Archive for November, 2011

Recently We Expose about 25 Facebook phishing websites and also write about biggest Facebook phishing in French which steal more then 5000 usernames and passwords. Today another new attack on Facebook users with Zeus Bot comes in action. The researchers of Danish security firm CSIS, has spotted a worm spreading within the Facebook platform. A new worm has popped up on Facebook, using apparently stolen user credentials to log in to victims’ accounts and then send out malicious links to their friends. The worm also downloads and installs a variety of malware on users’ machines, including a variant of the Zeus bot.
If followed, the link takes the potential victim to a page where he or she are offered what appears to be a screensaver for download. Unfortunately, it is not a JPG file, but an executable (b.exe). Once run, it drops a cocktail of malicious files onto the system, including ZeuS, a popular Trojan spyware capable of stealing user information from infected systems. The worm is also found to have anti-VM capabilities, making it useless to execute and test in a virtual environment, such as Oracle VM VirtualBox and VMWare.
Zeus is a common tool in the arsenal of many attackers these days, and is used in a wide variety of attacks and campaigns now. It used to be somewhat less common, but the appearance of cracked versions of the Zeus code has made it somewhat easier for lower-level attackers to get their hands on the malware. Zeus has a range of capabilities, and specializes in stealing sensitive user data such as banking credendtials, from infected machines.
The worm carries a cocktail of malware onto your machine, including a Zbot/ZeuS variant which is a serious threat and stealing sensitive information from the infected machine,” warn the researchers.The worm is hosted on a variety of domains, so the link in the malicious message may vary. Other servers are used to collect the data sent by the aforementioned malware and to serve additional malicious software.
This type of thing is very rare to just send to your email without you requesting it so I would advise anyone who thinks that you may have seen an email like this to delete it and mark it as spam right away.

While Apple’s engineers toil away deep in the heart of their Cupertino headquarters, developers have taken it upon themselves to make Siri even more impressive than usual. Forget about setting reminders and checking the weather — with a little bit of know-how (and a homebrew proxy server), Siri can start your car for you.

Developer Brandon Fiquett is behind this little hack, and boy what a hack it is. Building off the same Siri Proxy server that allowed @plamoni to control a thermostat over WiFi, Fiquett created a plugin that interacts with a PHP script that lives on his own webserver. That PHP script allows Fiquett to send commands to any (registered) car with a Viper SmartStart system, which in this case means his silver Acura TL.

The end result is just as impressive as it sounds: when asked, Siri can fire up his Acura’s engine, pop its trunk, lock the doors, and trigger the car’s alarms (not that anyone really pays attention to them). We’ve seen iPhones do similar things before — Disrupt NY winner GetAround has an iPhone app that can unlock the doors of certain rental cars — but doing it with your voice will add a dash of Knight Rider-esque style to anyone’s day. Phone-toting SmartStart fans will find a lot to love about Fiquett’s hack, not least of which is being able to leave that bulky blue control dongle at home.

Siri certainly has her fair share of shortcomings, but I’m glad to see developers taking Apple’s baby and running with it. If you’re feeling up to the challenge, Fiquett has made both the Siri Proxy pluginand the SmartStart-friendly PHP script available on GitHub — best of luck, and enjoy living out your Knight Rider fantasies.

Most organizations will invest on buying health insurance for their staffs as a way to protect them from any accidents or critical illnesses that might just occur at any point of their lives.

But when it comes to protecting work related documents, are organizations doing enough to ensure that all important data belonging to employees and the company are well protected from the following incidents:

Stolen laptops
Crashed hard disk
Servers hacked into
Some organizations will remind their staffs to frequently perform their own backup into an external or cloud storage server such as MyPCBackup to avoid the problems that can be caused by a hard drive or network failure..

To me, this is like not buying health insurance for staffs and telling them to take good care of themselves by having a better diet and having more regular exercise.

If your organizations prefers to not rely on staffs to do their own backups, then maybe it’s time to look into implementing an enterprise backup strategy for all to benefit from.

When searching for the right backup software or vendor, the following are 5 points I would consider when implementing an enterprise data backup strategy:

Is the backup process resource hungry?

One reason why I don’t like to backup my machine is because it can sometimes disrupt my PC usage experience. Because of this, I would leave the backup process to run at the end of the day but hey! it’s time to go home after a long work day. So why not leave it till tomorrow and the days after. Soon I realized that I don’t really have an effective and reliable backup in place because the data is only as good as the last time when it was safely stored.

A good backup process should only be resource hungry / cpu intensive when it is executed for the very first time. Subsequent backups should be in an incremental or progressive mode which backs up only new or modified data thus should run effortlessly in the background without the user even noticing that data has been backed up.

How long can data be retained?

Some backup solutions together with its procedures allow backups to be kept for a maximum of 1 month before the data gets overwritten. But what if you need some project information that was completed about 6 months ago and now that your hard disk is corrupted, the only data that can be recovered is those from a month ago of work.

A reliable enterprise data backup strategy should ensure that data can be retained, restored and recovered up till the day when the first backup was done, even if it was done a few years ago.

Can data be stored offsite?

I’ve seen some organization performing backups for their servers into a tape drive and leaving the tapes right next to the physical server. If a disaster occurs, both the server and the tapes will be destroyed together.

It is important that your enterprise backup strategy ensures that all backed up data are stored in another location. Since the Internet speed is getting much faster at lower costs these days, backing up and storing data over the cloud is a good way to ensure that data can be stored in a remote location through cloud backup technology.

Can backup process be automated?

If a backup solution is one that needs to be manually invoked then there’s a high chance that the backups won’t be done so frequently thus reducing it’s effectiveness.

A good enterprise backup solution should allow administrators to set the necessary configurations and allow the backup process to run automatically on a periodic basis. When a backup has been completed successfully, it should be logged and reports can be generated to view the status of the backups.

How fast can a backup be restored in case of a disaster?

When your laptop gets stolen and an important client presentation is just a few days away, how fast can you get another machine and restore everything back to the last time it was backed up? After a machine goes missing or become inaccessible, our first thoughts are usually whether or not we have a backup of things and if the backup file can be restored altogether.

In your enterprise data backup strategy, it important to ensure that backups can be restored easily and fast enough to ensure that downtime is cut down to the minimum.

credits :

Apache acknowledged another reverse proxy issue (CVE-2011-4317) which was discovered by Apache developer from Red Hat while creating a QualysGuard vulnerability signature for an older problem CVE-2011-3368. Depending on the reverse proxy configuration, the vulnerability could allow access to internal systems from the Internet.

In order to set up Apache HTTPD to run as a reverse proxy, server administrators use specialized modules like mod_proxy and mod_rewrite. Apache developers are working on a fix of a flaw in its web server software that creates a possible mechanism to access internal systems.The zero-day vulnerability only rears its ugly head if reverse proxy rules are configured incorrectly and is far from easy to exploit, but it is nonetheless nasty.
The problem isn’t new and a vulnerability that allowed similar attacks was addressed back in October. However, while reviewing the patch for it, Qualys researcher Prutha Parikh realized that it can be bypassed due to a bug in the procedure for URI (Uniform Resource Identifier) scheme stripping. The scheme is the URI part that comes before the colon “:” character, such as http, ftp or file.One relatively common rewrite and proxying rule is “^(.*) http://internal_host$1”, which redirects the request to the machine internal_host. However, if this is used and the server receives, for example, a request for “host::port” (with two colons), the “host:” part is stripped and the rest is appended to http://internal_host in order to forward it internally.The problem is that in this case, the remaining part is “:port”, therefore transforming the forwarded request into http://internal_host:port, an unintended behavior that can result in the exposure of a protected resource.In order to mitigate the problem server administrators should add a forward slash before $1 in the rewrite rule, the correct form being “^(.*) http://internal_host/$1”.

It is amazing how fast security measures are bypassed by hackers. it seems Windows 8 is now Malconed! Peter Kleissner has created the world’s first Windows 8 Bootkit which is planned to be released in India at the International Malware Conference MalCon.

An independent programmer and security analyst, peter was working for an anti-virus company from 2008 to 2009 and was speaker at the Black Hat and Hacking at Random technical security conferences. While his main operating fields are Windows security and analysis of new malware, his recent Important projects include the development of the Stoned Bootkit, a research project to subvert the Windows security model.

A bootkit is built upon the following broad parts:
Plugins (the payload)
And as put by peter, those parts are easy to split up in a criminal organization: Teams A-D are writing on the different parts. If you are doing it right, Team D (the payload writers) need no internal knowledge of the bootkit! Peter’s research website:

As per the MalCon website, peter’s travel is still not confirmed citing VISA issues, however, there are chances that the presentation may be done over the video or a speaker may step in on behalf of peter and release it at MalCon.

A gang of internet ‘cyber bandits’ who stole $14 million after hacking into at least 4 million computers in an online advertising scam have been arrested following a joint investigation by the FBI and Nasa. Six men are in custody in Estonia, pending extradition to the United States, following a two-year investigation into an “intricate international conspiracy” that “hijacked” millions of computers around the world and stole more than US$14-million. The FBI’s two-year investigation was dubbed “Operation Ghost Click”.
Computers in more than 100 countries were infected by the “DNSChanger” malware, which redirected searches for Apple’s iTunes store to fake pages pretending to offer Apple software for sale, as well as sending those searching for information on the U.S. Internal Revenue Service to accounting company H&R Block, which allegedly paid those behind the scam a fee for each visitor via a fake internet ad agency.
These defendants gave new meaning to the term ‘false advertising’,” said Manhattan US Attorney Preet Bharara. “As alleged, they were international cyber bandits who hijacked millions of computers at will and re-routed them to websites and advertisements of their own choosing, collecting millions in undeserved commissions for all the hijacked computer clicks and internet ads they fraudulently engineered.
Here’s some screenshots from the FBI’s “Check to See if Your Computer is Using Rogue DNS” instructions.
Trend Micro, which helped supply information to the FBI on DNS Changer, hailed the law enforcement operation as the “biggest cyber criminal takedown in history.” Whilst the rogue DNS servers have been replaced, many may still be infected. Head here to learn about how to check if your system is part of the DNS Changer botnet.

Debasish Mandal, A hacker from India , Found that there is a XSS through JavaScript Injection vulnerability in the Home page of Speed Bit Search Engine.The XSS filter is filtering normal html /script /iframe tags but XSS can be achieved by injecting JavaScript event “onmouseover()”.Technical Description is below. Debasish have reported the vulnerability to the Speed Bit Team but haven’t yet got any response from their side.

Proof Of Concept:
1) Visit this URL” onmousemove=”alert(document.cookie)
2) Bring mouse cursor over the hyperlink shown in the image and you should see a POP up box showing the browser cookies.