Social Icons

Monday, November 01, 2010

Bredolab grabs Attention

1.    A 27-year-old Armenian man has been charged as being the mastermind behind the Bredolab botnet, a network of millions of compromised computers worldwide.Main features of this trojan botnet are enumerated below for info : 
  • Users of computers with viruses from this network will receive a notice of at the time of next login with information on the degree of infection. 
  • Bredolab, known for spreading spam and rogue antivirus, is thought by some experts to have infected at least 30 million computers.
  • Spread via drive-by attack websites and spam email attachments.
  • Infecting machines with a backdoor that downloads additional malware without the victim's knowledge. 
  • Sends out spoofed password reset messages to Facebook users in an attempt to spread malware and infect users of the social network.
  • Has the power to obtain information on the user's computer including the ability to copy, change or delete files and other information," 
  • Pushdo botnet uses Facebook to spread malicious email attachment: A phony message warns users that their Facebook password has been reset.
  • Majority of infections are in the U.S. and the U.K. and many Western European countries.
  • Discovered by the Dutch High Tech Crime Team in the late summer.
  • Capable of infecting 3 million computers a month. The botnet network used servers hired in the Netherlands from a reseller of LeaseWeb, which is the largest hosting provider in the Netherlands, and one of the largest hosts in Europe.
  • Able to constantly change its appearance to avoid detection by traditional antivirus signatures. Like other botnets, the Trojan communicated with the command-and-control server using encrypted messages.
Posted by at 0 comments
Labels: , , , , , , , , ,

Adobe flash Player hit!!!!

1.    A critical vulnerability has been exposed in Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems & Adobe Flash Player 10.1.85.3 and prior versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component .

2.   This exploit (CVE-2010-3654) could cause a crash and provision attacker into the drivers seat to take control of the affected system. 

3.   Adobe has released recommendations of how to avoid becoming a target on the subject matter but is still working in labs to find a fix.....click here for more
Posted by at 0 comments
Labels: , , , , , , ,

Intel opens first chip plant in China??

1.    The article at this post here informs in detail about the location,capacity of the first Intel chip set plant in China.The new plant fulfills Intel's total investment commitment in China to $4.7 billion. Intel has also established an assembly and test site in Chengdu as well as R&D centers and labs in Beijing, Shanghai and elsewhere in China, it said.

2.    What made me took a second read on this article was that since about last 6 years,whatever Motherboards and Chipsets from intel I have bought and seen in various machines....all chip sets have a common imprint of MADE IN CHINA since then....so if this is the first plant being set up in china....where were the earlier ones being made or printed???????
Posted by at 0 comments
Labels: , , ,

6$ is all to shut down a Cloud Client site!!!!

1.    CaaS,as mention at an earlier blog post here,has come up with a new success(or is it failure?) story.Now this goes like this.....invest $6 and take down any client's server with the help of Amazon's EC2 cloud infrastructure!!!!!  

2.    The cloud-based denial-of-service attack was part of a presentation : Cloud Computing, a Weapon of Mass Destruction? An onsite demo during the presenatation by Bryan and Anderson involved entering a name and credit card number, the experts created a handful of virtual server instances on Amazon's EC2. They started with only three virtual servers, uploaded their prototype attack tool, called Thunder Clap, scaled up to 10 servers, and then took their client's company off the Internet.Security consultants David Bryan of Trustwave and Michael Anderson of NetSPI said that they encountered nothing to stop them, like no special bandwidth agreements and no detection mechanisms for servers taking malicious actions. Their Thunder Clap program uses cloud-based services to send a flood of packets toward the target company's network. They reported that they can control the software directly or through a command left on a social network.Bryan and Anderson launched the attack to test their client's network, a small business that wanted its connectivity tested. According to DarkReading, Bryan said, "A threat agent could potentially run extortion schemes against a company by attacking for a couple of hours -- and then telling the company that, if you don't pay me, then I will attack you again." Amazon reportedly failed to reply to complaints by the security consultants.

3.    This can provision customised Botnets availability on rent, giving "would-be attackers a criminal 'cloud' from which to buy services."......seems like it is still tooo early to rely 100% on CLOUDS!!!!!!

Posted by at 0 comments
Labels: , , , , , , , , , , , ,

Sunday, October 31, 2010

OPERATION CISCO RAIDER

1.   Counterfeiting is not new....since we were born we have been seeing dupli's and counterfiets of Reebok,nike,hmv etc...the list is actually endless....this endless list is now augmented with IT inventory....to cite you an example which has rocked the nations across is about OPERATION CISCO RAIDER.

2.    Relevant original EXTRACT FROM http://www.coastnetwork.com is produced below : 

" Cisco made a decision a decade ago to manufacture product in China as a way of cutting production costs. A great deal of Cisco manufacturing is now done overseas, specifically in China. What has happened is that many of the companies that do the outsourcing for Cisco now run an extra shift and sell the now counterfeit hardware out the back door. After all, they have the manufacturing capability, the expertise and the full blessing of Cisco. The result? More and more counterfeit Cisco hardware is now showing up on American shores. Part of the problem is that China does not have strong intellectual property protection laws. This is a situation that Cisco and many other companies are still struggling to solve and one that does not promise to be resolved soon.

Warning signs of a possible counterfeited item:

If you are getting discounts of 40-55% off the list price for brand new hardware, i.e. sealed boxes, then it is a red flag. The largest of Cisco’s customers – the Bank of Americas, Ford Motor Company, United Airlines, AT&T, etc. get these discounts. You don’t. If it is any consolation, even dealers do not get the top corporate discounts.       

While it is flattering and tempting to receive big discounts for new Cisco hardware, it is also unrealistic and should be treated with the utmost caution. 

Ask what the retail price is and compare it to the price you are being quoted. If you are getting a 15-25% discount from the list price for new/sealed hardware, then you are being quoted a fair and realistic price. Expect a reasonable discount, however; too big a discount often spells trouble.

Another sign to be aware of is the receipt of unsolicited email from unknown dealers offering you Cisco hardware at very good prices. This warning is doubly true if the email or company originates from mainland China.

Posted by at 0 comments
Labels: , , , , , , ,

VIRUS in Boot Sector in Hard Disk fresh from OEM!!!!

Have recently heard of this in reputed makes and model of Top list hard disks OEMs.Would like to know if some has ever encountered this or has any form of info on this?
Posted by at 0 comments
Labels: , , , , , , ,

Image Ballistics : Incredible IT

1. In a typical crime or a murder case anywhere involving a pistol or a firing weapon,the forensic or the investigating personnel's involved can make out the make and model of the firing weapon with the help of the bullet found on site.The field dealing with this is known as ballistics.Now sync this with the field of IT....now imagine that u have shot a photograph or are analyzing some pic and you wish to know which camera was used to shoot that pic.......can u find out???????Yes....the answer is yesss!!!the field is known as Image Ballistics.

2. In a recent case,i read about a rave party being organized at outer skirts of a city with about a 200  plus people ,all collegites and similar age group....all of them had a blast and a few with some wrong ideas caught hold of a girl...drugged her and made some obscene mms and clicked some pics...next day it was uploaded on the you tube and the social networking sites.....now how to find the culprit?pretty difficult when about a 200 plus strength of personnel's have to be inquired.....the answer is Image Ballistics....the investigating agency got hold of the pics...came to know which model the pics were clicked from...yes the answer was a famous Nokia Model mobile.....so the owners were now limited to 8 out of the 200 plus strength...there mobiles checked and the simple recovery software's were enough to find out the culprit......imagine....isn't it astonishing.....
 3.   I checked up the state of pics clicked from my camera years back and all answers were correct.....few Nikon,few sony.......one easy and free tool for such investigation is JPEGSNOOP.Simple to download,very small size and great analysis report.....

Posted by at 0 comments
Labels: , , , , , , , ,

Tuesday, October 26, 2010

Crack 14 Character passwords in Seconds : Objectif Sécurité

1.    There have been articles and forums on the powerful high speed GPU (video card) processors being able to easily provision cracking passwords very apace.A new technology steps here to rule the roast and allow password cracking upto 14 characters in seconds.....this is  called Objectif Sécurité ,by a Swiss security company,which uses rainbow tables on SSD drives.Seemingly it is the hard drive access time and not the processor speed that slows down cracking speed. So using SSD drives can make cracking faster, but just how fast? This technique has a phenominal capacity that could crack passwords at a rate of 300 billion passwords a second, and could decode complex password in under 5.3 seconds.

2.    A real time demo of cracking is available on line at Objectif’s free online XP hash cracker.Just visit the link and see urself by mentioning the hash in the text box.....astoundingly simple....

Posted by at 0 comments
Labels: , , , , , , , , ,

Wednesday, October 20, 2010

Collection of Forensic Softwares : TUCOFS

I found this good link with a identified set of softwares for various OSs and lot many links to other websites..worth a look if u have some interest in DIGITAL FORENSICS
Posted by at 0 comments
Labels: , , , , , ,

Tuesday, October 19, 2010

Service Packs & Infection Rates

1.  First it was windows XP..then it was SP1(Service Pack 1)...followed by SP2,SP3 ...further by Vista SP1,SP2 and now Windows 7...how the upgrades in these packs have been reducing the infection rates is briefly reflected as per stats from Microsoft Security Intelligence Report.

- Infection rate for windows XP with SP3 is less then half of that for SP2 and less then a third of SP1.

- Windows Vista SP2 has a lower inefction rate then SP1 which is about 50% lower then Windows Vista Basic.

- In case of Server Operating SystemS,the infection rate for windows server 2008 with SP2 is about 20% less then the predecessor ie Windows Server 2008 RTM.

Posted by at 0 comments
Labels: , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)
Powered By Blogger