Social Icons

Showing posts with label cyber crime. Show all posts
Showing posts with label cyber crime. Show all posts

Wednesday, February 01, 2012

AVOID OPENING MULTITABS IN BROWSERs

1.  Has it ever happened that you get a mail in one your various Email IDs from Facebook or some other site that you never linked up with....?I am sure if you are a regular browser on social networking sites,this must have happened once...and it must have kept you thinking...HOW ??

2.   This happens when you have that email id open in some other tab and your Facebook account open in other...typically in a multitab session wherein you have opened many sites under one browser in various tabs..... that's when info gathering sites get your email id and things related to their interest.....TAKE CARE

Tuesday, January 31, 2012

BACTERIA in COMPUTERS

1.  I had heard for so long about Virus'es,worms,trojans................but never heard and read about BACTERIA till recently.....even googled...could not find much except at http://docstore.mik.ua/orelly/networking/

2. Few points about BACTERIA :


- Makes copies of themselves to overwhelm a computer system's resources.

- Also known as rabbits, are programs that do not explicitly damage any files.

- Sole purpose is to replicate themselves.

- May do nothing more than execute two copies of itself simultaneously both of which may copy themselves twice, and so on.

- Reproduce exponentially, eventually taking up all the processor capacity, memory, or disk space, denying the user access to those resources.

- One of the oldest forms of programmed threats.

Monday, January 23, 2012

SURF SAFE : SURF http'S'

1. In our endeavor to safely surf the web,rest assured ....we will never be safe in recent times to come.But we can always keep improving our surfing habits so that we are not easy victims.

2. Using HTTPS, the computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers.

3.  As on date almost all the browsers offer plugins from their respective web stores that include what I am talking about here ie HTTPS ENFORCER.The HTTPS Enforcer extension makes it easy to ensure you’re connecting to secure sites by rewriting all requests to an HTTPS URL whenever you visit one of the sites HTTPS Enforcer supports.

4.  So install HTTPS plugin for ur respective browser...and SURF SAFE.

Wednesday, January 18, 2012

KOOBFACE guys CAUGHT : FACEBOOK

1. Koobface is not something new for the cybercrime followers.....some thing in brief for those reading about this first timehere :

- is a computer worm that targets users of the Facebook.

- koob is book spelled backwards, making the name koobface an anagram for the word Facebook.

- Koobface targets Facebook users via fake friend messages that encourages people to click on links that installs a malicious worm

- Messages like, "you look funny in this video" or "you look so stupid in this pic" are used to persuade somone to click on the link attached. Once the user clicks on them it takes you to a video which doesn't play and they ask you to download certain codecs which can be a fake 'flash_player.exe' file.

- If this file is downloaded, your computer becomes open to Koobface malware.

- It downloads a file 'tinyproxy.exe' which hijacks your PC.

- It even alters search results from Google, Yahoo etc and redirects to websites selling malicious softwares.

- Kaspersky Labs has estimated the network includes 400,000 to 800,000 PCs worldwide at its height in 2010.

- Victims are often unaware their machines have been compromised.

2. Facebook two days back unmasked the team behind the notorious Koobface virus that hit the social network for two years beginning in 2008.

ABOUT THE GANG

- Five men believed to be responsible for spreading this notorious computer worm on Facebook.

- Have pocketed several million dollars from online schemes.

- Are likely hiding in plain sight in St. Petersburg, Russia, according to investigators at Facebook.

- One member of the group has regularly broadcast the coordinates of its offices by checking in on Foursquare, a location-based social network, and posting the news to Twitter.

- Photographs on Foursquare also show other suspected members of the group working on Macs in a loftlike room that looks like offices used by tech start-ups in cities around the world.

- Ultimately, the Koobface gang was identified by the researchers as Anton Korotchenko, Alexander Koltyshev, Roman Koturbach, Syvatoslav Polinchuk, and Stanislav Avdeik.

Thursday, January 12, 2012

OIL & GAS : CYBER HACKED


1.    McAfee has recently revealed and confirmed about computer hacking on un-named global oil, gas and petrochemical companies, and individuals and executives in Taiwan, Greece, and the United States, to acquire proprietary and confidential information. This has also been confirmed by five oil and gas companies that had  that the attacks took place, and the attackers were looking for documents about oil and gas exploration and bidding contracts.The source of the attack as usual has been found to be from 'several locations in China'.(Is there any thing new about this ?????)

2.    Oil companies expect such attacks getting more frequent and more meticulously planned. The determination and stamina shown by some modern hackers has increased and there are more multi-pronged, co-ordinated attacks. 

3.    Hackers have started bombarding the world's computer controlled energy sector, conducting industrial espionage and threatening potential global havoc through oil supply disruption.Since Computers control a relatively high percentage distribution in systems,thus are increasingly becoming vulnerable to cyber attacks that could put fuel production technology in the docks!!!

4.    The issue is indeed alarming and needs urgent attention at global level.It is not that my country is not effected or why should I be bothered ?We all are going be effected in the long run because we all r users and part of the last mile chain.Stuxnet,Duqu etc are some of the culprit virus which have been caught doing the action.What about the other thousands and may be millions who are already into action in the background.Japan has recently come up with the good virus ie CYBER WEAPON.Now this one acts like a immunization pill.It resists the virus.About 3 yrs and few billlion dollars have gone into the making.This is just the beginning and I am sure in the rat-cat race aka the good/bad guys of the cyber space there will be moments when the cyber crime over shadows the strengths of cyber power...but its upto the overall cohesive planning that all countries have to work together at the earliest.If late,there will be no other chance.Hackers are already doing it together as one team.....but we all act as teams of different nations.....we should be one GLOBAL TEAM!!!!

5.   Thanks  http://www.mcafee.com 

Tuesday, January 10, 2012

NATIONAL CYBER SECURITY POLICY : DRAFT


1.    Finally we are working on a national cyber policy....infact late but ...IT'S NEVER TOO LATE....the thing that we have started on this is a good sign.The draft of the subject policy is available at www.mit.gov.in/sites/upload_files/dit/files/ncsp_060411.pdf and is in fact inviting comments in case u have any!!!

2.   The draft is a 21 page report.After going through the same I have given the following points at the desired email address available in the draft report.

PARA 3.3 (I) C
GOVERNMENT SECURED INTRANET :
Addition point :

“ In addition to the emphasis on creation of such kind of intranet, efforts at the design stage should be made to exclude all possible options of internet connectivity with this intranet to avoid any kind of imminent threats. This intranet may need internet for various updates etc ,but this should be a privilege access point and no node should be allowed a free access. Any attempts to connect the same may invite action as a threat to nation. The limited internet connectivity to this is required for the following purpose :

- It is the most common action by any user to browse the net. Once given a opportunity he/she is always eager to access emails and download malware or infected software or any third party application. This is the point where command and control centre of a Botnet can be established by a cyber criminal. To avoid such practices it would always be the endeavor of the designer and the super administrator to ensure physical separation of Intranet and Internet. This Intranet should also be subject to regular cyber /IT audits by govt recognized penetration testers and forensic experts to maintain a cyber secure working environment.

PARA 3.3(D) @ Page 12
OPEN STANDARDS

The strength and power of open standards and applications remains unexploited in our country. Other developed nations who have realized the potential of this standard are already contributing significantly to their positive growth in cyber space. This has largely been possible owing to the lack of exposure of such standards by the new generation who is only exposed to the windows environment. Policy should be in place to ensure growth of open standards at school level curriculum.

PARA 3.5.2
COMBATING HIGH TECH CRIME/CYBER CRIME

Though the cat and mouse race between the good and the bad cyber guy would remain on always,it is worth noting that cyber crime if not controlled at such a nascent stage of induction and growth, has the full potential to become a cyber threat.No single policy would be able to achieve a CYBER CRIME FREE CYBER SPACE.It remains the onus of the common man how he tackles the cime himself.It is here that the National Cyber Policy can contribute in the following manner :

- Cyber Huntsville is a collaborative cyber community with the aim of attracting and developing the brightest minds, attacking the most complex problems, and providing the best solutions of national and international significance. Cyber Huntsville is an integral part of the National Cyber Initiative. Similar establishments should be encouraged at India level. More info at http://www.hsvcity.com/cyber/

4.2.3
Thrust areas of R&D  : 

-  Thrust areas of R&D should majorly focus on inducing maximum SRS and QRs at the DESIGN STAGE. Because, if not done at this stage, whatever work follows is patch work that remains a cover up action.
- Analysis of data flow in a network
- Pentration testing
- Storage solutions with backup, archiving, recovery provisioning of entire data.

5.1.1
ENABLING PEOPLE

Promoting a comprehensive national awareness program to include organizing seminars, events, webinars, guest lecture’s in tie up with established societies like IETE,Institution of  Engineers, Computer Society of India etc

Besides,these points I would suggest to include ensuring information security by managing the flow of information to the citizens as well as on securing its physical information infrastructure.The policy should call for the following :

- Popularize e- government
- Optimize the cyber industry structure.
- Provide a rugged 24x7 nationwide cyber infrastructure.
- Promote innovation of cyber technologies.
- Build a cyber oriented national economy.
- Design way to advanced internet culture.

THE GOOD VIRUS : "CYBER WEAPON" BY FUJITSU,JAPAN


1.   Have u seen the epic movie SHOLAY.....where bad guys are hired to kill bad guys by the good people...its a must watch for those who have not seen this...on the same lines recently Japanese government has done some homework to counter cyber crime.....Outsourcing and working with Fujitsu to fight cyber crime with the help of developing a CYBER wEAPON VIRUS that automatically seeks out and destroys enemy viruses.Cyber Weapon almost acts like a human immune system tracking down and weeding out invading viruses. Systems like these are needed when facing the latest advanced threats.Few additional It is the culmination of a $2.3 million, three-year project to develop a virus and equipment to monitor and analyze attacks.  It is reported U.S and china have already put so-called cyber weapons into practical use.

2.   Tracing the source of cyber-attacks is notoriously difficult, mainly because attackers routinely hide behind botnets and anonymous proxies to launch attacks, such as denial of service assaults.Getting this right is a far from trivial process and the potential for collateral damage, even before hackers develop countermeasures, appears to be considerable. Few more points here about this good VIRUS :

- Currently, the virus is being tested in a “closed environment” to examine its applicable patterns. 

- The project is actually outsourced to Fujitsu Ltd. 

- It is capable to disable the incoming attack and record forensics data.

3.   It would actaully be interesting to know how would this be able to trace the source of cyber-attacks as claimed at times like today when the botnets and anonymous proxies are getting better and stronger by the day.

Sunday, October 30, 2011

BACKTRACK 5 : How to use ?

Recently uploaded a step by step with screen shot on how to use and benefit from BACKTRACK 5 on a virtual lab platform.....

Backtrack 5

Monday, October 10, 2011

nVidia GeForce GPU cracks six character password in four seconds

1.  An nVidia GeForce GT220 graphics card, which costs about £30, is capable of cracking strong passwords in a matter of hours. Security experts were able to crack a  6 character password in 4 seconds, a 7 character password in less than 5 minutes, and 8 character password in four hours.So guys ...have mentioned it so many times earlier...even a password upto 14 character in length has been shown easy to crack when i discussed at a post here about one year back....so better take care of ur passwords...small case with few caps and special characters with numbers upto a length of 10-15 should do it for the time being....things r getting nasty in the hacking world.....take care....

2.  more about this at...here...here...here....here...

Monday, June 13, 2011

FLIRT BOTS


1.   I am sure most of you at at some point of time in your cyber surfing would have come across chat/messenging softwares like MSN or yahoo to mention a few....now although pretty old for the regular security guys, but thought of mentioning it here in my blog of how many of us succumb to the meanly desires of hackers via FLIRT BOTS.....u heard it correctly they are known as FLIRT BOTS.... 

2.  Here's how Flirt Bots work:

- The Bot strikes up a conversation in a chat room

- The Bots use a series of easily configurable "dialogue scenarios" with pre-programmed questions and discussion topics to compile a report on every person it meets

E.g.: ilovyou@yahoo.com says: "hey, whats up?" and further to this conversation they are invited to visit a website which could be used for any variety of malicious activity.

E.g.: ilovyou@yahoo.com says: "Ok go to http://??????.??/?????? and accept the invite on the page baby"

3.   In this case the victim is sent to a website "?????????.com" and is asked to provide personal information including credit card details in order to view the "webcam."

4.   The site can be used for many things - to host malicious downloads, or to try to sell you Fake AntiVirus software. The URL can do and host whatever the "bot master" specifies it to be .Frequently cyber-criminals collect a database of personal information and sell it to the highest bidder or anyone who will pay

5.   These "Flirt Bots", were first reported as a proof of concept(Evidence that demonstrates that a business model or idea is feasible.) by PC Tools in 2007.Thanks http://www.pctools.com

SYMANTEC SPOTS ONE INTERESTING E-MAIL CAMPAIGN


1. A fresh spam outbreak has been detected online that's drawing attention widely and effects users with e-mails laced with malicious software. Reportedly, there's one web-link embedded in the spam messages supposedly providing details, while the same messages try to pull down a .zip file attachment.The interesting aspect regarding the new spam mail relates to the inclusion of a password that the recipient earlier used.Now if I see a passowrd which at one point of my cyber surfing I had used it is bound to stirr up doubts of it being actually genuine.Once i donwload this zip file ,the eventual aim is achieved ie downloading the inevitably malware.

2. Reportedly, the malware as mentioned above has been identified as Trojan.Zbot or Zeus a Trojan which tries to grab secret data after compromising an end-user's PC. Further, it may take down updates and configuration files online, according to Symantec.

3. Additionally the e-mail ids and their corresponding passwords within the above unsolicited electronic mails, arrive from one prominent social gaming website, known internationally and currently being most widespread inside Asia.

4. Hence, Symantec advises all those who think they've fallen prey to compromised accounts to scan their PCs with an AV program followed with resetting all vital passwords, particularly online banking passwords. Additionally, they must also keep a watch over their accounts should they suspect any fraudulent operation.

Sunday, March 13, 2011

QUALITIES OF A GOOD ANTIVIRUS

1.   Each Antivirus software in the web market today claims as the First and the topmost rated antivirus amongst all.Each has a claim that says "We check what others don't".A large percentage of typical user have actually got no way to check out who is the actual one...Who is the BEST? They then generally select the one that is based on the recommendations of their social circle and the convincing factor generated by the site of the product or simply put...it can ba random selection at last. In fact in my quest to search the best one amongst all....the number of QRs that one needs to check for one antivirus is a long one.Few of the qualities that should not be missed at all are briefly enumerated below.

WEST COAST LABS ANTI-VIRUS : The West Coast Labs Checkmark certification for antivirus effectiveness. WCL stands as a global leader in research, testing and certification for information security products and services. They have market-leading technology and testing facility in the UK, USA and india.Their services are being used by the leading global brands to create market advantage and by large business enterprises for obtaining crucial technical insight into product performance.WCL provides an authoritative and independent service, delivering sound, meaningful technical information on which critical business decisions can be made.More at http://www.westcoastlabs.org/


ICSA CERTIFIED : The ICSA is an independent organization that has a set criteria for certifying antivirus software.


AV COMPARATIVES : Anti-Virus Comparative test conducted in 2010. Overall scores are presented as Advanced + (A+), Advanced (A), Standard, and Tested.


SCOPE OF PROTECTION : Does the product protect from every threat? This rating evaluates the breadth and depth of security from the software. While most security solutions tout “multi-layered” protection, “360 degree” defense and/or even “100%” security, some are certainly more thorough than others. The best antivirus solutions will include traditional protection from viruses, worms, Trojans and spyware, but should also include defense from keyloggers, phishing scams, email-borne threats and rootkits. While antivirus programs are by no means full-blown internet security suites, they should protect from as many threats on as many fronts as they can.


EFFECTIVENESS : How effective is the application at protecting your computer from harmful viruses and other malware? This rating combines various tests and certifications to determine how well the software performs. Antivirus is specifically designed to protect your computer, so if it doesn’t do that well, what good is it? All the features, bells and whistles, or sleek interface can’t make up for poor performance. We look at results from the industry-standard security software testers and professional security organizations to find the most effective software available and evaluate overall effectiveness. In general, our highest ranked programs are also the most effective.


HACKERS : Anyone trying to take control of your computer for malicious purposes.


PHISHING : These criminal scams attempt to obtain your identifying information by disguising as legitmate sources (like your bank, eBay, or facebook).


ACTIVEX : Several Microsoft programs use ActiveX controls for good, but these components can also be taken advantage of.


USER PROFILES : The software includes distinctive interfaces or features for particular users (often beginners or advanced users).


SELF-DEFENSE : The software monitors itself and the computer, effectively protecting from intrusions or unauthorized changes.


SCHEDULING : The ability to schedule specific scans to occur at a specific time or interval.


HISTORY/REPORT LOGGING : The software keeps a record of the performed tasks and results for future reference or reporting.


SILENT / GAMER MODE : The 'gamer' mode allows you to use the computer in full-screen mode (for games, presentations, or videos) without interruptions from the security software.


LAPTOP / BATTERY SAVING MODE : The software can be set to delay scans or intensive processes for later in order to increase battery life.


LINK SCANNER : An integrated web tool that monitors web links and prevents/warns users from clicking on malicious sites.


BOOTABLE RESCUE CD :In the event of a complete system crash, you can use the bootable rescue disc to preempt the OS and clean the system.


FREE VIRUS SCAN ONLINE : The security manufacturer offers a free virus scan online (often with incentive to purchase their products for removal capabilities).


AUTOMATIC DEFINITION UPDATES : The program automatically updates virus definitions or DAT files. A virus definition is basically the formula that the software uses to determine if a file is infected by a specific virus.


MANUAL DEFINITION UPDATES : You can manually check for virus definition updates.


SCHEDULED UPDATES : Updates can be scheduled to run at a specific time or interval.


PULSE/PUSH UPDATES : Small, regular updates are initiated by the manufacturer as needed to deliver important updates.


ROLLBACK : The ability to revert to a previously working state if the most recent update causes a problem.


MANUAL SCANNING : Manual Scanning is the ability to start a scan of your hard drive at any time.


QUICK & DEEP SCAN : Manual and/or scheduled scans can either be quick (scan most important areas) or deep (full scan of computer).


OPTIMIZED SCANNING : The software is configured to scan efficiently, only scanning areas and files that have changed since the last scan.


SCAN INDIVIDUAL FILE(S) : The software can scan an individual file for viruses. This is often available by right-clicking on the file and choosing to scan.


EXCLUDE FILES : The software allows the user to designate certain files, folders, or drives NOT to include in the virus scan.


SCAN COMPRESSED FILES : Scans zipped (.zip) or other compressed files that are usually obtained through emails or downloaded from the web.


QUARANTINES INFECTED FILES : If a file is suspected of being infected with a virus, it moves the file to a "quarantine" area where you cannot accidentally access it.


AUTO-CLEAN INFECTED FILES : The anti-virus program will automatically clean or fix files that are infected.


SCAN USB (AND OTHER EXTERNAL DRIVES) : The software is capable of scanning external drives for viruses.


PASSWORD PROTECT SETTINGS : Prevents the Anti-Virus settings from being modified by other users.


ADJUSTABLE SECURITY LEVELS : Security can be customized and set to a particular level of potency.


VULNERABILITIES : Microsoft and third-part software vendors are constantly providing security patches or other updates. Some software takes a proactive approach and helps you stay on top of the most recent updates.


COOKIES : Though not typically malicious, cookies are little chunks of code stored on your computer from web sites.


SCRIPTS : Script Blocking technology monitors Java and VBS scripts and alerts users of virus-like behavior. They stop these viruses before they can infect a system without needing virus definitions.


SPAM : Spam is unwanted email, whether it's annoying advertisements or a link to a virus.


AUTO USB DETECT : Most antivirus software can scan USB drives, but some automatically detect when an external drive is plugged in and will block malware from automatically running.


VIRUS SIGNATURES: Traditional virus detection is based on identifying malware by matching it with known viruses.


BLACKLISTING : Setting a file or website on the "blacklist" means that it should never be allowed.


WHITELISTING : Setting a file or website on the "whitelist" means that you trust it and don't need the security software to scan/block it.


HEURISTICS : Proactive virus blocking is possible with behavioral analysis, file emulation, and/or generic signature detection.


REAL-TIME : Real-time protection means that the software protects you from viruses automatically, while the data is being accessed.


SECURITY NETWORK : This security approach involves the software manufacturer gathering anonymous information about your system in order to benefit everyone. If a virus is found on your computer, they can quickly find the cause and update definitions for all users.


ON-ACCESS SCANNING : Your files are scanned when you receive them and when you try to access them.


ON-DEMAND SCANNING : You can determine which files and when to scan for viruses. It's like manual scanning but you can be more specific and scan a file at a particular time. Simply right-click on the filename.


ADWARE : Though not always harmful, these annoying programs cause advertisements to display on your computer without your permission.


EASE OF INSTALLATION : How easy is the product to download, install, and setup? This rating is determined by install speed and simplicity. Security software shouldn’t be a chore to install, and should have you protected as soon as possible. From download to install, to the first scan; implementing antivirus software should be quick and easy.


EASE OF USE : How usable is the product? The Ease of Use rating reflects how easy the product is to use, run, and maintain. Antivirus software is complex stuff, but shouldn’t require a degree in computer security. The best security programs have all the features security experts want, but are just as easily used by a beginner. Everyday computer users want a security solution that they can install and forget about; software that doesn’t require constant maintenance or have annoying interruptions. The best antivirus software is flexible enough to do exactly what you want to (even if that means running by itself).


FEATURES : Does the software include additional benefits? Whether for added security or simple convenience, more features usually means better software. A well-rounded feature set takes a security solution from good to great. More than bells and whistles, added features provide security, usability and performance benefits.


UPDATES : Are timely updates delivered effectively? This rating is based on the frequency and versatility of virus database updates. Security software is only as good as its latest update. Viruses are being identified and added to signature databases all the time, so it’s important that your virus definition list updates accordingly. Modern antivirus software are equipped with automatic updates that perform regularly enough that you get faster updates that don’t slow down your system. The best security providers even “push” updates to you as soon as they’re available.


HELP & SUPPORT : Does the product offer additional support and helpful resources? This rating is based on the quantity and usefulness of additional product support. The best software doesn’t require reading an in-depth manual to use, but still has one available. For specific questions, troubleshooting, and additional help, the best antivirus manufacturers provide superior product support online and off. Additional support for software may come in the form of assistance over the 24x7 phone, email, live chat, or through a number of additional resources (knowledgebase, FAQs, tutorials).


BACKDOOR : A special type of trojan (often called remote access trojan or RAT), they essentially give control of your computer to a hacker.


THREAT DETECTION includes : Virus,Worm,Trojan,Spyware,Malware,Rootkit.


BROWSER EXPLOITS : malicious code that takes advantage of an internet browser vulnerability to make the browser do something you don't want (freeze, crash, change settings, etc.)


OS EXPLOITS : Malware that is designed to take advantage of a vulnerability in the Windows Operating System.


KEYLOGGERS : A virus designed to track and monitor user keystrokes, often used to steal passwords, credit card numbers, etc.


INBOUND EMAIL PROTECTION : The anti-virus software scans files received through incoming emails on a POP3 account.


OUTBOUND EMAIL PROTECTION : The software scans outbound email attachments so you don't spread viruses to others.


INSTANT MESSAGING PROTECTION : The anti-virus software scans files received through instant messaging (MSN Messenger, AIM, Yahoo Messenger).


P2P/FILE SHARING PROTECTION : The software protects from malicious files downloaded and/or accessed from peer-to-peer file sharing programs.


REGISTRY STARTUP PROTECTION : The software provides protection before the OS loads, or has the ability to scan registry files.


DIALERS : Malicious program that takes control of your computer and uses it to dial expensive phone numbers.


SUPPORTED CONFIGURATIONS : Does it incl compatibility with Windows 7 (32 bit),Windows 7 (64 bit),Windows Vista (32 bit),Windows Vista (64 bit),Windows XP (32 bit),Windows XP (64 bit)


2.   Thanks http://www.toptenreviews.com/ and for those who want a pdf click here to access http://www.scribd.com/doc/50645603/Qualities-of-a-Good-Antivirus

Saturday, February 19, 2011

Be veri careful : Recent cases of duping online in DELHI


1.    Inspite of regular discussions,regular readings of various advisories,the tongue(greed) of lust for more money doesnt stop..& it keeps looking for opportunities and thus keeps succumbing by loosing more ....In a recent case both pertaining to saadi own dilli...two understandably IT educated pers were robbed of a high value money transaction...how????briefly mentioned below :

- New Palam Vihar Resident case : The case pertains to the resident of New Palam Vihar at New Delhi, India, Mr Dalbir Singh who recently recieved the typical e-mail of winning a lottery of ` 14 Crore ($ 37,000 approx) in the UK.Mr Dalbir Singh contacted the accused for ascertaining the lottery amount and was convinced to pay Rs 17 Lakh for exchange purpose as foreign currency had to be converted to rupee.Mr Dalbir Singh instantly transferred money from his account to the account of the fraud.Since that day of transfer Mr Dalbir Singh has been only recieving CONDOLONCES from all his friends and relative circle around.A very typical case of cyber lottery fraud.....

- E-mail Scam Tricks Student of JNU : This case pertains to the a Jawaharlal Nehru University (JNU) student who was recently defrauded off Rupees 3 lakhs when he fell for a malicious e-mail scam.Initially an e-mail came to the student apparently from an institution called Global Watch Institute, asking him for being present in dual seminars on the topic: Racism and Human Rights the Institute was holding one each in Madrid and New York.The student stated that the first message came to him on December 17, 2010. And, according to him, since his field of study had a connection with the topic, he responded stating he was interested.The e-mail also promised about bearing the entire cost of the student's trip. However, over time the fraudsters started asking for money from him to take care of certain expenditures such as booking his hotel at Madrid along with health insurance asserting that they'd all be refunded when he'd arrive in New York.The student, believing the e-mail, wired the money, but neither heard of any seminar nor a trip abroad, he stated. Indeed, all the things written inside the electronic mail was false.Worryingly, the above mentioned e-mail fraud, according to security specialists, is an edition of the 419 scam, which's also called Advance-fee Fraud.They (specialists) outline that the method of operation in these malicious e-mail campaigns involves duping a victim with fake pledges about certain huge reward to such an extent that he acquiesces to remit money. For example, in the current instance, the scammers tricked the student into transferring cash after promising falsely about arranging his presence at the seminars abroad.This is more organised form of the frauds and scams that are happening all across.....

2. A Netizen need to know that they cannot win a lottery unless they have not invested money on it.Please always take care of what you do on the net specially when u r doing some kind of finacial transaction

Sunday, February 06, 2011

DRIVE BY ATTACK

1.   A small and easy to infer article on DRIVE BY ATTACK here

2.   Thanks http://www.bitesofapple.com

Win32.Hlux : January 2011 " King of worms"


1.   Email-Worm.Win32.Hlux was talk of the E-town in January across the webosphere. This mail worm spreads via emails containing malicious links that prompt users to install a bogus Flash Player, supposedly to view an e-card. The link leads to a dialog window that asks if the user agrees to download a file. Irrespective of the response, the worm sets about to penetrate the system. In addition to propagating via email, Hlux also has bot functionality and adds infected computers to a botnet before connecting to its command center and executing its commands, which are primarily directed at sending pharmaceutical spam.

2.   Kaspersky Lab also detected a Trojan dropper masquerading as a key generator for the company's products. The old adage "There's no such thing as a free lunch" is particularly fitting here as the dropper goes on to install and launch two malicious programs. One of them steals program registration data and passwords for online games. The second is a backdoor that also has keylogger functionality.

3.   Kaspersky Lab also found the mass distribution of malicious short links on Twitter. After a number of redirects, the attention-grabbing links led users to a page promoting a rogue AV program.

4.   Apart from these two hardworkers(?????..i mean mal hardworkers) in january,the other shining star in the E-crime world is AdWare.Win32.WhiteSmoke.a which if clicked, will download a program that demands payment to rectify errors it supposedly detects on the system.

5.   More detailed report on http://www.kaspersky.com

Saturday, January 29, 2011

BitDefender : Tips for Safe Shopping on Mobile Devices

A small piece of advice by BitDefender on security aspects while using new generation mobile devices.Pls click HERE

Trojan.Spy.YEK : The Corporate Spying Tool


1. The Stuxnet trembles and quakes are still not over and unlikely to be forgotten for some years.After the stuxnet storm ,each one from the corporate sector IT bosses to IT admins in individual capacities,every one was trying to be careful of any sign of outside intrusion . These days when some e-threat comes along and sniffs for critical data, it could mean billions & trillions of money IN/OUT in seconds. 

2. Trojan.Spy.YEK is unlike a regular Spying Trojan that looks for documents and archives that may hold private information but also sends it back to the attacker.

3. Trojan.Spy.YEK has both spying & backdoor features with an encrypted dll in its overlay, this Trojan is easily saved in windows\system32\netconf32.dll and once injected in explorer.exe nothing can stop it from connecting (whenever necessary) to a couple of easy pings & sharing all with the attacker.

4. The backdoor component helps it register itself as a service so as to receive and follow instructions from a command and control center, while the spyware component sends away data about files, operating system, while also making screenshots(trying to make a user freindly hand guide for later action...isn't it so caring?????) of the ongoing processes.

5. Some of the commands it is supposed to execute are: sending the collected files using a GET request, sending info regarding the operating system and computer, taking screenshots and sending the results, listing the processes that run on the system and sends them away, finding files with a certain extension. Shortly put, it uploads all the interesting data on a FTP server without the user’s consent.

6. The fact that it looks for all that it is linked to archives, e-mails (.eml, .dbx), address books (.wab), database and documents (.doc, .odt, .pdf etc) makes Trojan.Spy.YEKa prime suspect of corporate espionage as it seems to target the private data of the companies.

7. This infection will change the registry settings and other important windows system files. If Trojan.Spy.YEK is not removed it can cause a complete computer crash.Some Trojan.Spy.YEK infections contain trojan and keyloggers which can be used to steal sensitive data like passwords, credit card, bank account information etc. 

8. On top of that, the Trojan can run without problems on all versions of Windows® from Win 95® to Seven®. 

Case of Albert Gonzalez : The Largest Online Fraud in U.S. History


1. This case that I recently read in brief pertains to an interesting online fraud case against Albert Gonzalez.I have made it in a sequential point to compress the complete story for easy reading and grasping :

(a) Albert started using computers at an early age, and while in high school, managed to hack into the Government of India's website[ :( ]. Sadly, he was not charged at this stage and only warned to stay away from computers for six months.

(b) At the age of 19, he started his own group of hackers, named ShadowCrew, which trafficked over a million credit card numbers for use in online fraud. When the FBI finally managed to shut the group down, Albert was charged. However, he worked with the investigators and gave away vital information on his cohorts and did not need to serve a sentence. 

(c) Still on,Albert after two years worth of hardwork(????) compromised on sensitive data including 45.6 million credit and debit cards.

(d) TJX Companies notified the authorities of their data leakage. Albert had the abilities to crack and hack his way through, but the low security measures didn't help TJX. Albert was able to install his malware and sniffing software onto the networks of TJX and all the stores operating under them, even outside of the United States. TJX discovered the breach in December of 2006 and was under the belief that they had only been losing data for the past six to seven months, dating back to May 2006. After further investigation, they found that they were losing sensitive data since 2005. Albert had already moved on to bigger and better operations by the time TJX had even started discovering the extent of their security breach.

(e) Gonzalez and his accomplices used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet sniffing (specifically, ARP Spoofing) attacks which allowed him to steal computer data from internal corporate networks.

(f) During his spree he was said to have thrown himself a $75,000 birthday party and complained about having to count $340,000 by hand after his currency-counting machine broke.(ha ha ha.....wow!!!!anyway)

(g) Gonzalez had three federal indictments:
- May 2008 in New York for the Dave & Busters case (trial schedule September 2009)
- May 2008 in Massachusetts for the TJ Maxx case (trial scheduled early 2010)
- August 2009 in New Jersey in connection with the Heartland Payment case.

(h). On March 25, 2010, Gonzalez was sentenced to 20 years in federal prison.

2. For details of the case with many links please visit HERE

Thursday, November 04, 2010

Removing METADATA from JPEG & IMAGE FILES

1.    Invariably we all find various images from the net for our routine use,download them,modify them and use them in our sites and posts....but are we authorised to do so?...coz each jpeg and image file by a digital camera holds info in form of metadata and in few cases...the images may be copy right which may inadvertently rule against the user....so what to do to ensure safe...simple ...remove metadata from the image....but how?...here comes jhead for your help.Read and follow the instructions below :

- Press Start & Run or Windows key + R to open Run menu, type cmd.exe and press OK

- Type cd\     [To reach root directory]

- Type C:\md removemetadata     [To create a new directory by the name removemetadata]

- Type C:\cd removemetadata      [To reach the directory and Copy all pictures whose metadata is to be removed to this directory ]


- Download the program file jhead.exe to C:\removemetadata

- Type cd removemetadata

- To remove all metadata of all JPEG files in "this dir, type: jhead -purejpg * and press enter


- Done

2.    So doing this small,boring but important function will avoid case study like the mumbai case mentioned at an earlier post.

3.    Another easy way is to simply take a screen shot of the image and paste it in paint brush.But this would be cumbersome to do when the images are in bulk quantity.To download JHEAD...click here
Powered By Blogger