial software if it’s interesting and relevant – the last one I remember doing was back in 2007 “Outpost Security Suite PRO Review“.

This time it’s for a much more relevant piece of software IMHO, and one which I actually like using and have used in the past – Acunetix Web Vulnerability Scanner 6. Version 6 was recently released and has some quite exciting new features including the new more accurate Acusensor, Port Scanner and Network Alerts tool and actual Blind SQL Injection.

Acunetix

If you were previously using version 5 and you’re interesting in version 6 there are some good progressive changes. One good development is AcuSensor which goes much more in depth into web application security testing and code injection (it can find vulnerabilities that typical black box scanning wouldn’t). The new Port Scanning feature will perform some kind of Nessus like function and try and find vulnerabilities in network services, you can learn more about adding your own vulnerability scripts here.

Something important for me too is the additional of Pausing a scan, this is very useful especially on a long scan when you can only carry it out during off peak hours.

There are some other minor improvements like the ability to mark an alert as a false positive, improvements in the scheduler and general improvements in the searching and filtering features.

Installation

Installation is very easy, there are very few options to select and it’s just a next-next kind of install. There is the option of installing the BETA Firefox Plugin, which is pretty neat. No reboot is required during install, but you do need to Restart Firefox if you wish to utilize the Plugin.

Installation of Acunetix Web Vulnerability Scanner

Getting Started

Once you fire up the software it will let you know if there are any updates, it’s managed very well with no manual action needed by the user.

Acunetix Web Vulnerability Scanner - Scan Wizard

With the wizard it’s very easy to start a scan or any of the other tasks within WVS.

Acunetix Web Vulnerability Scanner - Scan Wizard

Once the target is selected it allows you to optimize the scan for various different technologies depending on the architecture of the site (PHP, ASP, Perl and so on).

Acunetix Web Vulnerability Scanner - Scan Target

Then the scanning options – it gives you 3 main options for scanning; Extensive, Heuristic and Quick.


Acunetix Web Vulnerability Scanner - Scan Options

It also offers you some variety in crawling options, how deep you want to go, should you scan above the root directory or only below and then after that it’s basically on auto-pilot (it does give you the option for HTTP Authentication if you need to scan something behind a login/password).

Features

The crawling and scanning is pretty comprehensive, whilst the scan is taking place it give you updates in terms of progress and in terms of anything it has found (categorised).

The progress section is quite detailed and shows which module is running, on which page of the site and generally what is happening (some scripts run concurrently).

Acunetix Web Vulnerability Scanner - Scan Information

As for anything it finds out of the ordinary, threats are categorised into 3 levels – High, Medium & Low. On top of that there is also info and knowledge base (such as which ports are open).

Acunetix Web Vulnerability Scanner - Scan Results

There are also other useful tools such as the HTTP Fuzzer and Sniffer which are good for examining HTTP traffic in detail and especially for exposing weak authentication schemes.

AcuSensor is interesting because it actually has a server side component, both for ASP.NET applications and PHP based web apps. This means that it can tell you exactly where in your code the flaw is – like this SQL Injection Vulnerability found in Mambo by AcuSensor.

There’s another example about backdoor code in web applications here, with the example this time being the WordPress 2.1.1 Vulnerability.

This is the first time I’ve encountered this kind of technology and I think it’s an excellent step forwards in automated code auditing and deeper web application security.

Surprisingly I also found some Legislation and Compliance reports inside the WVS, this was a welcome surprise (as I’ve been involved in many ISO27001 projects) something like this can really save time.

Conclusion

All in all it’s a well rounded tool with a pretty accurate scanning engine (You can find a list of vulnerabilities it checks for here including those for specific software), it’s come a long way since the earlier versions and is now quite strong in all areas of web application security testing.

The new AcuSensor also ensures more vulnerabilities are found and less false positives delivered – false positives are the bane of any vulnerability scanner. That’s where the consultant skill comes in, ascertaining which are real and which are not.

A good part is it’s quite usable by less technical people as it gives in-depth descriptions on both a conceptual and a technical level enabling people to understand the issue uncovered.

Darknet recommends Acunetix Web Vulnerability Scanner 6 highly, it could make a real difference to your work flow for the consultants and for the in-house guys it could help improve the security, stability and integrity of your web applications.

You can find more reviews about Acunetix WVS here and some Customer Testimonials here.

If you wish to read more about Acunetix WVS you can do so here and you can find the prices here (in both Euros and USD).

You can also check out WVS Free Edition.


Posted in: Advertorial, Database Hacking, Exploits/Vulnerabilities, Hacking Tools, Network Hacking, Web Hacking

Tags: , , , , , , , , , , , , , , ,

Posted in: Advertorial, Database Hacking, Exploits/Vulnerabilities, Hacking Tools, Network Hacking, Web Hacking | Add a Comment
Recent in Advertorial:
- Securing MySQL Installation on Ubuntu 16.04 LTS
- An Introduction To Web Application Security Systems
- Everything You Need To Know About Web Shells

Related Posts:

Most Read in Advertorial:
- eLearnSecurity – Online Penetration Testing Training - 42,264 views
- Acunetix Web Vulnerability Scanner 6 Review - 15,412 views
- Acunetix WVS (Web Vulnerability Scanner) 7 Review – Engine & Scanning Improvements - 15,280 views


Conficker (AKA Downadup or Kido) Infections Skyrocket To An Estimate 9 Million

Your website & network are Hackable


There hasn’t been a viral outbreak of this scale for quite some time, Conficker or Downadup as it’s known was only fairly recently discovered (Oct 2008) and has already infected an estimated 9 million machines!

It’s spreading fast though and it auto-updates itself via downloads from random domains making it almost impossible to stop as whatever countermeasures come out, it can just download itself the latest version and bypass them.

It also has multiple infection vectors including traveling via USB drives.

Infections of a worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is “skyrocketing”.

The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008. Anti-virus firm F-Secure estimates there are now 8.9m machines infected. Experts warn this figure could be far higher and say users should have up-to-date anti-virus software and install Microsoft’s MS08-067 patch. In its security blog, F-Secure said that the number of infections based on its calculations was “skyrocketing” and that the situation was “getting worse”.

Speaking to the BBC, Graham Cluley, senior technology consultant with anti-virus firm Sophos, said the outbreak was of a scale they had not seen for some time.

The virus targets the services.exe process (Server service) by exploiting the vulnerability associated with the MS08-067 patch.

This was a serious remote execution flaw carried out by making a malformed RPC request, apparently it was reported ‘privately’. But now it seems that perhaps the details of the exploit weren’t that private after all.

According to Microsoft, the worm works by searching for a Windows executable file called “services.exe” and then becomes part of that code.

It then copies itself into the Windows system folder as a random file of a type known as a “dll”. It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.

Once the worm is up and running, it creates an HTTP server, resets a machine’s System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker’s web site. Most malware uses one of a handful of sites to download files from, making them fairly easy to locate, target, and shut down. But Conficker does things differently.

It quite advanced even taking system restore out of the picture and downloading new files to update itself and to infect the machine further. It’s sneaky as it downloads from a bunch of seemingly randomly generated URLs making it very difficult to track and stop.

Many machines are infected in China, Brazil, Russia, and India – personally I think this is because piracy is rife in these areas and Microsoft doesn’t allow pirated copies of Windows to use Windows Update (especially with the WGA tool or Windows Genuine Advantage).

Source: BBC News (Thanks Navin)


Posted in: Malware

Tags: , , , , , , , , , ,

Posted in: Malware | Add a Comment
Recent in Malware:
- Android Devices Phoning Home To China
- Linux kernel.org Hacker Arrested After Traffic Stop
- CuckooDroid – Automated Android Malware Analysis

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,573 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,700 views
- US considers banning DRM rootkits – Sony BMG - 45,003 views


FireCAT 1.5 Released – Firefox Catalog of Auditing Extensions

Find your website's Achilles' Heel


FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment

FireCAT 1.5 will be the last release of this 1.x branch. In fact, we are working on a new improved version 2.0 (management of plugins, instant download from security-database, ability to add new extension, extension version checker, Firefox 3.X compatible extensions..)

Changes for FireCAT 1.5

Categories :

  • New sub-category added “Anti Phising / Pharming / Jacking” under “Misc”
  • Renamed category “Network utilities” to “Network tools”
  • Added new sub-category “Protocols/Application” under “Network tools”
  • Added sub-category “Passwords” under “Network tools”

Extensions:

  • TraceAssure added in “Misc -> Anti Phishing”
  • Added Surf Jacking Cookie Security Inspector in “Misc->Anti phishing /pharming/jacking” : This extension is based on Sandro Gauci’s paper
  • Added entry Exploit-Me Suite in category “Security auditing”
  • Access-Me added in “Security auditing -> Exploit-Me Suite”
  • Added DNS Unpinning in “Network tools -> Protocols/application”
  • Added UnhidePassword in “Network tools -> Passwords”
  • Added BestSecurityTip in IT Security Related
  • Fixed links to SQL Inject-Me and XSS-Me

You can download Firecat 1.5 here:

FireCAT 1.5 Source (Zip – 5.2 kb)
FireCAT 1.5 Browsable HTML (Zip – 90.2 kb)
FireCAT 1.5 PDF (PDF – 224.1 kb)

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- PyExfil – Python Data Exfiltration Tools
- Netdiscover – Network Address Discovery Tool
- Kautilya – Human Interface Device Hacking Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,000,364 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,509,238 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 691,716 views