Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

07 November 2006 | 3,089 views

Spamhaus & e360 Battle is Heating Up

Check Your Web Security with Acunetix

The battle is heating up between the spammers e360 and the anti-spam warlords Spamhaus, some say the Internet may meltdown if Spamhaus stops its service..

Some estimates say 80% of spam is stopped by Spamhaus and e-mail could suddenly shoot to a server melting rate if their service is pulled.

The legal battle between antispam organisation Spamhaus and David Linhard, of e360 Insight, is heating up, with a court order that could cause a temporary ten-fold surge in spam.

Spamhaus has a user base of around 650 million, and its lists block some fifty billion spams per day, according to the project’s chief executive, Steve Linford.

Linhardt sued the UK-based anti-spammers in an Illinois district court after being listed in Spamhaus Register of Known Spam Operations (ROKSO).

Although Spamhaus maintains the Illinois court has no jurisdiction over an organisation based in the UK, district court judge Charles Kocoras awarded a total of US$11.71 million (NZ$17.7 million) in damages to Linhardt.

I hope they can escape from this whole mess as although Spamhaus are known for being harsh, they do a good job.

It seems unlikely that ICANN or Spamhaus will accept an order to suspend spamhaus.org without a fight, Cox says. Linhardt may try to have the proposed order changed before issuance, Cox says, to include in it other parties. Should Linhardt be successful, Cox says it means a US District Court will have dictated to a non-US organisation what domain name it can use. This, he adds, is likely to cause great concern to internet users worldwide who resent the imposition of US-based ICANN as the sole governing body in these matters. ICANN is therefore likely to want to stay out of the dispute as much as possible.

I don’t think ICANN should or will intervene, let’s just wait and see as this battle reaches critical mass.

Source: Computerworld


04 November 2006 | 13,855 views

McDonalds Japan Spreads Malware on MP3 Player

This is pretty funny, but frankly typical of McDonalds..act before they think, it’s cheap, it’ll get more customers, whack it out!

They gave out a bunch of flash drive mp3 players as a promotion, it turns out every single one was loaded with a fairly nasty piece of spyware!

McDonalds Japan has launched a recall after discovering that MP3 players it offered as a prize were loaded with a particularly nasty strain of malware. Up to 10,000 people might have been exposed to the problem after claiming a Flash MP3 player pre-loaded with ten tunes and a variant of the QQpass spyware Trojan.

Not nice eh? Pretty bad too as it doesn’t just track your surfing habits, it actually sends out your passwords over the web.

Punters received the contaminated gift after purchasing a large drink form the fast-food chain in Japan and submitting a serial number contained on the beverage holder as part of a competition, sponsored by McDonalds and Coca-cola. Users who connected the McDonalds-branded MP3 player to their Windows PC were exposed to spyware code programmed to transmit their web passwords and other sensitive information to hackers. The cause of the accidental infection is unclear but past experience suggests a contaminated machine involved in loading content onto the players is the likely culprit.

They are really sorry, honestly..

McDonalds Japan has apologized for the cock-up and established a helpline designed to handle the recall of the infected MP3 players and send out uncontaminated music gizmos. A Japanese-language statement also explains how punters can cleanse potentially infected PCs

Apologised, meh! Any thoughts?

Source: The Register

02 November 2006 | 52,364 views

Wyd – Automated Password Profiling Tool

Wyd is a neat tool I found recently for Password Profiling.

In current IT security environments, files and services are often password protected. In certain situation it is required to get access to files and/or data even when they are protected and the password is unknown.

wyd.pl was born out of those two of situations:

  • A penetration test should be performed and the default wordlist does not contain a valid password
  • During a forensic crime investigation a password protected file must be opened without knowing the the password.

The general idea is to personalize or profile the available data about a “target” person or system and generate a wordlist of possible passwords/passphrases out of available informations. Instead of just using the command ‘strings’ to extract all the printable characters out of all type of files, we wanted to eliminate as much false-positives as possible. The goal was to exlude as much “unusable” data as possible to get an effective list of possible passwords/passphrases.

At the moment the following file types are supported:

  • plain
  • html
  • doc
  • ppt
  • mp3
  • pdf

There is more info here.

You can download Wyd here:

Wyd – Latest Version

01 November 2006 | 5,904 views

Hackers Target Home Users for Cash

Hackers are switching targets now, companies are getting too hard to break into due to the availability of decently configured perimeter kit like firewalls and IDS.

Plus the information they do get if they manage to break in is often worthless commercially and really not worth the effort.

So instead, they target the end user, home bankers, those who they can scam, con or phish!

Consumers are now on the main target of malicious hackers intent on enriching themselves through the misery of others. Vulnerabilities in desktop applications and the increased use of stealth techniques are on the rise among members of the digital underground, according to the latest edition of Symantec’s Internet Security Threat Report.

The report, which covers the first half of 2006, suggests that consumer security protection is weak, leaving Joe Public easy prey to identity thieves, botnet herders and other financially motivated criminals. Crackers are using a variety of techniques to escape detection and remain on infected systems for longer. Symantec reckons assaults against consumers account for 86 per cent of all targeted attacks. Banks and other financial sector organisations are the second most prevalent target for internet attacks. Phishing attacks almost doubled during the reporting period.

The information on your desktop could be valuable to someone…remember aswell spyware/adware companies are making tens of millions infecting users and just simply collecting information about Internet useage and surfing habits.

In the first half of 2006, 18 per cent of all malicious code samples detected by Symantec had not been seen before, indicating that hackers are trying harder to evade detection by signature-based anti virus and intrusion prevention systems.

Phishers are also attempting to bypass filtering technologies by creating multiple randomised messages. In H1 2006, 157,477 unique phishing messages were detected, 81 per cent more than the previous six months. The financial services sector was the most heavily phished, accounting for 84 per cent of phishing sites tracked by the Symantec.

This shows a BIG pickup in new and unique code, people are trying harder and getting smarter, phishers are starting to use the tricks spammers are already using. Loads of phishing.

Source: The Register

31 October 2006 | 5,586 views

New Firefox vulnerability – DoS and [DELETED] – UPDATED

This has just been posted to Bugtraq.

For now you can test if your version is vulnerable, here. (will cause Firefox to close)

So far Firefox and 2.0 (Linux) have been tested, and both vulnerable. Firefox 1.0.7 (Win32), not vulnerable.

The code used on the test page and the one submitted to Bugtraq can be found here.

Severity: … not really

Update: This attack does not allow remote code execution! It has been posted on the mailing lists and several news sites.

31 October 2006 | 11,500 views

PMD – Java Source Code Scanner

Continuing with the series of tools I’ve been posting on source code auditing and application security, here is PMD a Java Source Code Scanner.

PMD scans Java source code and looks for potential problems like:

  • Possible bugs – empty try/catch/finally/switch statements
  • Dead code – unused local variables, parameters and private methods
  • Suboptimal code – wasteful String/StringBuffer usage
  • Overcomplicated expressions – unnecessary if statements, for loops that could be while loops
  • Duplicate code – copied/pasted code means copied/pasted bugs

PMD is integrated with JDeveloper, Eclipse, JEdit, JBuilder, BlueJ, CodeGuide, NetBeans/Sun Java Studio Enterprise/Creator, IntelliJ IDEA, TextPad, Maven, Ant, Gel, JCreator, and Emacs.

You can read more about PMD at the homepage here.

You can download everything from here:

Download PMD

30 October 2006 | 7,104 views

Anti-Spyware Groups Still Require Legislation

Cyber and computer laws are always a grey area, they tend to be very vague and don’t cover specific technologies.

Spam is a good example, look at how long we’ve been getting spammed, and it’s been a SERIOUS problem for at least the last 5 years, spam legislation has only started coming in to effect in the last 1-2 years seriously..

Now it’s time to look at Spyware?

Even though security technology is improving, spyware legislation is still needed from Congress because many consumers don’t use all the tech tools available to them, antispyware groups said Thursday.

Antispyware groups including the Center for Democracy and Technology (CDT) and StopBadware.org called on Congress to pass antispyware legislation during the last days of the 2006 session. Although some studies show a small decrease in the amount of spyware on PCs, the use of spyware that logs keystrokes seems to be going up, said Ari Schwartz, deputy director of the CDT.

“The issue is everyone’s still making money doing this,” Schwartz said during an antispyware discussion in Washington. Spyware distributors identified by the Federal Trade Commission (FTC) or the CDT can pull in tens of millions of dollars in revenue annually, he added.

It’s true, sad, but true..The developers of spyware and making millions from it every year.

Antispyware technology can work, but 81 percent of home PC users don’t use all three common security tools — antispyware software, antivirus software and firewalls — according to a survey published in December by AOL LLC and the National Cyber Security Alliance (NCSA).

“We still think consumers are not protected,” said Ron Teixeira, the NCSA’s executive director. “If they don’t take these three core measures, it doesn’t matter what we do.”

So what to do?

Source: Computerworld

28 October 2006 | 17,676 views

BobCat SQL Injection Tool based on Data Thief

BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named “Data Thief” that was published as PoC by appsecinc. BobCat can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user has access to.

The methods that BobCat incorprates are based on those discussed in the following papers:

advanced sql injection
more advanced sql injection
advanced sql injection
manipulating sql server usig sql injection

I suggest if you are interested in SQL injection at all, you read all of the above papers.

BobCat Requirements

  1. Windows OS (Tested on XP SP2)
  2. Access to MS SQL server/MSDE2000 (Tested on MSDE2000)
  3. .Net Framework 2.0

Read more about BobCat here:

Northern Monkee – BobCat

Download BobCat here:

BobCat Alpha 0.3

Some tools to use with BobCat can be found here:

BobCat Tools

27 October 2006 | 5,176 views

Security Companies Fight Against Microsoft Security Center

No surprise really? Microsoft and they monopoly strategies, anti-competitive behaviour, nothing new really is it?

Microsoft and its security rivals are feuding over a key piece of Windows Vista real estate.

The fight is over the display of technology that helps Vista owners manage the security tools on their PC. Symantec, McAfee, Check Point Software Technologies and other companies want Microsoft to change Vista so their products can easily replace the operating system’s built-in Windows Security Center on the desktop. But Microsoft is resisting the call.

Microsoft was locking down the kernel too, how are other security companies supposed to survive?!

“By imposing the Windows Security Center on all Windows users, Microsoft is defining a template through which everybody looks at security,” Bruce McCorkendale, a chief engineer at Symantec, said in an interview. “How do we trust that Microsoft knows what all the important things about security are to warn users about?”

Windows Security Center, introduced with Windows XP Service Pack 2, pops up on desktops to alert PC owners if their firewall, virus protection and other security tools need attention. The version in the Vista update, set for broad release in January, will add new categories and management tools.

Microsoft better be careful unless they want another antitrust case to brew…I’ve heard they will open up the Vista Kernel to certain companies though, will report more on that later.

Source: News.com

26 October 2006 | 18,564 views

ARPWatch-NG ARP Flooding/Spoofing Protection/Detection

If you are paranoid about people ARP spoofing or flooding on your network you can use ARPWatch-NG, ARPWatch-NG is a continue of the popular original ARPWatch from ftp://ftp.ee.lbl.gov/.

ARPWatch monitors MAC adresses on your network and writes them into a file, last know timestamp and change notification is included.

It can be used it to monitor for unknown (and as such, likely to be intruder’s) mac adresses or somebody messing around with your ARP/DNS tables.

There have been quite a few fixes lately, so it’s recommended of course to get the latest version!

arpwatch NG 1.5:

try to report error on startup better _ arp.dat _ ethercodes.dat [FIXED]

arpwatch NG 1.4:

try to report _all anomalities via the report function _not syslog [FIXED]

mode 2 _ make action list parseable [FIXED]

further static’fy local functions in arpwatch.c [FIXED]

ethercodes updated from nmap-4.11 and removed old ones [UPDATED]

arpwatch NG 1.2:

on make install also install man-pages [FIXED]

ethercodes updated from nmap-4.00 [UPDATED]

You can download the latest version of ARPWatch here.