Recent Post
Wednesday, March 14, 2012
Monday, January 30, 2012
SP Toolkit - Open Source Phishing Education Toolkit
A new open source toolkit makes it ridiculously simple to set up phishing Web sites and lures. The software was designed to help companies test the phishing awareness of their employees, but as with most securi
ty tools, this one could be abused by miscreants to launch malicious attacks.
ty tools, this one could be abused by miscreants to launch malicious attacks.
The spt project is an open source phishing education toolkit that aims to help in securing the mind as opposed to securing computers. Organizations spend billions of dollars annually in an effort to safeguard information systems, but spend little to nothing on the under trained and susceptible minds that operate these systems, thus rendering most technical protections instantly ineffective. A simple, targeted link is all it takes to bypass the most advanced security protections. The link is clicked, the deed is done.spt was developed from the ground up to provide a simple and easy to use framework to identify your weakest links so that you can patch the human vulnerability. If the spt project sounds interesting to you, please consider downloading it for evaluation in your own organization. Feedback is welcomed and always appreciated.
Self-extracting archive (SFX) as Creative Virus Handler
Yesterday I Found and interesting article about "Self-extracting archive (SFX)" on Unremote.org by DarkCoderSc. SFX is a little application that contains compressed files. Creating a customized WinRAR SFX archives is a very easy task, but not all people know how to do it. It is therefore exactly the same as a .ZIP or .RAR archive. The only difference is that, when you execute it, will automatically extract the files. However, if you add some parameters, you can execute them after extraction or execute a shell command before extraction. So this feature can be used as good virus handler. Let's See how?
DarkCoderSc shared his experience with us using a Video Demonstration as shown Below.
- Start up the WinRAR application; click ‘Browse for folder’ under the ‘File’ menu and browse to the location of the file.
- With the file highlighted, clicking on the ‘Add’ button will kickoff the archiving process and selecting the ‘Create SFX archive’ option will give the file its self-extracting feature.
- Under the ‘Advanced’ tab and clicking on the ‘SFX options’ button, where we can now configure our ‘Advanced SFX options’.
- In the first input field you can add a file name that already exist on the current drive or one of the extracted files to execute after the extraction.
- In the second input field you can add a file name that already exist in the current drive to execute before the extraction.
PART 1: Run Basic Windows Shell Commands using SFX:
Example 1: %SYSTEMDRIVE%\windows\system32\cmd.exe /k shutdown -s -f -t 3600
In the first input enter this command if we generate the SFX package and run it after the extraction we see a DOS window and a windows notification saying our computer will shutdown in 1 hour.
Example 2: %SYSTEMDRIVE%\windows\notepad.exe c:\atextfile.txt
You can do this with any other present application on the system such as opening a notepad file.
Example 3: %SYSTEMDRIVE%\Program Files\Internet Explorer\iexplore.exe http://unremote.org/
Opening a webpage using Internet Explorer
PART 2: Run Advance Tricky Commands using SFX
Using only a little .dll in the SFX package attacker can download and execute an application on victim's system that can or cannot be a virus and For this we just required "Rundll32 Microsoft application" and "FASM (Flat Assembler) Compiler".
Now Create a new folder and a new file called ourdll.asm when its done open this file in FASM and pastethis code in the file. Edit the path to Files in sample Code for personal Usage.
In the first input enter this command if we generate the SFX package and run it after the extraction we see a DOS window and a windows notification saying our computer will shutdown in 1 hour.
Example 2: %SYSTEMDRIVE%\windows\notepad.exe c:\atextfile.txt
You can do this with any other present application on the system such as opening a notepad file.
Example 3: %SYSTEMDRIVE%\Program Files\Internet Explorer\iexplore.exe http://unremote.org/
Opening a webpage using Internet Explorer
PART 2: Run Advance Tricky Commands using SFX
Using only a little .dll in the SFX package attacker can download and execute an application on victim's system that can or cannot be a virus and For this we just required "Rundll32 Microsoft application" and "FASM (Flat Assembler) Compiler".
Now Create a new folder and a new file called ourdll.asm when its done open this file in FASM and pastethis code in the file. Edit the path to Files in sample Code for personal Usage.
Now in the menu bar click on “Run” >> “Compile”. Our dll is ready now, Let's create our SFX file downloader .
You need to follow the next steps:
- Right click on the dll and click on “Add to archive” << WinRAR explorer option
- Choose SFX package in the options list
- Go to Advanced Settings tab
- Click on SFX Settings button
- In extract to input add this line - "%APPDATA%\dcsc\ourdll.dll"
- In the first input parameter enter this line
%SYSTEMDRIVE%\windows\system32\rundll32.exe %APPDATA%\dcsc\ourdll.dll, dcscdownload
Now we can generate our archive, if we have correctly setup the SFX, then it will download and execute the chosen file after the full extractions.
PART 3: SFX as System Killer
The SFX manager includes two other dangerous functions (Run as administrator and Delete files after extraction). The option Run as administrator will ask to run it as admin, so the SFX will have all the rights on the system and, after extraction, the delete files will be usefull to do harmful things in the system.
To Get the Steps of this Method, You should Read the Original Article Written By Unremote.org.
Your Android really needs Antivirus Security ?
Why shouldn't you protect your Android phone? Why to use an Antivirus for your Android? So that users can protect their devices from trojans, viruses, spyware, and other types of malware. Most people carry a lot of sensitive data on their phones. Recently an SMS Trojan horse posing as a media player began infecting Android phones on Russian networks. Once the victim installed the malicious app, it began sending text messages to premium numbers, leaving the user with a huge phone bill.
Also Security researchers from Kaspersky Labs have intercepted a scareware variant targeting Android users, distributed as an Opera Virus Scanner. If the user clicks on the link, they’ll be asked to download VirusScanner.apk, which is currently detected as Trojan-SMS.AndroidOS.Scavir. If the user is using a non-Android device, they’ll be asked to download VirusScanner.jar currently detected as Trojan-SMS.J2ME.Agent.ij.
With this in mind we at The Hacker News have list down the top 5 antivirus apps for Android phones:
1.) Lookout Security & Antivirus: Lookout Security & Antivirus is arguably the most popular security and anti-virus for Android around. A free account lets you scan your phone for malware, back up and restore your data online, and use GPS to locate your phone should it ever get lost or stolen. [Get This]
2.) Avast Free Mobile Security: Avast Free Mobile Security supports a number of features that are usually available only in paid-for Android security software. These include privacy reports, call and SMS filtering, SIM-card change notifications, firewall and application management. [Get This]
3.) Kaspersky Mobile Security: Kaspersky Lab released a free security application to keep your contacts, email and banking information from falling into the wrong hands. Kaspersky Mobile Security Lite can also remotely delete all personal data from the device including contacts, addresses, calendars, text messages and email preventing sensitive information from being illegally used or stolen. [Get This]
4.) Norton Mobile Security Beta: Norton lends its anti-malware, anti virus, and security expertise to mobile. Smartphones hold a lot of valuable data: Text messages, e-mail, and even credit card numbers can reside on the device, where they're easily accessed. [Get This]
5.) Mobile Security 6.0: NQ Mobile released Mobile Security 6.0 for Android as a free download. It etects and deletes viruses, malicious URLs, and other threats before you even know they exist with newly enhanced features including GPS-based anti-loss/theft features, backup and restore tools for your contacts, complete privacy protection, traffic monitoring, and more. [Get This]
Perhaps it’s the 90’s and 80’s mindset that has us still thinking that cell phones are dumb single purpose devices, that causes us to not care about the security of our mobile devices.A wake up call to just how vulnerable cell phones are was recently raised when Google had to remove about 21 malicious apps from the market that were found to be nabbing user’s data. Go ! Get one Best Security Product for your Android from above list, If you really love your Phone ;-)
Hackers selling cheap BOTNETs and DDOS on forums
The Internet has revolutionized shopping around the world. Security researchers F-Secure reported recently in a post that hackers are Selling Cheap DDOS services on Various Forums. Hackers are offering services like distributed denial of service attacks (DDoS), which can be used to knock website offline in just 1 - 2 hours / 2$ per hour. They Posted a Youtube Video in which a young woman advertises DDoS services.
"We are here to provide you a cheap professional ddos service.We can hit most large websites/forums game servers.We will test the website/server before accepting your money.Due to the nature of the business we dont offer refunds." Offer said.
There is another Interesting Hacker's Shop ! Moreover, for their assaults, the hackers chiefly utilize botnets, while ignorant operators of computers remain unaware that they've gotten contaminated with malware as also being controlled remotely.
"Do you want to be king of the internet? If your answer is yes, then you are in the true place. All of programs has been made by professional coders." This website selling Local Botnet, Irc Botnet, Web Botnet and Keyloggers at 59$ only.
FreeDOS 1.1 released after being in development for several years
FreeDOS 1.1 has been released after being in development for several years. FreeDOS is an opensource operating system aiming to provide the same (or better) functionality as Microsoft'sold MS-DOS. Right now the main use is running old games and software, but you might encounter it on somefreshly sold computers, motherboard setup CDs, BIOS flashing diskettes, embedded hardware and other uses.
Bernd Blaauw has been hard at work, updating FreeDOS distribution to include the latest packages. Bernd writes: "In its current form this new distribution is best suited as a CD-ROM disk to install FreeDOS from onto harddisk. Sources are included. It might be considered as replacement for the current 'base-only' 1.0 distributions as created by Blair and Jeremy, however it's less functional as it's missing the Live Environment part (\FDOS directory on CD)."
New Version include the FreeDOS 2040 kernel, a new suite of high-performance TCP/IP x86 applications, initial USB UHCI controller support, a new install menu from the CD, a universal BIOS back-up program (FlashROM), updated memory drivers, limited USB flash disk support, and many program updates.
Hackers leak the Source Code for Symantec Product
A group calling itself the Lords of Dharmaraja posted an Adobe document online Wednesday that it claimed was a glimpse of the source code for the internet security software. But Symantec spokesman Cris Paden said "no source code was disclosed" in the post, which was a 12-year-old document describing how the software worked, but not the code. Paden said Symantec continues to investigate the hackers' claim that they have source code.
But now Symantec, the makers of Norton AntiVirus, has confirmed that a hacking group has gained access to some of the security product's source code.
"Symantec can confirm that a segment of its source code has been accessed. Symantec’s own network was not breached, but rather that of a third party entity.We are still gathering information on the details and are not in a position to provide specifics on the third party involved.Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec's solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time."
In a post to the site Pastebin, the hackers maintain they discovered the information in a hack of India's military computer network. The group claims to have found source code "of a dozen software companies" which have signed agreements to share code with Indian intelligence agencies.
After preliminary analysis appeared to contain source code for the 2006 version of Symantec's Norton antivirus product. Though the code is for an older version of the Norton antivirus product, the impact of the exposure is still as of yet undetermined. Symantec officials have indicated they will be providing more information as they continue their investigation, and certainly more will be known if the entirety of the compromised data YamaTough claims to be in possession of is finally released to the public as has been threatened.
Subscribe to:
Posts (Atom)