Social Icons

Sunday, March 13, 2011

QUALITIES OF A GOOD ANTIVIRUS

1.   Each Antivirus software in the web market today claims as the First and the topmost rated antivirus amongst all.Each has a claim that says "We check what others don't".A large percentage of typical user have actually got no way to check out who is the actual one...Who is the BEST? They then generally select the one that is based on the recommendations of their social circle and the convincing factor generated by the site of the product or simply put...it can ba random selection at last. In fact in my quest to search the best one amongst all....the number of QRs that one needs to check for one antivirus is a long one.Few of the qualities that should not be missed at all are briefly enumerated below.

WEST COAST LABS ANTI-VIRUS : The West Coast Labs Checkmark certification for antivirus effectiveness. WCL stands as a global leader in research, testing and certification for information security products and services. They have market-leading technology and testing facility in the UK, USA and india.Their services are being used by the leading global brands to create market advantage and by large business enterprises for obtaining crucial technical insight into product performance.WCL provides an authoritative and independent service, delivering sound, meaningful technical information on which critical business decisions can be made.More at http://www.westcoastlabs.org/


ICSA CERTIFIED : The ICSA is an independent organization that has a set criteria for certifying antivirus software.


AV COMPARATIVES : Anti-Virus Comparative test conducted in 2010. Overall scores are presented as Advanced + (A+), Advanced (A), Standard, and Tested.


SCOPE OF PROTECTION : Does the product protect from every threat? This rating evaluates the breadth and depth of security from the software. While most security solutions tout “multi-layered” protection, “360 degree” defense and/or even “100%” security, some are certainly more thorough than others. The best antivirus solutions will include traditional protection from viruses, worms, Trojans and spyware, but should also include defense from keyloggers, phishing scams, email-borne threats and rootkits. While antivirus programs are by no means full-blown internet security suites, they should protect from as many threats on as many fronts as they can.


EFFECTIVENESS : How effective is the application at protecting your computer from harmful viruses and other malware? This rating combines various tests and certifications to determine how well the software performs. Antivirus is specifically designed to protect your computer, so if it doesn’t do that well, what good is it? All the features, bells and whistles, or sleek interface can’t make up for poor performance. We look at results from the industry-standard security software testers and professional security organizations to find the most effective software available and evaluate overall effectiveness. In general, our highest ranked programs are also the most effective.


HACKERS : Anyone trying to take control of your computer for malicious purposes.


PHISHING : These criminal scams attempt to obtain your identifying information by disguising as legitmate sources (like your bank, eBay, or facebook).


ACTIVEX : Several Microsoft programs use ActiveX controls for good, but these components can also be taken advantage of.


USER PROFILES : The software includes distinctive interfaces or features for particular users (often beginners or advanced users).


SELF-DEFENSE : The software monitors itself and the computer, effectively protecting from intrusions or unauthorized changes.


SCHEDULING : The ability to schedule specific scans to occur at a specific time or interval.


HISTORY/REPORT LOGGING : The software keeps a record of the performed tasks and results for future reference or reporting.


SILENT / GAMER MODE : The 'gamer' mode allows you to use the computer in full-screen mode (for games, presentations, or videos) without interruptions from the security software.


LAPTOP / BATTERY SAVING MODE : The software can be set to delay scans or intensive processes for later in order to increase battery life.


LINK SCANNER : An integrated web tool that monitors web links and prevents/warns users from clicking on malicious sites.


BOOTABLE RESCUE CD :In the event of a complete system crash, you can use the bootable rescue disc to preempt the OS and clean the system.


FREE VIRUS SCAN ONLINE : The security manufacturer offers a free virus scan online (often with incentive to purchase their products for removal capabilities).


AUTOMATIC DEFINITION UPDATES : The program automatically updates virus definitions or DAT files. A virus definition is basically the formula that the software uses to determine if a file is infected by a specific virus.


MANUAL DEFINITION UPDATES : You can manually check for virus definition updates.


SCHEDULED UPDATES : Updates can be scheduled to run at a specific time or interval.


PULSE/PUSH UPDATES : Small, regular updates are initiated by the manufacturer as needed to deliver important updates.


ROLLBACK : The ability to revert to a previously working state if the most recent update causes a problem.


MANUAL SCANNING : Manual Scanning is the ability to start a scan of your hard drive at any time.


QUICK & DEEP SCAN : Manual and/or scheduled scans can either be quick (scan most important areas) or deep (full scan of computer).


OPTIMIZED SCANNING : The software is configured to scan efficiently, only scanning areas and files that have changed since the last scan.


SCAN INDIVIDUAL FILE(S) : The software can scan an individual file for viruses. This is often available by right-clicking on the file and choosing to scan.


EXCLUDE FILES : The software allows the user to designate certain files, folders, or drives NOT to include in the virus scan.


SCAN COMPRESSED FILES : Scans zipped (.zip) or other compressed files that are usually obtained through emails or downloaded from the web.


QUARANTINES INFECTED FILES : If a file is suspected of being infected with a virus, it moves the file to a "quarantine" area where you cannot accidentally access it.


AUTO-CLEAN INFECTED FILES : The anti-virus program will automatically clean or fix files that are infected.


SCAN USB (AND OTHER EXTERNAL DRIVES) : The software is capable of scanning external drives for viruses.


PASSWORD PROTECT SETTINGS : Prevents the Anti-Virus settings from being modified by other users.


ADJUSTABLE SECURITY LEVELS : Security can be customized and set to a particular level of potency.


VULNERABILITIES : Microsoft and third-part software vendors are constantly providing security patches or other updates. Some software takes a proactive approach and helps you stay on top of the most recent updates.


COOKIES : Though not typically malicious, cookies are little chunks of code stored on your computer from web sites.


SCRIPTS : Script Blocking technology monitors Java and VBS scripts and alerts users of virus-like behavior. They stop these viruses before they can infect a system without needing virus definitions.


SPAM : Spam is unwanted email, whether it's annoying advertisements or a link to a virus.


AUTO USB DETECT : Most antivirus software can scan USB drives, but some automatically detect when an external drive is plugged in and will block malware from automatically running.


VIRUS SIGNATURES: Traditional virus detection is based on identifying malware by matching it with known viruses.


BLACKLISTING : Setting a file or website on the "blacklist" means that it should never be allowed.


WHITELISTING : Setting a file or website on the "whitelist" means that you trust it and don't need the security software to scan/block it.


HEURISTICS : Proactive virus blocking is possible with behavioral analysis, file emulation, and/or generic signature detection.


REAL-TIME : Real-time protection means that the software protects you from viruses automatically, while the data is being accessed.


SECURITY NETWORK : This security approach involves the software manufacturer gathering anonymous information about your system in order to benefit everyone. If a virus is found on your computer, they can quickly find the cause and update definitions for all users.


ON-ACCESS SCANNING : Your files are scanned when you receive them and when you try to access them.


ON-DEMAND SCANNING : You can determine which files and when to scan for viruses. It's like manual scanning but you can be more specific and scan a file at a particular time. Simply right-click on the filename.


ADWARE : Though not always harmful, these annoying programs cause advertisements to display on your computer without your permission.


EASE OF INSTALLATION : How easy is the product to download, install, and setup? This rating is determined by install speed and simplicity. Security software shouldn’t be a chore to install, and should have you protected as soon as possible. From download to install, to the first scan; implementing antivirus software should be quick and easy.


EASE OF USE : How usable is the product? The Ease of Use rating reflects how easy the product is to use, run, and maintain. Antivirus software is complex stuff, but shouldn’t require a degree in computer security. The best security programs have all the features security experts want, but are just as easily used by a beginner. Everyday computer users want a security solution that they can install and forget about; software that doesn’t require constant maintenance or have annoying interruptions. The best antivirus software is flexible enough to do exactly what you want to (even if that means running by itself).


FEATURES : Does the software include additional benefits? Whether for added security or simple convenience, more features usually means better software. A well-rounded feature set takes a security solution from good to great. More than bells and whistles, added features provide security, usability and performance benefits.


UPDATES : Are timely updates delivered effectively? This rating is based on the frequency and versatility of virus database updates. Security software is only as good as its latest update. Viruses are being identified and added to signature databases all the time, so it’s important that your virus definition list updates accordingly. Modern antivirus software are equipped with automatic updates that perform regularly enough that you get faster updates that don’t slow down your system. The best security providers even “push” updates to you as soon as they’re available.


HELP & SUPPORT : Does the product offer additional support and helpful resources? This rating is based on the quantity and usefulness of additional product support. The best software doesn’t require reading an in-depth manual to use, but still has one available. For specific questions, troubleshooting, and additional help, the best antivirus manufacturers provide superior product support online and off. Additional support for software may come in the form of assistance over the 24x7 phone, email, live chat, or through a number of additional resources (knowledgebase, FAQs, tutorials).


BACKDOOR : A special type of trojan (often called remote access trojan or RAT), they essentially give control of your computer to a hacker.


THREAT DETECTION includes : Virus,Worm,Trojan,Spyware,Malware,Rootkit.


BROWSER EXPLOITS : malicious code that takes advantage of an internet browser vulnerability to make the browser do something you don't want (freeze, crash, change settings, etc.)


OS EXPLOITS : Malware that is designed to take advantage of a vulnerability in the Windows Operating System.


KEYLOGGERS : A virus designed to track and monitor user keystrokes, often used to steal passwords, credit card numbers, etc.


INBOUND EMAIL PROTECTION : The anti-virus software scans files received through incoming emails on a POP3 account.


OUTBOUND EMAIL PROTECTION : The software scans outbound email attachments so you don't spread viruses to others.


INSTANT MESSAGING PROTECTION : The anti-virus software scans files received through instant messaging (MSN Messenger, AIM, Yahoo Messenger).


P2P/FILE SHARING PROTECTION : The software protects from malicious files downloaded and/or accessed from peer-to-peer file sharing programs.


REGISTRY STARTUP PROTECTION : The software provides protection before the OS loads, or has the ability to scan registry files.


DIALERS : Malicious program that takes control of your computer and uses it to dial expensive phone numbers.


SUPPORTED CONFIGURATIONS : Does it incl compatibility with Windows 7 (32 bit),Windows 7 (64 bit),Windows Vista (32 bit),Windows Vista (64 bit),Windows XP (32 bit),Windows XP (64 bit)


2.   Thanks http://www.toptenreviews.com/ and for those who want a pdf click here to access http://www.scribd.com/doc/50645603/Qualities-of-a-Good-Antivirus

Wednesday, March 02, 2011

ANDROID & GOOGLE : AT LOGGER HEADS????

1.    This news is bound for only one thing.....a first big dent on Google's untouched Kingdom in the cyber world.There is a reported discord among the Android developers who are irked at Google’s Android Market policies.They have formed the Android Developers Union to protest the policies.The new union has compiled a list of seven demands including renegotiation of the 32pc ‘Google Tax’ on app sales, public bug tracking, algorithmic transparency and increased payment options.They threaten Google that if these demands are not met they will cease development and move their efforts to rival platforms.

2.  "If the demands are not met, we will move our applications to alternative marketplaces or the web, cease Android development in favour of other more open platforms, we will dissuade other developers from developing Android projects, and we will work tirelessly to counter any of Google's hypocritical claims about openness in the media."

3.   This seems to be the first kind of big set back to google who may find loosing an edge in its battle for the smartphone operating system and applications market vis-a-vis Apple and Microsoft.The seven demands of the android union can be seen here...

4.   This writeup does not reflect my views of standing against anyone or supporting anyone but wishes to inform the readers only for info........

Saturday, February 19, 2011

Be veri careful : Recent cases of duping online in DELHI


1.    Inspite of regular discussions,regular readings of various advisories,the tongue(greed) of lust for more money doesnt stop..& it keeps looking for opportunities and thus keeps succumbing by loosing more ....In a recent case both pertaining to saadi own dilli...two understandably IT educated pers were robbed of a high value money transaction...how????briefly mentioned below :

- New Palam Vihar Resident case : The case pertains to the resident of New Palam Vihar at New Delhi, India, Mr Dalbir Singh who recently recieved the typical e-mail of winning a lottery of ` 14 Crore ($ 37,000 approx) in the UK.Mr Dalbir Singh contacted the accused for ascertaining the lottery amount and was convinced to pay Rs 17 Lakh for exchange purpose as foreign currency had to be converted to rupee.Mr Dalbir Singh instantly transferred money from his account to the account of the fraud.Since that day of transfer Mr Dalbir Singh has been only recieving CONDOLONCES from all his friends and relative circle around.A very typical case of cyber lottery fraud.....

- E-mail Scam Tricks Student of JNU : This case pertains to the a Jawaharlal Nehru University (JNU) student who was recently defrauded off Rupees 3 lakhs when he fell for a malicious e-mail scam.Initially an e-mail came to the student apparently from an institution called Global Watch Institute, asking him for being present in dual seminars on the topic: Racism and Human Rights the Institute was holding one each in Madrid and New York.The student stated that the first message came to him on December 17, 2010. And, according to him, since his field of study had a connection with the topic, he responded stating he was interested.The e-mail also promised about bearing the entire cost of the student's trip. However, over time the fraudsters started asking for money from him to take care of certain expenditures such as booking his hotel at Madrid along with health insurance asserting that they'd all be refunded when he'd arrive in New York.The student, believing the e-mail, wired the money, but neither heard of any seminar nor a trip abroad, he stated. Indeed, all the things written inside the electronic mail was false.Worryingly, the above mentioned e-mail fraud, according to security specialists, is an edition of the 419 scam, which's also called Advance-fee Fraud.They (specialists) outline that the method of operation in these malicious e-mail campaigns involves duping a victim with fake pledges about certain huge reward to such an extent that he acquiesces to remit money. For example, in the current instance, the scammers tricked the student into transferring cash after promising falsely about arranging his presence at the seminars abroad.This is more organised form of the frauds and scams that are happening all across.....

2. A Netizen need to know that they cannot win a lottery unless they have not invested money on it.Please always take care of what you do on the net specially when u r doing some kind of finacial transaction

Wednesday, February 16, 2011

Easy Upgrade from USB 2.0 to USB 3.0 :Transcend's USB 3.0 Express Card Adapter


1.  Transcend has come up with a USB 3.0 Express Card Adapter, an easy-to-install add-in that allows users to speedup their notebook with blatant flying speed of USB 3.0 technology.The new USB 3.0 Express Card Adapter comes with 2 high-speed USB ports that fully support Super Speed USB 3.0 standard with bandwidth of up to 5 GB/s. In addition to this, its quick and easy 2 install, the card enables speed enthusiasts to experience data transfer rates up to ten times faster than USB 2.0 with optimized power efficiency.

2.  Transcend's PNU3 USB 3.0 Express Card Adapter is fully compatible with Windows 7 and comes at an affordable price of approx Rs 1900 with 2 years Warranty(check out Nehru Place rates before buying)

3.  Thanks http://itvoir.com

NOKIA should have merged with GOOGLE : Google CEO

This comes straight after the earlier post news spread across about the merge of Nokia & Microsoft......When asked about Nokia's choice of Windows Phone 7 as its smartphone system, Schmidt said "Google would have loved to see Nokia pick Android instead. Google tried to convince Nokia to choose Android, and it can still make that decision in the future".....(ha ha ha....Google still has hopes of a future revertive action by NOKIA....and who knows...it may just happen..we are just the readers!!!!!)

Tuesday, February 15, 2011

NOKIA & MICROSOFT : A MERGER TO READ ABOUT

1.    In todays shrinking world when we hear of merger of giants...its part of normal breaking news which hardly puts together rolling eyeballs 7 pop ups ....But this one is slightly different or if not different it is really BIGGGGGGG.This is about merger of fantabulous phone hardware NOKIA and the operating system giant MICROSOFT coming toether to produce and try beating the phones across?

2.    The deal which was in the rumour rounds already went much ahead of the expectations.....in effect, Nokia is handing over its future - in smartphones at least - to Microsoft and Windows Phone 7.  That means Good bye & Happy journey Symbian . So can the combo really become the third horse in the race, giving Apple and Android a run for their money ?I have my doubts....

3.    Crux of the acquisition pointwise listed below :

- Nokia to embrace Windows Phone as its principal smartphone.
- Nokia to contribute its expertise on hardware design, language support.
- Both would closely collaborate on joint marketing initiatives .
- Bing would power Nokia’s search services(nobodys guess!!!)

- Nokia Maps would be a core part of Microsoft’s mapping services.

4.    Just to mention,a year earlier when this merger was being talked about, was once declared an april fools rumour. And now about a year later it is on official Microsoft site.Thanks Microsoft site for info

Sunday, February 13, 2011

The Gawker case : EXPERIENCING A HACK


1.   A six-letter password in lower-case text takes a hacker's computer just 10 minutes to crack. But make those letters upper-case and it takes 10 hours for it to randomly work out your password. Thus simply upper-casing your password can minimise a hacker's chance of finding out your account.Add numbers and/or symbols to your password and the hacker's computer has to work for 18 days.Despite widespread warning, 50 per cent of people choose a common word or simple key combination for their password.The most used passwords are 123456, password, 12345678, qwerty and abc123. 

2.   I read about the Gawker case recently wherein the subject media firm Gawker urged subscribers to change their passwords after its user database was hacked and more than 1.3 million passwords were stolen.Now imagine some one like Yahoo or Google requesting one fine day on a similar line....won't our heart come out????

3.   The exact Gawker announce ment goes like this 

“Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you’ve used the same passwords. We’re deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us.”

4.   The problem emanated when Gawker recently launched a multi-site redesign thatthat failed spectacularly, leading visitors to blank pages. The culprit was a misbehaving piece of JavaScript, but when a single line of JavaScript causes your entire suite of sites to fail you no longer have websites, you have, well, nothing.The problem with Gawker’s redesign is that it uses JavaScript to load everything. That means that, not only is there no chance for the site to degrade gracefully in browsers that don’t have JavaScript enabled, the smallest JavaScript typo can crash the entire website.

5.   Now we all have seen it personally as we sometimes tend to have the same password for multiple accounts on the web.....this could be a simple fall like a pack of cards...one point failure leads to the complete fort coming down.....so guys...take care....change ur passwords for better and stronger security.....

Wednesday, February 09, 2011

MALWARE & AUTORUN : LOVE BIRDS OF PROPOGATION


1.    All the family members of trojans,malware and adwares few of which are mentioned above have one similarity in form of a common propagation method. They all ab"use" the autoplay feature of Autorun, many by creating or manipulating Autorun.inf files on network drives and removable media, so that when a user connects, the malware is automatically executed on their system. Newer operating systems, like Windows Vista and Windows 7, have made changes to the way Autorun is configured (Windows Vista) and how it works by default (Windows 7). These changes appear to have had a significant difference in the ability for autorun-abusing malware to successfully infect these newer operating systems, especially for Windows 7.

2.   More interesting details here

INTERNET KILL SWITCH????


1.   Recent events in Egypt and the debate over the “Cyber Security and American Competitiveness Act of 2011”, has introduced the cyber world with a yet another jargon term “INTERNET KILL SWITCH”.Whats this all about and what does this mean.....crux in brief as i understood after going through few good informative sites....read onnnnn!!!!!

2.   The term would give US the best tools available to swiftly respond to a significant CYBER threat.Thus if the U.S. detected a serious cyberthreat at some point of time, this switch would enable the US President to instantly shut down any infrastructure connected to subject infrastructure.It is not a mandate to be able to shut down the entire Internet but rather authorizes the president to order turning off access to “critical infrastructure” .

3.   Our interest here is to look at just one dimension of the issue – the technical feasibility; the political and policy aspects, we’ll leave to others.

Tuesday, February 08, 2011

DATA STORAGE IN BACTERIA : 9,00,000 GB stored in 1 gm of Bacteria

1.  Earlier discussed here & here in my 2009 posts when the study,the concept and experiments were on test bench have now touched reality....

2.  A team of undergraduates and instructors from the Chinese University of Hong Kong (CUHK) has found a way to store a whole lot of data onto living bacteria cells through a process they call “massively parallel bacterial data storage.” And in addition to storing huge amounts of data, they have also figured out how to store and en/decrypt data onto living bacteria cells.

3.  The team has managed to squeeze more than 931,322GB of data onto 1 gram of bacteria (specifically a DH5-alpha strain of E.coli, chosen for its extracted plasmid DNA size) by creating a massively parallel bacterial data storage system. Compared to 1 to 4GB per gram data density of conventional media, the 900,000GB per gram figure the team has returned is genuinely stupefying ie like  to fit the equivalent of 450 2TB hard disks (900TB) on a single gram of E.coli bacteria.

4.   A small ppt straight from the team can be seen here.


5.   Thanks devilsduke.com for the pic

Sunday, February 06, 2011

DRIVE BY ATTACK

1.   A small and easy to infer article on DRIVE BY ATTACK here

2.   Thanks http://www.bitesofapple.com

Win32.Hlux : January 2011 " King of worms"


1.   Email-Worm.Win32.Hlux was talk of the E-town in January across the webosphere. This mail worm spreads via emails containing malicious links that prompt users to install a bogus Flash Player, supposedly to view an e-card. The link leads to a dialog window that asks if the user agrees to download a file. Irrespective of the response, the worm sets about to penetrate the system. In addition to propagating via email, Hlux also has bot functionality and adds infected computers to a botnet before connecting to its command center and executing its commands, which are primarily directed at sending pharmaceutical spam.

2.   Kaspersky Lab also detected a Trojan dropper masquerading as a key generator for the company's products. The old adage "There's no such thing as a free lunch" is particularly fitting here as the dropper goes on to install and launch two malicious programs. One of them steals program registration data and passwords for online games. The second is a backdoor that also has keylogger functionality.

3.   Kaspersky Lab also found the mass distribution of malicious short links on Twitter. After a number of redirects, the attention-grabbing links led users to a page promoting a rogue AV program.

4.   Apart from these two hardworkers(?????..i mean mal hardworkers) in january,the other shining star in the E-crime world is AdWare.Win32.WhiteSmoke.a which if clicked, will download a program that demands payment to rectify errors it supposedly detects on the system.

5.   More detailed report on http://www.kaspersky.com

Tuesday, February 01, 2011

AMD comes up with FUSION

1.   A small mention made earlier at this blog about ISTANBUL,an AMD launch...now comes up with the next gen processor known as FUSION.

2.  The 'Fusion' family will utilize a single-die design that combines multi-core CPU (x86) technology with a powerful DirectX 11-capable graphics and parallel processing engine. The APUs will also include a dedicated high-definition video acceleration block and a high-speed bus that transmits data across differing types of processor cores within the same design and will include power-saving features enabling all-day battery life. 


3.     More about FUSION here

IE users stand vulnerable again : Warning from MICROSOFT

1. This one is a real eye (....or more simply account) opener of so many IE Web browser users across the globe and this one comes straight from the horses mouth....ie MICROSOFT which has warned that the approx 900 million users of its Internet Explorer Web browser are at risk of having their computers commandeered and their personal information stolen by hackers.Microsoft has issued a 'critical' security alert over a newly-disclosed flaw that impacts all versions of the company's Windows operating system, including Windows XP (SP3), Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008 (R2).

2. The trouble is meant primarily for users of IE only since no other major web browser available supports MHTML files.Microsoft also adds that the bug is inside Windows, (else who is going to use IE??????).Till date/hr as of now no hackers have been reported to exploit the vulnerability. 

3. An attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicks that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session.Such a script might collect user information (e.g. email), spoof content displayed in the browser, or otherwise interfere with the user's experience.

4. For the otherwise already loosing users at a quick pace,this release would pacen up the loosing percentage of IE users across.

5.   Thanks http://www.smh.com.au

Saturday, January 29, 2011

BitDefender : Tips for Safe Shopping on Mobile Devices

A small piece of advice by BitDefender on security aspects while using new generation mobile devices.Pls click HERE

Trojan.Spy.YEK : The Corporate Spying Tool


1. The Stuxnet trembles and quakes are still not over and unlikely to be forgotten for some years.After the stuxnet storm ,each one from the corporate sector IT bosses to IT admins in individual capacities,every one was trying to be careful of any sign of outside intrusion . These days when some e-threat comes along and sniffs for critical data, it could mean billions & trillions of money IN/OUT in seconds. 

2. Trojan.Spy.YEK is unlike a regular Spying Trojan that looks for documents and archives that may hold private information but also sends it back to the attacker.

3. Trojan.Spy.YEK has both spying & backdoor features with an encrypted dll in its overlay, this Trojan is easily saved in windows\system32\netconf32.dll and once injected in explorer.exe nothing can stop it from connecting (whenever necessary) to a couple of easy pings & sharing all with the attacker.

4. The backdoor component helps it register itself as a service so as to receive and follow instructions from a command and control center, while the spyware component sends away data about files, operating system, while also making screenshots(trying to make a user freindly hand guide for later action...isn't it so caring?????) of the ongoing processes.

5. Some of the commands it is supposed to execute are: sending the collected files using a GET request, sending info regarding the operating system and computer, taking screenshots and sending the results, listing the processes that run on the system and sends them away, finding files with a certain extension. Shortly put, it uploads all the interesting data on a FTP server without the user’s consent.

6. The fact that it looks for all that it is linked to archives, e-mails (.eml, .dbx), address books (.wab), database and documents (.doc, .odt, .pdf etc) makes Trojan.Spy.YEKa prime suspect of corporate espionage as it seems to target the private data of the companies.

7. This infection will change the registry settings and other important windows system files. If Trojan.Spy.YEK is not removed it can cause a complete computer crash.Some Trojan.Spy.YEK infections contain trojan and keyloggers which can be used to steal sensitive data like passwords, credit card, bank account information etc. 

8. On top of that, the Trojan can run without problems on all versions of Windows® from Win 95® to Seven®. 

FBI : A Parent's Guide to Internet Safety

A must read guide from  The Federal Bureau of Investigation (FBI), an agency of the United States Department of Justice for all the parents in the world, advising & trying to make them understand the complexities of online child exploitation.....please click HERE

Case of Albert Gonzalez : The Largest Online Fraud in U.S. History


1. This case that I recently read in brief pertains to an interesting online fraud case against Albert Gonzalez.I have made it in a sequential point to compress the complete story for easy reading and grasping :

(a) Albert started using computers at an early age, and while in high school, managed to hack into the Government of India's website[ :( ]. Sadly, he was not charged at this stage and only warned to stay away from computers for six months.

(b) At the age of 19, he started his own group of hackers, named ShadowCrew, which trafficked over a million credit card numbers for use in online fraud. When the FBI finally managed to shut the group down, Albert was charged. However, he worked with the investigators and gave away vital information on his cohorts and did not need to serve a sentence. 

(c) Still on,Albert after two years worth of hardwork(????) compromised on sensitive data including 45.6 million credit and debit cards.

(d) TJX Companies notified the authorities of their data leakage. Albert had the abilities to crack and hack his way through, but the low security measures didn't help TJX. Albert was able to install his malware and sniffing software onto the networks of TJX and all the stores operating under them, even outside of the United States. TJX discovered the breach in December of 2006 and was under the belief that they had only been losing data for the past six to seven months, dating back to May 2006. After further investigation, they found that they were losing sensitive data since 2005. Albert had already moved on to bigger and better operations by the time TJX had even started discovering the extent of their security breach.

(e) Gonzalez and his accomplices used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet sniffing (specifically, ARP Spoofing) attacks which allowed him to steal computer data from internal corporate networks.

(f) During his spree he was said to have thrown himself a $75,000 birthday party and complained about having to count $340,000 by hand after his currency-counting machine broke.(ha ha ha.....wow!!!!anyway)

(g) Gonzalez had three federal indictments:
- May 2008 in New York for the Dave & Busters case (trial schedule September 2009)
- May 2008 in Massachusetts for the TJ Maxx case (trial scheduled early 2010)
- August 2009 in New Jersey in connection with the Heartland Payment case.

(h). On March 25, 2010, Gonzalez was sentenced to 20 years in federal prison.

2. For details of the case with many links please visit HERE

Tuesday, December 28, 2010

Sunday, December 05, 2010

Full stop from being tracked online :An attempt from FIREFOX

1.  Firefox is working on a system which will provision web surfers to stop from being tracked online.We all know how  behemoths viz Google,Facebook and a plethora of OWMs use such information to sell targeted adverts and make money without ever asking the consent of the user.Such a move would be welcomed by privacy campaigners who have long complained that Google & Facebook are taking indecorums with the information .Currently these information seeking companies make use of 'cookies' that automatically save themselves onto users computer when they surf the web, and then keep a track of the browsing history.This data is then sold on to advertisers who put highly lucrative targeted ads on the individual's screen, depending on what internet pages they have recently been looking at. 

2.  Vice president of engineering at Mozilla,Mike Shaver,summed up the plan by saying the aim was to "put the user in control but not overwhelm them".And this would not only be a welcome step being used against information thefts but also actually be a booon for users who have been taken on a ride for so long on which they never ever desired to also......

Thursday, November 04, 2010

Removing METADATA from JPEG & IMAGE FILES

1.    Invariably we all find various images from the net for our routine use,download them,modify them and use them in our sites and posts....but are we authorised to do so?...coz each jpeg and image file by a digital camera holds info in form of metadata and in few cases...the images may be copy right which may inadvertently rule against the user....so what to do to ensure safe...simple ...remove metadata from the image....but how?...here comes jhead for your help.Read and follow the instructions below :

- Press Start & Run or Windows key + R to open Run menu, type cmd.exe and press OK

- Type cd\     [To reach root directory]

- Type C:\md removemetadata     [To create a new directory by the name removemetadata]

- Type C:\cd removemetadata      [To reach the directory and Copy all pictures whose metadata is to be removed to this directory ]


- Download the program file jhead.exe to C:\removemetadata

- Type cd removemetadata

- To remove all metadata of all JPEG files in "this dir, type: jhead -purejpg * and press enter


- Done

2.    So doing this small,boring but important function will avoid case study like the mumbai case mentioned at an earlier post.

3.    Another easy way is to simply take a screen shot of the image and paste it in paint brush.But this would be cumbersome to do when the images are in bulk quantity.To download JHEAD...click here

Get Paid to Hack GOOGLE

1.    Google has made it official now vide which Google willl pay $500 and $3,133 to people who discover security vulnerabilities in its websites and online applications.......Google calls the program "experimental," but says it gives security researchers new incentives to report Web flaws directly and in real time to Google's security team thereby improving upon zero day exploit matters.
2.    This provisions  Google a chance to fix the vulnerabilities before it is exploited the way it should be. So, in order to qualify, security researchers must privately disclose new flaws to Google first before they go public with their research. Thus depending on the extent and scale of vulnerability made known to google,so will be the prize money awarded....And Google says that participants shouldn't use automated tools to search for flaws
 

Tuesday, November 02, 2010

MICROSOFT & Failures!!!

1.     For a IT giant like MicroSoft,this would not sync well,but for Microsoft,the year 2010 has seen more of closures of major projects launched with lots of promises and fanfare but somehow unfortunately it did not go the way microsoft desired tooo...and so had to be shut down in the same year....the list goes like this with some details in few lines ....
  • February 2010 saw Microsoft announcing discontinuation of "Xbox Live service for original Xbox consoles and games.
  • April 2010, Microsoft confirmed stopped working on tablet project, codenamed Courier which was touted to be an Apple iPad rival. 
  • September 2010, Microsoft announced that the Windows Live Spaces blogging service will be Terminate gradually in favour of WordPress.com.
  • May 2010, Microsoft announced halt on the Response Point phone system. 
  • June 2010 saw Microsoft announcing discontinuation its new generation of smartphones.
  • September 2010, Microsoft announced closure of Vine, a service built to help keep friends and family in touch during emergencies. 

2.      Thanks TimesofIndia

Mozilla @ Prone again!!!!

1.    Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

2.    Thanks http://www.us-cert.gov

Monday, November 01, 2010

Bredolab grabs Attention

1.    A 27-year-old Armenian man has been charged as being the mastermind behind the Bredolab botnet, a network of millions of compromised computers worldwide.Main features of this trojan botnet are enumerated below for info : 
  • Users of computers with viruses from this network will receive a notice of at the time of next login with information on the degree of infection. 
  • Bredolab, known for spreading spam and rogue antivirus, is thought by some experts to have infected at least 30 million computers.
  • Spread via drive-by attack websites and spam email attachments.
  • Infecting machines with a backdoor that downloads additional malware without the victim's knowledge. 
  • Sends out spoofed password reset messages to Facebook users in an attempt to spread malware and infect users of the social network.
  • Has the power to obtain information on the user's computer including the ability to copy, change or delete files and other information," 
  • Pushdo botnet uses Facebook to spread malicious email attachment: A phony message warns users that their Facebook password has been reset.
  • Majority of infections are in the U.S. and the U.K. and many Western European countries.
  • Discovered by the Dutch High Tech Crime Team in the late summer.
  • Capable of infecting 3 million computers a month. The botnet network used servers hired in the Netherlands from a reseller of LeaseWeb, which is the largest hosting provider in the Netherlands, and one of the largest hosts in Europe.
  • Able to constantly change its appearance to avoid detection by traditional antivirus signatures. Like other botnets, the Trojan communicated with the command-and-control server using encrypted messages.

Adobe flash Player hit!!!!

1.    A critical vulnerability has been exposed in Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems & Adobe Flash Player 10.1.85.3 and prior versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component .

2.   This exploit (CVE-2010-3654) could cause a crash and provision attacker into the drivers seat to take control of the affected system. 

3.   Adobe has released recommendations of how to avoid becoming a target on the subject matter but is still working in labs to find a fix.....click here for more

Intel opens first chip plant in China??

1.    The article at this post here informs in detail about the location,capacity of the first Intel chip set plant in China.The new plant fulfills Intel's total investment commitment in China to $4.7 billion. Intel has also established an assembly and test site in Chengdu as well as R&D centers and labs in Beijing, Shanghai and elsewhere in China, it said.

2.    What made me took a second read on this article was that since about last 6 years,whatever Motherboards and Chipsets from intel I have bought and seen in various machines....all chip sets have a common imprint of MADE IN CHINA since then....so if this is the first plant being set up in china....where were the earlier ones being made or printed???????

6$ is all to shut down a Cloud Client site!!!!

1.    CaaS,as mention at an earlier blog post here,has come up with a new success(or is it failure?) story.Now this goes like this.....invest $6 and take down any client's server with the help of Amazon's EC2 cloud infrastructure!!!!!  

2.    The cloud-based denial-of-service attack was part of a presentation : Cloud Computing, a Weapon of Mass Destruction? An onsite demo during the presenatation by Bryan and Anderson involved entering a name and credit card number, the experts created a handful of virtual server instances on Amazon's EC2. They started with only three virtual servers, uploaded their prototype attack tool, called Thunder Clap, scaled up to 10 servers, and then took their client's company off the Internet.Security consultants David Bryan of Trustwave and Michael Anderson of NetSPI said that they encountered nothing to stop them, like no special bandwidth agreements and no detection mechanisms for servers taking malicious actions. Their Thunder Clap program uses cloud-based services to send a flood of packets toward the target company's network. They reported that they can control the software directly or through a command left on a social network.Bryan and Anderson launched the attack to test their client's network, a small business that wanted its connectivity tested. According to DarkReading, Bryan said, "A threat agent could potentially run extortion schemes against a company by attacking for a couple of hours -- and then telling the company that, if you don't pay me, then I will attack you again." Amazon reportedly failed to reply to complaints by the security consultants.

3.    This can provision customised Botnets availability on rent, giving "would-be attackers a criminal 'cloud' from which to buy services."......seems like it is still tooo early to rely 100% on CLOUDS!!!!!!

Powered By Blogger