Beware of 'fake' Microsoft Security Essentials

Microsoft Security Essentials is a legitimate antimalware app, but a new rogue antivirus attack hijacks the brand as well

By Tony Bradley

PC World

Microsoft Security Essentials is fake. Well, it is and it isn't. Microsoft Security Essentials is a free anti malware protection program from Microsoft, but a new malware threat identified by security software vendor F-Secure is also masquerading as Microsoft Security Essentials. You want to avoid that one.

The new malware attack is distributed through a drive-by download as either hotfix.exe or mstsc.exe, both reasonably benign and almost legitimate sounding file names that might not raise red flags with some users.

The "alert" from the threat steals the Microsoft Security Essentials brand, including the little blue fortified castle icon. The software then displays a seemingly comprehensive list of anti malware solutions, including all of the top names that users are familiar with such as Trend Micro, McAfee, Panda, and Symantec and identifies those that are capable of detecting and blocking this nefarious threat.

The F-Secure blog explains, "Surprisingly, the only products that seem to be capable of handling the infection are AntiSpy Safeguard, Major Defense Kit, Peak Protection, Pest Detector and Red Cross. Never heard of these? No wonder. They are all fake products."

The attackers are counting on users being naive enough to take the bait and agree to be "saved" by purchasing one of these awesome anti malware tools to help eradicate the threat. But, since these are all rogue antivirus programs what you really end up with is some sort of Trojan that opens the system up to further malware compromise and exploit.

Don't get confused, though. As mentioned above, Microsoft Security Essentials is a legitimate anti malware application as well. It is offered for free by Microsoft, and is in fact a very capable defense against malware. Microsoft just recently expanded the availability of Microsoft Security Essentials to small businesses as well, making it free to install on up to ten PCs.

I must say, though, that I have never understood how anyone falls for rogue antivirus attacks. It seems to me that users should know whether or not they have some sort of malware protection installed, and if so which software it is. If no antimalware is installed, or if the fake alert is apparently from a program other than the one that is installed--why would anyone take it seriously?

Did magic anti malware fairies stop by in the night and install this new beneficent tool? And, doesn't it seem at all suspicious that this strange anti malware detection is capable of scanning the PC and identifying this new threat, but invites you to purchase something else to actually deal with the problem?

F-Secure detects this new rogue Microsoft Security Essentials threat as Trojan.Generic.KDV.47643.

---Like this post, Just leave a comment as your feedback. If you want us to post an article on some specific topic OR have a suggestions for us...you can also drop an email on [email protected]

read more "Beware of 'fake' Microsoft Security Essentials"

Analyze your packets using xtractr

xtractr is a hybrid cloud application for indexing, searching, reporting, extracting and collaborating on pcaps. This enables you to rapidly identify field issues and perform network forensics and troubleshooting with just a few clicks. The lite version of xtractr can index up to 10 million packets or 1 Gbyte of pcaps.

While xtractr can be used as a standalone application, it works best with Mu Studio to convert the problematic conversation into a stateful test case. The indices stays local to you on your network & you only access the application through the cloud. The analytics, searching, reporting and content slicing all happen between your browser and your xtractr instance. It also has a built-in web server, & supports more than one person analyzing the cloud at a time .You can have your team collaborate on it, label interesting flows, search, extract and report concurrently. You can even analyze different sets of packets on different ports on different tabs in browser.

You can check out the application here

 

like this post ? you can buy me a beer :)

Posted by XERO. ALL RIGHTS RESERVED

read more "Analyze your packets using xtractr"

NSDECODER – automatic Malware detection tool

Nosec has introduced NSDECODER which is a automated website malware detection tools. It can be used to decode and analyze weather the URL exist malware. Also, NSDECODER will analyze which vulnerability been exploit and the original source address of malware.

Functionality

• Automated analyze and detect website malware.
• Plenty of vulnerabilities.
• Log export support HTML and TXT format.
• Deeply analyze JavaScript.

Downloads
You can download NSDECODER one of these following links.

Download NSDECODER

like this post ? you can buy me a beer :)

Posted by XERO. ALL RIGHTS RESERVED

read more "NSDECODER – automatic Malware detection tool"

XSS vulnerabilities in top websites – What were they thinking ?

Recently, i tried to have a paradigm shift of some sort, to move from ASM to web technologies, & landed directly (again)  on XSS vulnerabilities. Being a fan of Rsnake, the God of XSS, I always wanted to learn a bit more about web app security scenario & I tried my hands on some XSS vulnerabilities & how they can be used to manipulate sessions.

The results ? well, I found some vulnerabilities in some prominent sites which I am disclosing here..,the deal is that I tried to contact the vendors (more on this later) to notify them of vulns. Remember hackable government & educational websites, consider this as the spiritual follow-up of the article.

Disclaimer 

I HAVE NOT HACKED ANY OF THE SITES AND THEIR DATABASES IN ANY WAY,JUST TESTED WEBSITES FOR VULNERABILITIES. I TESTED THEM AND FOUND ERRORS WHICH MAY/MAY NOT BE DISCLOSED HERE AND IN NO WAY ANY ONE CAN SUE ME FOR THIS AS I DID AND MEANT NO HARM TO THE DATA OF CONCERNED ORGANIZATIONS.

BY READING THIS ARTICLE YOU AGREE WITH THE DISCLAIMER.

IF YOU AGREE WITH THIS AGREEMENT,CONTINUE READING ELSE IMMEDIATELY LEAVE THIS WEBSITE.

Here we go, it all started with www.in.com [ ALEXA RANK 298 ] which had a simple XSS vulnerability to display cookies , inject code & God knows what else, I tried to contact the technical team in vain, then contacted them via a simple feedback form. Waiting for their response as of now..I moved on then. Please note that I have censored all the URLs & script details so as to protect attack originating after this article :P

 

I never liked Rediff [ ALEXA RANK 128 ]  & their services..too much ads to digest for me, again, it was easy to inject .

 

dl4all.com [ ALEXA RANK 1517 ]  was no exception, a simple search & thats all.

shaadi.com [ ALEXA RANK 935 ]  the premium matrimonial portal of India has XSS flaws..

A leading social networking website Itimes.com [ ALEXA RANK 6024 ]  was no better & a nobrainer.

Indiatimes.com [ ALEXA RANK 168 ] anyone ?

enough..as expected, I tried to contact all the support staff before releasing this article. My point ? what happens when there is no competent technical staff to handle the issue (I am looking at you AXISBANK !)  have a look at it

great..now that's what we wanted..more flaws in “secure” websites which pledge for our privacy. For the record, XSS flaws are independent of encryption & the so called layman lock mechanisms as the application behavior remains the same. I tried to contact authorities at AXIS bank but they were asking for my bank account number, to contact nodal officer, to contact xyzabc blah blah..but no support / tech staff.

Lets have a look at the alexa rank of the above websites -

www.rediff.com - 128

www.In.com - 298

www.Indiatimes.com - 168

www.shaadi.com – 935

www.dl4all.com – 1517

www.axisbank.com  - 2330

www.itimes.com – 6024

again, the above sites are the head honchos of social networking, downloads, have a lot of data in their hands & are vulnerable to XSS. Why they still have no technical feedback team is beyond my belief. Except itimes, i wasn't able to find a bug reporting facility in any of the sites mentioned above. Now that's pure genius ! Just what were they thinking ?!! Cant they learn from some good examples ? 

what i am doing ? to quote Rsnake

“ How many compromises of data security, that you are aware of, have been disclosed to the public as a percentage? “

ditto here..the websites are not safe, & so their claims. It took me about 30 minutes to write this post including the time to try XSS on the websites, ( excluding the email contact with the authorities where possible ). XSS/CSRF is the modern nightmare of security for any website today, prominent websites are constantly under attack & the recent cases which i have heard as of now, lot of bank websites were targets of CSRF based attacks, phishing & XSS. Imagine what a skillful attacker can do with a lot of time & patience (& a reason perhaps).

pray & spray..& trust no one.

like this post ? you can buy me a beer :)

Posted by XERO. ALL RIGHTS RESERVED

read more "XSS vulnerabilities in top websites – What were they thinking ?"

CWG Official Website Attacked by Pakistani & China Hackers

CWG Official Website Attacked by Pakistani & China Hackers

The audience at the Jawaharlal Nehru Stadium might have given a rousing welcome to the Pakistani contingent during the opening ceremony,but state-supported hackers in Pakistan and China were hard at work trying to deface official sites and disrupt data networks.

Experts from the department of information and technology had to keep a sharp vigil to prevent the hackers from either crashing sites or putting up demeaning messages intending to show India in poor light.The effort to foil the hackers intent on embarrassing India was no less intensive than on-ground security.

The attacks were traced to servers in Pakistan and China and while the hackers were purported to be individuals or non-state actors,the deniability for their sponsors was thin.The exercise is suspected to have been monitored by official agencies in both countries with the searchnet worm being the preferred weapon of attack.The attacks launched from China were the handiwork of students studying in technical institutes who are encouraged to take a go at targets identified by official agencies.Some of these universities are in close proximity to military establishments specializing in technical and IT-based offensive systems.

There were hundreds of attacks on the CWGs official website which were intended to put up insulting messages while the more serious attempts were aimed at data management systems.

Within a couple of hours of the opening ceremony of the mega event on October 3,hackers mostly traced to servers in China attacked the Games website,www.cwgdelhi 2010.org,forcing cyber security agencies to pay more attention to cyber security.

Though the cyber attackers have been traced to Pakistan as well,most of the hackers servers were found to be located in China, said a top government official.

SOURCE: TIMES OF INDIA

---Like this post, Just leave a comment as your feedback. If you want us to post an article on some specific topic OR have a suggestions for us...you can also drop an email on [email protected]

read more "CWG Official Website Attacked by Pakistani & China Hackers"

BCCI president-elect N Srinivasan cell phone hacked

The SOURCE for the below news is Times Of India. Well Lemme clear one thing to all my readers that to send a prank SMS, no need to hack a cell phone. There are so many websites available on net using which you can send the prank SMS's. It is something similar like email spoofing. In my personal opinion, this is not a case of CELL PHONE HACKING. Its actually a SMS's SPOOFING.

As per feedback received from Adnan Anjum: I think BCCI President Might be a victim of (SMS Attack ) because hacker send it at night, a hacker who has the right tools and know how to send a malicious text message to your phone capable of opening the web browser and taking to a harmful website. Once site opened, the site downloads a dirty executable to your phone,then all the information like,passwords will be in hackers database in the form of hashes then he can use tools like Encode/Decode Base64 to get the passwords,by this all types of sensitive information can also be hacked easily.These Attacks Are Mostly Carried out by sending Business Cards.

The original news is below:

Chennai: The cyber crime cell of the Chennai police has registered a case and launched investigations following a complaint by BCCI president-elect N Srinivasan that his mobile phone was hacked into and SMSes were sent to some IPL team owners asking them to fall in line.

According to Srinivasans complaint,a few IPL team owners had recently received an SMS from his number warning they too would face action because of their links with former IPL chief Lalit Modi.Srinivasan said in his complaint that he was shocked when he heard about the SMS.He said he requested the team owners to send the SMS back to him and denied sending any such message, a cop said.

Another police officer confirmed that Bangalore Royal Challengers,Mumbai Indians and another team owners recieved it.We are not sure if the message was sent only to these three.But as these three team owners contacted Srinivasan after receiving the SMS,he came to know about the hacking, the officer said.We have approached a service provider in Mumbai to identify the origin of the SMS.We hope to receive the details in a day or two.We are also in discussion with the technical team to narrow down on the hacker, police said.AFP

---Like this post, Just leave a comment as your feedback. If you want us to post an article on some specific topic OR have a suggestions for us...you can also drop an email on [email protected]

read more "BCCI president-elect N Srinivasan cell phone hacked"

Canada will spend $3.5M to fight hackers

The federal government will spend $3.5 million to set up a round-the-clock Information Protection Centre to protect its computer systems from hackers and cyber attacks, Public Safety Minister Vic Toews said Sunday.

The money is part of this year's federal budget, which allocated $90 million over five years, and $18 million in ongoing funding, toward the Cyber Security Strategy, the government said.

Michel Juneau-Katsuya, a former senior intelligence officer with Canada's spy agency, the Canadian Security Intelligence Service, said the government's strategy is long overdue and that Canada is far behind other Western nations in terms of readiness.

But Toews disagreed.

"Our funding builds upon significant efforts that have already been underway for some period of time," he said.

Canada's efforts are consistent with what the United States is doing, Toews said.

Juneau-Katsuya argued that to be on par with the U.S., Canada's new plan has to be implemented with speed.

Liberal MP and Public Safety critic Mark Holland agreed.

"If something happens tomorrow, we're not ready," he said. "It's very clear we're way behind the rest of the world in an area that's constantly changing, and so when you're behind you have to sprint to catch up."

Source from the CBC's Karina Roman

---Like this post, Just leave a comment as your feedback. If you want us to post an article on some specific topic OR have a suggestions for us...you can also drop an email on [email protected]

read more "Canada will spend $3.5M to fight hackers"

More than 100 arrests, as FBI uncovers cyber crime ring

The FBI says it has cracked a major international cyber crime network after more than 90 suspected members of the ring were arrested in the US.

The suspects worked as so-called mules for fraudsters based in Eastern Europe who hacked into US computers to steal around $70m.

More people were detained in Ukraine and the UK, local police said.

The FBI said the arrests were part of "one of the largest cyber criminal cases we have ever investigated".

Most of those arrested in the US were charged with conspiracy to commit bank fraud and money laundering, a US Attorney said.

They are suspected of acting as go-betweens or mules by providing bank accounts for an elaborate cyber crime scheme.

Hackers in Eastern Europe would use spam email to infect computers of small businesses and individuals in the US with a virus known as Zeus, the FBI said in a statement.

The unnamed hackers were then able to to access users' online passwords and bank account details and used them to transfer money to the bank accounts provided by the go-betweens in the US.

The crime ring attempted to steal around $220m, the FBI added.

The arrests were the result of an international operation that kicked off in Omaha in May 2009 when FBI agents noticed a row of suspicious bank transactions.

Law enforcement agencies in the US, Ukraine, the Netherlands and the UK were also involved in the investigation.

Police in the UK arrested 19 people suspected members of the ring.

In Ukraine, police arrested five people suspected of directing the scheme, the FBI said.

SOURCE: BBC

---Like this post, Just leave a comment as your feedback. If you want us to post an article on some specific topic OR have a suggestions for us...you can also drop an email on [email protected]

read more "More than 100 arrests, as FBI uncovers cyber crime ring"

Ministry of Sound website takes down by Anonymous

You may recall that a week ago, we reported on the ACS:Law fracas, when a group called Anonymous struck at the law firm’s website with a denial of service attack.

Upon getting the site back up, admins accidentally exposed archived emails which were downloaded from the company’s server and put up on file-sharing sites. At least 13,000 broadband users details have been revealed in the security breach, and the ICO is currently investigating the matter and deciding whether to finally exercise its relatively new powers to fine up to £500,000 for serious data leaks.

It seems that Anonymous has struck again this week, taking down the Ministry of Sound website last night. This is because the record label is now chasing down alleged file sharers suspected of illegally downloading its copyrighted material.

The label’s solicitor involved in the action, Gallant MacMillan, has also had its site knocked out. Currently both sites still remain unavailable.

In an interview with security firm Panda Labs (pointed out by The Register), Anonymous says it wishes “to fight back against the anti-piracy lobby.” The group describes itself as manifested anarchy, with no leaders or hierarchy, just people “from all walks of life” who will “keep going until we stop being angry.”

Story link: Anonymous takes down Ministry of Sound website

read more "Ministry of Sound website takes down by Anonymous"

Reverse Engineering for Noobs - Step by Step guide to crack A-One Video to Audio convertor

Its been some time since I have written a reverse engineering tutorial, & I thought it would be good to cover one at the dead of night :) What I am going to teach you today, is a simple reverse engineering tutorial.We will be cracking A-one Video to Audio convertor today, with just simple cracking. You can also give a read to a step by step guide to crack Winrar to have an insight into reverse engineering & decompiling, however this one is completely different & requires little to no programming & ASM knowledge.

 

Disclaimer – By Reading this tutorial You agree that this tutorial is intended for educational purposes only and the author can not be held liable for any kind of damages done whatsoever to your machine, or damages caused by some other,creative application of this tutorial.

In any case you disagree with the above statement,stop here.

Requirements

• A-one Video to Audio convertor (Download from yaomingsoft.com)
• OllyDBG
• Time & Patience

Download & install A-one Video to Audio convertor. Now as you can see, its a trial version & once you try to register it, it gives an error <obviously>, & we need to find ways against it.

Now, to being with, fire up OllyDBG & load the A-one Video to Audio convertor EXE file in it.

Now, right click on

CPU window -> Search for -> All Referenced Text Strings

& in Text string window, right click -> paste the "Registration code is error" string (which pops when you input wrong serial) After you find it, double click it & navigate to the memory address.

Now, once you have reached the intended memory address, you can navigate a bit up to see the "register successful" string.

Navigating a bit above will get a simple logic which calls a specific function, & then the function returns a result which is compared to EAX

CMP EAX,1

& then jumps to 407A0F

JNZ SHORT 00407A0F

which is the "register failed" condition.

The whole scenario means that if value of EAX is anything less than or grater than one, the program will be a trial version & will not accept any invalid serial key.

Now, you can put a break point above the function call by pressing F2 & run the program, & enter the serial, the program will break & we can then navigate inside the function by pressing F7

You will get into function code. Add the breakpoint there by pressing F2 & restart the program again by pressing Ctrl + F9

Run it again & you will find that it will break it at 00406B40 (where you put the last breakpoint)

now, we will execute code step by step by pressing F8, once we go a bit down, we find

JNZ Video2Au.00406C4A

which jumps below to

POP EDI

& further we find that the value of EAX is XORed to 0.

so in order to insert a precise value into EAX, we will modify by double clicking

XOR EAX,EAX

& changing it to

MOV AL,1

which will set the accumulator's value to 1 because

EAX        -    32 Bit reg <extended>
AX         -    16 Bit reg pair
AH / AL    -     8 Bit regs

where AL will represent the lower value, & setting it to one will set the accumulator to a precise value of 1, hence setting value of EAX to 1,which will lead to program being registered :)

now once you have done it, right click the code,

copy to executable-> selection.

In the coming window, right click again, save the file & you have a cracked working version of the software, paste it in program files directory & insert any serial.

it will work :D

 

I hope you liked it :)

like this post ? you can buy me a beer :)

Posted by XERO. ALL RIGHTS RESERVED.Source

read more "Reverse Engineering for Noobs - Step by Step guide to crack A-One Video to Audio convertor"

Facebook opens office in India

Social networking site Facebook today starts its operations in India by opening an office in Hyderabad. The office is already humming with an initial landing team from its headquarters in Palo Alto, California, and a team of recent hires from India, the company said in a statement. The office is headed by a dynamic leadership team, including Kirthiga Reddy, Director of Online Operations and Head of Office India and Manoj Varghese, Director of User Operations. "We are seeing a ton of momentum with our 15 million users, developers and advertisers right here India. It's an incredible time to be starting our operations in India," Director of Online Operations and India Head Kirthiga Reddy said.

To celebrate the opening of the new space in Hyderabad, Facebook launched an art competition, which will continue till October 22. The winner will be announced on November 15.

---Like this post, Just leave a comment as your feedback. If you want us to post an article on some specific topic OR have a suggestions for us...you can also drop an email on [email protected]

read more "Facebook opens office in India"

Hacking: Cyber War in Political Scenario

CLICK ON IMAGE TO IN LARGE. OFFICIAL WEBSITE IS AFTERNOON VOICE

CLICK ON IMAGE TO IN LARGE. OFFICIAL WEBSITE IS AFTERNOON VOICE

---Like this post, Just leave a comment as your feedback. If you want us to post an article on some specific topic OR have a suggestions for us...you can also drop an email on [email protected]

read more "Hacking: Cyber War in Political Scenario"