Wednesday, January 21, 2009

Facebook and Extortion?

Hackers ripping off Aussie Facebook users

Hackers are hijacking the profiles of Australian Facebook users and attempting to extort money from their friends using a bogus story about being mugged in London.

Ninemsn has spoken to four Facebook users whose accounts have been hacked — three in the past week — and evidence suggests more have been targeted.

In each instance, the attack followed the same pattern. First the person's user name, password, alternative email address and other details were changed. The scammers then assumed the user's identity and contacted scores of people, claiming to be stuck in London after being mugged at gunpoint.

It is not clear where the fraudsters are based, if the same people are behind all of the attacks or how the accounts were initially compromised but the London suburb of Kentish Town is mentioned in several exchanges.

At least one person fell for the sophisticated scam and sent cash through to the hackers via a Western Union money transfer.

It is interesting read, please refer here to read full article.

Friday, January 9, 2009

PCWorld - Five Most Dangerous Security Myths

The Five Most Dangerous Security Myths

Still think that today's computer viruses and other malware come from some maladjusted teen out to vandalize your PC to make a name for himself? Think again. The persistent myth is a holdover from days long gone, and it's important to dispel it if you want to know what you're up against - and how to protect yourself.

The splashy worms and malicious viruses that clogged entire networks and indiscriminately wiped hard drives are essentially gone. Today, it's all about cash - and lots of it. If there's a way to use evil software to make money, whether it means taking over a PC to send pharmacy-advertising spam, or stealing financial logins and credit card info, or even hacking game accounts, it's out there in some form.

There's even a thriving online black market that sells everything from software kits to roll-your-own malware to spam services using infected PCs to reams and reams of credit card data stolen by keylogger malware.

Refer here to read full article.

This article is good to read but many readers didn't agree with it.

Wednesday, January 7, 2009

If you have LinkedIn Profile, Be careful!

Fake celeb LinkedIn profiles lead to malware

A security researcher has discovered fake profiles for celebrities on LinkedIn that have links to malicious code, according to a blog posting on Trend Micro's site.

The celebrity profiles that are not to be trusted include ones created using the names: Beyonce Knowles, Victoria Beckham, Christina Ricci, Kirsten Dunst, Salma Hayek, and Kate Hudson. They were uncovered by Trend Micro Advanced Threats Researcher Ivan Macalintal.

In its blog posting late on Monday, Trend Micro said it was continuing its investigation. The links on the professional networking site attempt to lure viewers by purporting to be nude shots of the celebrities. McAfee's Avert Labs Blog has more details and screenshots.

Tuesday, January 6, 2009

De-ICE Pen Test LiveCD

VMware Documentation for De-ICE Pen Test LiveCD's Released

The De-ICE Pen Test LiveCD's are Slax based hacking scenarios that are easy to setup in a lab environment. Great for developing your pen test skills on your own time. This article describes the LiveCD's and also provides documentation on configuring a virtual network in VMware to easily use the LiveCD's.

Sunday, January 4, 2009

Malware Behavior Analysis Tool

Zero Wine

Zero wine is an open source (GPL v2) research project to dynamically analyze the behavior of malware. Zero wine just runs the malware using WINE in a safe virtual sandbox (in an isolated environment) collecting information about the APIs called by the program.

The output generated by wine (using the debug environment variable WINEDEBUG) are the API calls used by the malware (and the values used by it, of course). With this information, analyzing malware's behavior turns out to be very easy.

Zero wine is distributed as one QEMU virtual machine image with a Debian operating system installed. The image contains software to upload and analyze malware and to generate reports based on the information gathered (this software is stored in /home/malware/zerowine).

Running the distributed virtual machine with the correct command line options (use the supplied startup shell script to run the virtual machine) provides a web based (web server is written in python) graphical interface to upload malware to be analyzed (a CGI written, also, in python).

When a new malware is uploaded, it is copied to the directory /tmp/vir/MD5_OF_THE_FILE, then, the previous created WINE environment (WINEPREFIX if you prefer) is removed and a backup system is untared (the backup system is /home/malware/backup/backup.tar.gz). After this operation, the malware is executed using the shell script malware_launcher.sh (the file is stored in the folder /home/malware/bin).

For more details please refer here.

Happy New Year

2008 is gone! Let's Welcome the brand new 2009.

I would like to wish all my readers best for 2009. Thanks for visiting my blog, comments and suggestions throughout the year 2008.

Looking forward to post more interesting stuff in 2009.

Shoaib