ANDROID APPLICATIONS CLONED : Developers make it spam

1.    The latest to add on to the growing web of spams is repackaged android applications.....though till now most of the descried repackaged applications are not reported to have any malicious code in them and also like the genuine ones they are also made available for free. These effected applications have the same module as the original, but include an advertisement module ,thus developers of these apps try making money off the clicks on the advertisements.

2.   The thing is easy on part of the developers since it is easier on thier part to just fiddle with original Android apps which are written in Java and are, therefore, easily cloned.....

3.   Thanks www.f-secure.com

Your VOICE to charge your MOBILE

1.     Amazing as it may sound reading.....but here is the way thats gonna please us all to get resolved on issues of mobile charging...so many times it has happened that on our way out either we think the mobile is fully charged or when we talk too much on phone.....or just when one small query will resolve us of a standing problem...the mobile goes offffff......problem : MOBILE BATTERY IS DRAINED ....no more.....please read ahead for brief details on the subject....

2.   The new technique developed by Korean engineers for turning sound into electricity - technology that could allow cell phones to be charged while users chat(...bak bakk).Thus Phones equipt with the technology could generate power from any kind of background noise — meaning the phone could be charging even when you’re not speaking directly into the phone. The need to carry around an outlet charger could be supplanted by time spent listening to music, or perhaps even the sound of the wind roaring past your car window.The technology is made possible by tiny strands of zinc oxide that are sandwiched between two electrodes. As a sound-absorbing pad atop the device vibrates to ambient noise, causing the zinc oxide wires to compress and release. This movement is what generates the electrical current.A prototype has already converted sound of about 100 decibels into about 50 millivolts of electricity. That’s not enough to charge a phone, but it’s an encouraging test, and researchers are optimistic that the technology could soon be developed into something more powerful.

3. Thanks http://blogs.forbes.com/  and http://inhabitat.com

MAKE incognito YOUR DEFAULT SETTING

1.    We all know how to browse hidden ie Pages you view in this window won't appear in your browser history or search history, and they won't leave other traces, like cookies, on your computer after you close the incognito window. Commonly it is known as "incognito" or "privacy browsing".......an avid user of chrome ....I always had to open the browser and then select "New Incognito Window" to work...but not till today....a simple amendment in the target setting of properties of chrome shortcut will always make you open the incognito window......simply append "--incognito" at the end of the link address as shown below : 

C:\Users\???????\AppData\Local\Google\Chrome\Application\chrome.exe --incognito

2.    More clearly ...right click on the chrome shortcut on the task bar or on the desk top and click properties.In the target text box append "--incognito" to what is already there defining the location of the chrome browser....

3.     Thats it......

FLIRT BOTS

1.   I am sure most of you at at some point of time in your cyber surfing would have come across chat/messenging softwares like MSN or yahoo to mention a few....now although pretty old for the regular security guys, but thought of mentioning it here in my blog of how many of us succumb to the meanly desires of hackers via FLIRT BOTS.....u heard it correctly they are known as FLIRT BOTS.... 

2.  Here's how Flirt Bots work:

- The Bot strikes up a conversation in a chat room

- The Bots use a series of easily configurable "dialogue scenarios" with pre-programmed questions and discussion topics to compile a report on every person it meets

E.g.: ilovyou@yahoo.com says: "hey, whats up?" and further to this conversation they are invited to visit a website which could be used for any variety of malicious activity.

E.g.: ilovyou@yahoo.com says: "Ok go to http://??????.??/?????? and accept the invite on the page baby"

3.   In this case the victim is sent to a website "?????????.com" and is asked to provide personal information including credit card details in order to view the "webcam."

4.   The site can be used for many things - to host malicious downloads, or to try to sell you Fake AntiVirus software. The URL can do and host whatever the "bot master" specifies it to be .Frequently cyber-criminals collect a database of personal information and sell it to the highest bidder or anyone who will pay

5.   These "Flirt Bots", were first reported as a proof of concept(Evidence that demonstrates that a business model or idea is feasible.) by PC Tools in 2007.Thanks http://www.pctools.com

SYMANTEC SPOTS ONE INTERESTING E-MAIL CAMPAIGN

1. A fresh spam outbreak has been detected online that's drawing attention widely and effects users with e-mails laced with malicious software. Reportedly, there's one web-link embedded in the spam messages supposedly providing details, while the same messages try to pull down a .zip file attachment.The interesting aspect regarding the new spam mail relates to the inclusion of a password that the recipient earlier used.Now if I see a passowrd which at one point of my cyber surfing I had used it is bound to stirr up doubts of it being actually genuine.Once i donwload this zip file ,the eventual aim is achieved ie downloading the inevitably malware.

2. Reportedly, the malware as mentioned above has been identified as Trojan.Zbot or Zeus a Trojan which tries to grab secret data after compromising an end-user's PC. Further, it may take down updates and configuration files online, according to Symantec.

3. Additionally the e-mail ids and their corresponding passwords within the above unsolicited electronic mails, arrive from one prominent social gaming website, known internationally and currently being most widespread inside Asia.

4. Hence, Symantec advises all those who think they've fallen prey to compromised accounts to scan their PCs with an AV program followed with resetting all vital passwords, particularly online banking passwords. Additionally, they must also keep a watch over their accounts should they suspect any fraudulent operation.

5. Thanks http://www.spamfighter.com

BULLET PROOF HOSTING

1. Bulletproof hosting refers to a technique wherein web hosting firms permit their customers appreciable leniency in the kinds of material they may upload and distribute. 

2. Many service providers have "Terms of Service" that do not allow certain materials to be uploaded/distributed, or the service to be used in a particular way, and may suspend a hosting account, after a few complaints, to minimize the risk of their IP subnet being blocked by anti-spam filters using Internet Protocol (IP) based filtering. Additionally, some service providers may have ethical concerns that underpin their service terms and conditions.

3. Bullet Proof Hosting allows people who want to promote their product, service on their web site by sending Commercial and Bulk Emails. As well known, Email Marketing has emerged as one of the most effective and economical marketing tool. It gives you the power to broadcast your message to millions of prospects across the world and it works!

4. This leniency has been taken advantage of by spammers and providers of online gambling or pornography.Case in point is the case of "McColo ISP takedown in November 2008".McColo was one of the leading players in the so-called "bulletproof hosting" market — ISPs that will allow servers to remain online regardless of complaints.

5. Thanks http://bulletproof-server.net/

INSPIRED FROM INDIA : CHINAs ATTEMPT ON TAKING ON CORRUPTION

1.    In recent last few months,a lot has been happening in India in form of anshans,demonstrations,dharna's to bring back the black money freezing in swizz banks and to reduce corruption...so far so good...the spark happened and is now gradually bowing to the Government which ensure and loves STATUS QUO.....atleast thier wasy of working confirms this....instead of supporting the movement...they took the key persons involved head on and now in another about a week or so we will be back to STATUS QUO...

2.    But China's esurient Internet users are taking a leaf from India's anti-corruption drama by opening websites so citizens can confess, sometimes in pitiless detail, to buying off officials.Several Chinese confess-a-bribe websites, including "I Made a Bribe" (www.ibribery.com), have been inspired by an Indian website "I paid a bribe" (ipaidabribe.com)......china ranks 78th in the corruption list whereas we list at the 87th rank...m sure it is much worse.....apna nahee to kisi aur ka to bhala hoga........jai ho INDIAAAAAAAAAA

3.     Thanks http://www.reuters.com

McMurdo station & more DATA CENTRE Locations

1.    We all keep reading on issues like heating when we discuss data centres......now with the problems that datacenters have with cooling, the Antarctic is perhaps the ideal site for such a facility....i thought that was a joke before i first read about this and saw the pics on site at here

2.     The station's datacentre is dedicated to supporting scientific work and running the station - with 64 servers and more than 2PB of storage connected to hundreds of desktops by a gigabit Ethernet network.McMurdo Station is the telecoms hub for science projects, field camps and operations in western Antarctica funded by the National Science Foundation (NSF).To provide these services, it has a central telephone exchange and a wide spectrum of network, radio-frequency and satellite-communication systems.At the South Pole, every day up to 100GB of science data is transferred from the station to the US via satellite-communication links in support of multiple NSF-funded science projects.

3.    Thanks DIGIT.

HOW DO U FIND IF YOUR PC IS HACKED?- PART 6

FIND COMMAND

1.   Most of the commands I have discussed so far spew a lot of output on the screen, which could be hard for a human to look through to find a specific item of interest. But, Windows comes to the rescue. Users can search through the output of a command using the built-in find and findstr commands in Windows. The find command looks for simple strings, while findstr supports regular expressions, a more complex way to specify search patterns. Because the regular expressions supported by findstr go beyond the scope of this tip article, let's focus on the find command. By default, find is case sensitive - use the /i option to make it case insensitive.

2.    The find command also has the ability to count. Invoked with the /c command,it'll count the number of lines of its output that include a given string.Users often want to count the number of lines in the output of a command to determine how many processes are running, how many startup items are present  or a variety of other interesting tidbits on a machine. To count the lines of output, users could simply pipe their output through find /c /v "". This command will count (/c) the number of lines that do not have (/v) a blank line ("") in them. By counting the number of non-blank lines, the command is,in effect, counting the number of lines.

3.  Now, with the find command, users can look through the output of each of the commands I've discussed so far to find interesting tidbits. For example , to look at information every second about cmd.exe processes running on a machine, type:

C:\> wmic process list brief /every:1 | find "cmd.exe"

Or, to see which autostart programs are associated with the registry hive H KLM, run:

C:\> wmic startup list brief | find /i "hklm"

To count the number of files open on a machine on which openfiles accounting is activated, type:

C:\> openfiles /query /v | find /c /v ""

Whenever counting items in this way, remember to subtract the number of lines associated with column headers. And, as a final example, to see with one-second accuracy when TCP port 2222 starts being used on a machine, along with the process ID using the port, run:

C:\> netstat -nao 1 | find "2222"

THANKS www.amazingit.blogspot.com

HOW DO U FIND IF YOUR PC IS HACKED?- PART 5

NETSTAT COMMAND

1.  The Windows netstat command shows network activity, focusing on TCP and UDP by default. Because malware often communicates across the network, users can look for unusual and unexpected connections in the output of netstat, run as follows:

C:\> netstat –nao

2.  The -n option tells netstat to display numbers in its output, not the names of machines and protocols, and instead shows IP addresses and TCP or UDP port numbers. The -a indicates to display all connections and listening ports. The -o option tells netstat to show the processID number of each program interacting with a TCP or UDP port. If, instead of TCP and UDP, you are in interested in ICMP, netstat can be run as follows:

C:\> netstat -s -p icmp

3.   This indicates that the command will return statistics (-s) of the ICMP protocol. Although not as detailed as the TCP and UDP output, users can see if a machine is sending frequent and unexpected ICMP traffic on the network. Some backdoors and other malware communicate using the payload of ICMP Echo messages, the familiar and innocuous-looking ping packets seen on most networks periodically.

4.  Like WMIC, the netstat command also lets us run it every N seconds. But, instead of using the WMIC syntax of "/every:[N]", users simply follow their netstat invocation with a space and an integer. Thus, to list the TCP and UDP ports in use on a machine every 2 seconds, users can run:

C:\> netstat -na 2