Monday, December 20, 2010

Backtrack-linux

LINUX-BACKTRACK


The Best Operating System for Hackers.


The Best Operating System for Hackers There are a couple of things that are essential to any hacker’s walk of life. To name a few, there’s the ubiquitous flash drive for data transfer. You have the crossover cable for even faster data transfer. There’s the Wi-Fi antenna for high gain and strong amplification. Possibly, you might find a video capture card in the computer. Of course, there’s
the ubiquitous laptop and desktop computer. But what software is on these computers? Undoubtedly, you will find at least two operating systems, most often Windows and Linux. But with Linux, there are several different distributions. Is there a specific one? With hackers and crackers, there is only one Linux distort out there. It is called Backtrack.
BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.
Regardless if you’re making BackTrack your primary operating system, booting from a Live DVD, or using your favourite thumb drive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.
BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tool collection to-date.
Back Track is quite possibly the most comprehensive Linux distribution of security tools. Both hackers and crackers can appreciate the features of this distribution. For black-hatters, it is an easy access to software that facilitates exploitations of secure system. For white-hatters, it is a penetration tester that finds holes in a security scheme. See, everybody wins!

Major Features
BackTrack features the latest in security penetration software. The current Linux kernel is patched so that special driver installation is unnecessary for attacks. For example, an Atheros-based wireless networking adapter will no enter monitor mode or inject packets without the MadWiFi driver patch. With BackTrack, you don’t need to worry about that. It’s just plug-and-play ready-to-go!
What’s great is that this Linux distribution comes Live-on-CD. So, no installation is needed. However, what you experience BackTrack, you will realize that it is a must to download this operating system and install it on your Laptop. At the very least, download the VMWare Virtual Appliance for Backtrack. Make sure you also install the VMWare Tools for Linux as well. Many features will still work in VMWare mode.
  • Based on: Debian, Ubuntu
  • Origin: Switzerland
  • Architecture: i386
  • Desktop: Fluxbox, KDE
  • Category: Forensics, Rescue, Live Medium
  • Cost: Free
Tools:
BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option.
BackTrack includes many well known security tools including:
  • Metasploit integration
  • RFMON Injection capable wireless drivers
  • Kismet
  • Nmap
  • Ettercap
  • Wireshark (formerly known as Ethereal)
  • BeEF (Browser Exploitation Framework)
A large collection of exploits as well as more common place software such as browsers. BackTrack arranges tools into 11 categories:
  • Information Gathering
  • Network Mapping
  • Vulnerability Identification
  • Web Application Analysis
  • Radio Network Analysis (802.11, Bluetooth, Rfid)
  • Penetration (Exploit & Social Engineering Toolkit)
  • Privilege Escalation
  • Maintaining Access
  • Digital Forensics
  • Reverse Engineering
  • Voice Over IP

Monday, November 22, 2010

BACKTRACK 4....lets start with it...

Linux distributions specially designed for penetration testing, security auditing, incidence handling, system investigation and analysis, data recovery, and other useful tasks.
Today, we will review another high-end, security-oriented distribution, BackTrack.



Introduction

BackTrack is one of the more popular distributions in the white hat circles. It is specially suited for penetration testing, with more than 300 tools available for the task. Like both Helix and Protech, BackTrack is based on Ubuntu. This means good stability and hardware detection and a whole lot of software that can be easily obtained.

Sound quite interesting. Let's see how it behaves. We're going to check version 4 Beta.

Lots of great stuff

Like most Linux distros - and definitely all forensics/security-oriented tools, BackTrack works primarily as a live CD, with good hardware detection and low memory footprint, intended to make it usable even on older machines. It is also possible to install BackTrack, should one desire.

The boot menu is simple and elegant, with three options.



The second option (Console no FB) stands for Console no Framebuffers, i.e. the failsafe mode with minimal graphics that should work well on all hardware. Thanks k finity! As to the third option, MSRAMDUMP, I did try booting it, but this produced an error and threw me back into the boot menu.

Anyhow ...

The distro maintains its elegance by booting into the best-looking console I have seen, with stylish color gradients and mirror effects. You can begin working instantly on the command-line or boot into GUI desktop by issuing startx command.





One thing worth noting in the screenshot above is the mounting error on hda1, which is formatted with Ext4, a relatively new filesystem. In fact, the system I booted BackTrack on hosts a Jaunty install, with the Ext4 root partition. This is something that will probably be solved in future releases.

Desktop

The desktop is simple and functional, running a lightweight KDE3 manager. You get a simple wallpaper with dragon-like theme. Another interesting element is the Run box embedded in the panel, which allows you to run applications without invoking a terminal first.

Desktop



The network is not enabled by default and you'll have to fire it up manually.

Tools

BackTrack is all about lots and lots of hacking tools. Once again, I'm only going to present the tools, not show you how to use them. These tools are all double-edged swords, and without the right amount of respect, skill and integrity, you may cause more harm than good. Furthermore, do not deploy them in a production environment without the explicit approval from system administrators and INFOSEC people.

The tools can all be found under Backtrack in the menu, arranged into sub-categories. The collection is long and rich and it will take you a long time pouring over all of them, let alone mastering them. Most of the tools are command-line utilities, with menu items a link to the console with the relevant tool running inside it.


A few practical examples, there's the venerable nmap, Hydra and hping3:

nmap

hydra

Hping3




You may also want to audit Bluetooth devices. On the test machine, there are no Bluetooth devices, which explains the error you see below.

Then, there's the gdb (GNU Debugger) for analyzing crash dumps and memory cores.

Last but not the least, you get the great Wireshark (formerly Ethereal):

Other programs

BackTrack is mainly loaded with security applications, however it also has a reasonable assortment of "normal" programs. You get Firefox, already configured to use the exceptional Noscript extension.


You also get Synaptic, which makes software management easy and pleasant:




You also have Wine for Windows software.

WINE

And then, you can change wallpapers and get classic KDE looks.

Wallpaper

How I miss that wallpaper! To the best of my knowledge, it has not been included in most KDE releases since Kubuntu 6.06.

You can find more stuff in the K-menu:


K-menu

Errors

Being a beta, BackTrack 4 was not the most stable distro. In addition to the Ext4 error during the boot, there were some other problems. For example, both Lynx text browser and QtParted partitioning software refused to work.

Lynx

QtParted

Other things

One thing that may bother you is the issue with the documentation section on the official site. It's secure site, self-signed with an expired certified, at last when this article was written, although the expiration has been in effect since August 2008.

This is not something you expect to see on a site catering to the security-conscious audience.

Furthermore, there's the small issue of inconsistency when it comes to application names. For example, BlueSmash shows up as blue-smash on the command line, hping3 has a capital H in the menus, etc. BackTrack itself also comes in two flavors, with both lowercase and uppercase Ts.

Overall, there were no big issues, except for the occasional application errors.

Conclusion

BackTrack is a powerful hacking suite. It is well made, with stylish touches that add to the overall feel of the distribution. It runs very fast in the live mode, even faster than most installed distributions. Most importantly, the array of tool is rich, well balanced and overall quite impressive.

The Beta version did throw a few errors here and there, but it was nothing major. Small consistency issues also arise, and there's the lack of support for Ext4, which I expect will be solved soon. Documentation needs to be improved, starting with the website SSL certificate and continuing with lots of questions regarding the general usage.

Nevertheless, for security professionals looking for a complete testing package that has all their favorite gadgets neatly arrayed, on top of a stable, popular distribution and with Synaptic package management for easy replenishment of any missing bits, BackTrack is an excellent candidate for their work.



HAVE FUN>>>

Monday, November 8, 2010

BACKTRACK 4 R1... thats what a hacker need

Introduction

BackTrack is the world’s leading penetration testing and information security

auditing distribution. With hundreds of tools preinstalled and configured to run out of the box, BackTrack 4 provides a solid Penetration testing platform ‐ from Web application Hacking to RFID auditing – its all working in once place.

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking

History

BackTrack has a long history and was based on many different linux distributions until it is now based on a Slackware linux distribution and the corresponding live-CD scripts by Tomas M. (www.slax.org) . Every package, kernel configuration and script is optimized to be used by security penetration testers. Patches and automation have been added, applied or developed to provide a neat and ready-to-go environment.

Different version of backtrack.

Date Release

February 5, 2006 BackTrack v.1.0 Beta

May 26, 2006 The BackTrack project released its first non-beta version (1.0).

October 13, 2006 BackTrack 2 first public beta released.

November 19, 2006 BackTrack 2 second public beta released.

March 6, 2007 BackTrack 2 final released.

December 17, 2007 BackTrack 3 first beta release.

June 19, 2008 BackTrack 3 final released.

February 11, 2009 BackTrack 4 first beta release. (It's now based on Debian)

June 19, 2009 BackTrack 4 pre-final release.

January 9, 2010 BackTrack 4 final release.

May 8, 2010 BackTrack 4 R1 release

You can download your new copy of backtarck from :

http://www.backtrack-linux.org/downloads/

Thing you can do with backtrack-4 R1

BackTrack tools are arranged by parent categories. These are the categories

that currently exist:

BackTrack ‐ Enumeration

BackTrack ‐ Tunneling

BackTrack ‐ Bruteforce

BackTrack ‐ Spoofing

BackTrack ‐ Passwords

BackTrack ‐ Wireless

BackTrack ‐ Discovery

BackTrack ‐ Cisco

BackTrack – Web Applications

BackTrack ‐ Forensics

BackTrack ‐ Fuzzers

BackTrack ‐ Bluetooth

BackTrack ‐ Misc

BackTrack ‐ Sniffers

BackTrack ‐ VOIP

BackTrack ‐ Debuggers

BackTrack ‐ Penetration

BackTrack ‐ Database

BackTrack ‐ RFID

BackTrack – Python4

BackTrack – Drivers

BackTrack ‐ GPU

Conclusion

Backtarck 4 R1 is new realease of distributions where you can get all tools which you want. Whether you’re hacking wireless, exploiting servers, performing a web application assessment, learning, or social-engineering a client, BackTrack is the one-stop-shop for all of your security needs.

Tuesday, October 26, 2010

Window 7's "GODMODE"

Windows 7's so-called GodMode is actually a shortcut to accessing the operating system's various control settings

Although its name suggests perhaps even grander capabilities, Windows enthusiasts are excited over the discovery of a hidden "GodMode" feature that lets users access all of the operating system's control panels from within a single folder.

By creating a new folder in Windows 7 and renaming it with a certain text string at the end, users are able to have a single place to do everything from changing the look of the mouse pointer to making a new hard-drive partition.

The trick is also said to work in Windows Vista, although some are warning that although it works fine in 32-bit versions of Vista, it can cause 64-bit versions of that operating system to crash.

To enter "GodMode," one need only create a new folder and then rename the folder to the following:

GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

Once that is done, the folder's icon will change to resemble a control panel and will contain dozens of control options. I'm not sure it's my idea of playing God, but it is a handy way to get to all kinds of controls.

For example, the first one could be a folder named "vivek.{00C6D95F-329C-409a-81D7-C46C66EA7F33}"

(use everything inside quotes--but not the quotes themselves).

Here's the list of strings: Try out more example

{00C6D95F-329C-409a-81D7-C46C66EA7F33}
{0142e4d0-fb7a-11dc-ba4a-000ffe7ab428}
{025A5937-A6BE-4686-A844-36FE4BEC8B6D}
{05d7b0f4-2121-4eff-bf6b-ed3f69b894d9}
{1206F5F1-0569-412C-8FEC-3204630DFB70}
{15eae92e-f17a-4431-9f28-805e482dafd4}
{17cd9488-1228-4b2f-88ce-4298e93e0966}
{1D2680C9-0E2A-469d-B787-065558BC7D43}
{1FA9085F-25A2-489B-85D4-86326EEDCD87}
{208D2C60-3AEA-1069-A2D7-08002B30309D}
{20D04FE0-3AEA-1069-A2D8-08002B30309D}
{2227A280-3AEA-1069-A2DE-08002B30309D}
{241D7C96-F8BF-4F85-B01F-E2B043341A4B}
{4026492F-2F69-46B8-B9BF-5654FC07E423}
{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}
{78F3955E-3B90-4184-BD14-5397C15F1EFC}

And, as a reminder, to create the Godmode folder itself, use this string:

{ED7BA470-8E54-465E-825C-99712043E01C}

Botnet or Zombie--- a web Robot


DEFINITION -A botnet (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. Any such computer is referred to as a zombie - in effect, a computer "robot" or "bot" that serves the wishes of some master spam or virus originator. Most computers compromised in this way are home-based

A botnet or robot network is a group of computers running a computer application controlled and manipulated only by the owner or the software source. The botnet may refer to a legitimate network of several computers that share program processing amongst them.

Usually though, when people talk about botnets, they are talking about a group of computers infected with the malicious kind of robot software, the bots, which present a security threat to the computer owner. Once the robot software (also known as malicious software or malware) has been successfully installed in a computer, this computer becomes a zombie or a drone, unable to resist the commands of the bot commander.

A botnet may be small or large depending on the complexity and sophistication of the bots used. A large botnet may be composed of ten thousand individual zombies. A small botnet, on the other hand may be composed of only a thousand drones. Usually, the owners of the zombie computers do not know that their computers and their computers’ resources are being remotely controlled and exploited by an individual or a group of malware runners through Internet Relay Chat (IRC)

There are various types of malicious bots that have already infected and are continuing to infect the Internet. Some bots have their own spreaders – the script that lets them infect other computers (this is the reason why some people dub botnets as computer viruses) – while some smaller types of bots do not have such capabilities.

Different Types of Bots

Here is a list of the most used bots in the Internet today, their features and command set.

XtremBot, Agobot, Forbot, Phatbot

These are currently the best known bots with more than 500 versions in the Internet today. The bot is written using C++ with cross platform capabilities as a compiler and GPL as the source code. These bots can range from the fairly simple to highly abstract module-based designs. Because of its modular approach, adding commands or scanners to increase its efficiency in taking advantage of vulnerabilities is fairly easy. It can use libpcap packet sniffing library, NTFS ADS and PCRE. Agobot is quite distinct in that it is the only bot that makes use of other control protocols besides IRC.

UrXBot, SDBot, UrBot and RBot

Like the previous type of bot, these bots are published under GPL, but unlike the above mentioned bots these bots are less abstract in design and written in rudimentary C compiler language. Although its implementation is less varied and its design less sophisticated, these type of bots are well known and widely used in the internet.

GT-Bots and mIRC based bots

These bots have many versions in the Internet mainly because mIRC is one of the most used IRC client for windows. GT stands for global threat and is the common name for bots scripted using mIRC. GT-bots make use of the mIRC chat client to launch a set of binaries (mainly DLLs) and scripts; their scripts often have the file extensions .mrc.

Malicious Uses of Botnets

A botnet can have a lot of malicious applications. Among the most popular uses of botnets are the following:

Denial of Service Attacks

A botnet can be used as a distributed denial of service weapon. A botnet attacks a network or a computer system for the purpose of disrupting service through the loss of connectivity or consumption of the victim network’s bandwidth and overloading of the resources of the victim’s computer system. Botnet attacks are also used to damage or take down a competitor’s website.

Any Internet service can be a target by botnets. This can be done through flooding the website with recursive HTTP or bulletin-board search queries. This mode of attack in which higher level protocols are utilized to increase the effects of an attack is also termed as spidering.

Spamming and Traffic Monitoring

A botnet can also be used to take advantage of an infected computer’s TCP/ IP’s SOCKS proxy protocol for networking applications. After compromising a computer, the botnet commander can use the infected unit (a zombie) in conjunction with other zombies in his botnet (robot network) to harvest email addresses or to send massive amounts of spam or phishing mails.

Moreover, a bot can also function as a packet sniffer to find and intercept sensitive data passing through an infected machine. Typical data that these bots look out for are usernames and passwords which the botnet commander can use for his personal gain. Data about a competitor botnet installed in the same unit is also mined so the botnet commander can hijack this other botnet.

Key logging and Mass Identity Theft

Encryption software within the victims’ units can deter most bots from harvesting any real information. Unfortunately, some bots have adapted to this by installing a key logger program in the infected machines. With a key logger program, the bot owner can use a filtering program to gather only the key sequence typed before or after interesting keywords like PayPal or Yahoo mail. This is one of the reasons behind the massive PayPal accounts theft for the past several years.

Bots can also be used as agents for mass identity theft. It does this through phishing or pretending to be a legitimate company in order to convince the user to submit personal information and passwords. A link in these phishing mails can also lead to fake PayPal, eBay or other websites to trick the user into typing in the user name and password.

Botnet Spread

Botnets can also be used to spread other botnets in the network. It does this by convincing the user to download after which the program is executed through FTP, HTTP or email.

Pay-Per-Click Systems Abuse

Botnets can be used for financial gain by automating clicks on a pay-per-click system. Compromised units can be used to click automatically on a site upon activation of a browser. For this reason, botnets are also used to earn money from Google’s Adsense and other affiliate programs by using zombies to artificially increase the click counter of an advertisement.

CONCLUSION

What is certain is that botnets are widespread and growing, even attracting teenagers known as “script kiddies” who compete in building botnets. As a result, savvy computer users and administrators are taking steps to guard against rootkits that hand over access to hackers and script kiddies. Anti-rootkit software can be used to scan for existing rootkits, and other precautions can also be taken to minimize the risks of becoming part of a botnet.

Tuesday, August 10, 2010

Horses & Rats - Future Masters of World

While using Internet one must upgrade his knowledge about Horses and Rats, as these animals are no longer pets. Yes we are talking about Trojan horses[HORSE] And Remote Administration Tools [RAT].A Trojan horse, is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system where as A Remote Administration Tool is used to remotely connect and manage a Victims computers with a variety of tools, such as Screen/camera capture or control, File management, or whole Computer control. These are the harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems.A Botnet is a collection of Such software agents, that run autonomously and automatically.
Recently on 24 April 2010, Trusteer, a web security company, reports that a trojan horse virus called Zeus can steal online banking details from infected computers. The virus has infected one out of every 3,000 computers of the 5,500,000 million which the company monitors in the world.
The trojan can infect users of Mozilla Firefox and Microsoft Internet Explorer on Microsoft Windows, and steals login information by recording keystrokes when the machine connects to certain websites, usually banks or other financial institutions. The stolen data is transmitted to a remote server and sold to cyber-criminals.
Some Security experts has catagories Zeus as a financial malware. According to there research it infects consumer PCs, waits for them to log onto a list of targeted banks and financial institutions, and then steals their credentials and sends them to a remote server in real time. Additionally, it may inject HTML into the pages rendered by the browser, so that its own content is displayed together (or instead of) the genuine pages from the bank’s web server. Thus, it is able to ask the user to divulge more personal information, such as payment card number and PIN, one time passwords and TANs, etc.
Zues is understood to be the biggest culprit among the family of malware targeting the financial websites and institutions. According to some of the studies, as much as 44% of all financial malware are based upon Zeus.
Despite such an alarming state, it is shocking to know that most of the Latest Security Software, even if they are updated to the latest version, are incapable of finding and removing Zeus Malware infections. In a recent study by Trusteer, it has been revealed that as much as as 55% of all the tested 10,000 computers, which were equipped with the latest updated security software and antivirus, were not able to detect and remove the traces of Zeus Virus.
According to Anti Hacking Anticipation Society, till now no software, howsoever smart, intelligent and pricey, can buy you the absolute PC Security and Privacy. The safety of your computer is within user's own hands. user must exercise caution before you click on any link.

Free Virus with Free AntiVirus

Rogue AV programs have become increasingly common in last two years. There are couple of things interesting about rogue AV programs. First, the bad guys here do not use (in most cases) any sophisticated attacks on clients. They instead rely on visitors to wittingly install their "AV program". How do they do this? Through social engineering – they create web pages which are very authentic copy of legitimate screens in Windows operating systems. These web pages make visitors believe that their machine is infected with several malicious programs and that the offered "AV program" can help them clean it.
Once the rogue AV program is installed, the victim has to pay money to get it "working" or, in some cases to even uninstall it. So, the money making scheme is simple (some rogue AV versions even steal local data and install keyloggers).

In order to get people to visit their web sites serving rogue AV programs, the attackers use different vectors-
They Spend a huge ammount on Advertisement like Google Adwords, which make them always on a top of google search list. The victims who trust google usually fall in such pranks and download these malwares.
The main reason, however, why rogue AV is so successful is its persistence and amount of details - the web page they use to scare the visitor looks almost exactly like Windows' Security Center. One such page is shown below:
I was, of course, interested to see what else they do so I decided to analyze the code behind. First of all, I must say that the code is very elegant and clean, it's obvious that the bad guys got a real programmer to code the page (and malware?) for them.
The web page uses JQuery, a well known and popular JavaScript library. After setting up the environment, the JavaScript code on the web page shows a fake scan of the machine with seemingly random file names. The file names are actually grabbed from a huge array contained in a separate file (flist.js). The file names in this array (there is 1100 of them) are actually copied from a Windows XP machine (C:WindowsSystem32 directory). This, of course, increases the authenticity of the scan.
After the scan finishes, the user is informed that the machine is infected with viruses. The JavaScript code on the web page initially set up some handlers, so no matter what the user does next he will see a window notifying him that his machine is infected (interesting, the attackers used JavaScript confirm() method to display this message).
Of course, this wasn't generated by Windows – it's actually just an image the attackers created. The "Remove all" and "Cancel" also aren't real buttons, just part of the image which has a handler that will get executed wherever the user clicks. You guess, on a click it will try to download the Rogue AV program. To eliminate any confusion, they also show this nice window where they explain what exactly needs to be done in order to install their rogue AV program.

It is now not strange that rogue AV programs are infecting so many machines. The devil is in the details, and the attackers made damn sure that all details are here to fool the potential victims.

Facebook Hacked !!

Social Networking websites have changed the way we interact in our personal lives and are in the process of transforming our professional lives. Increasingly, they play a significant role in how business gets done. But they're also high risk. With hundreds of millions of users, these tools have attracted attackers more than any other target in recent years.


According to Anti hacking Anticipation Society® the top social network threat that an enterprises or an individual must consider is "KOOBFACE" . Koobface an anagram of Facebook, has become, "the largest Web 2.0 botnet."which challenges the definition of "worm," it is specifically designed to propagate across social networks like Facebook, mySpace, Twitter, hi5, Friendster and Bebo.

Koobface is a computer worm that targets the Microsoft Windows users of the social networking websites. Koobface ultimately attempts, upon successful infection, to gather sensitive information from the victims such as credit card numbers. It was first detected in December 2008 and a more potent version appeared in March 2009.



Koobface spreads by delivering Facebook messages to people who are 'friends' of a Facebook user whose computer has already been infected. Upon receipt, the message directs the recipients to a third-party website, where they are prompted to download what is purported to be an update of the Adobe Flash player. If they download and execute the file, Koobface is able to infect their system. It can then commandeer the computer's search engine use and direct it to contaminated websites. There can also be links to the third-party website on the Facebook wall of the friend the message came from sometimes having comments like LOL or YOUTUBE. If the link is opened the trojan virus will infect the computer and the PC will become a Host Computer. Among the components downloaded by Koobface are a Special program that blocks access to well known security websites and a proxy tool that enables the attackers to abuse the infected PC.

The Windows operating system is currently the only operating system affected by these worms. Koobface is also known as W32/Koobface, W32/Koobface.AZ, W32.Koobface and Boface. Koobface gets on a machine and checks if there are cookies of social networking websites. If found, the worm infects victim’s profile. If no cookie found, it simply erases itself from the computer. Koobface also loads pop-ups that look like MS Windows error messages. The pop-up contains the following text: “Error installing Codec. Please contact support.” The Koobface worm targets Twitter users by spreading through links looking like Youtube Video Urls. When users click on that url, Koobface activates. Whenever this person logs on Twitter again, Koobface automatically comes out from its link and starts scrabling.



Some Tips to deal with KoobFace From Anti Hacking Anticipation Society®.

To manually remove Koobface from your PC, first kill processes fbtre6.exe, mstre6.exe and ld08.exe

Then, delete the registry values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”

HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating



Now delete the files fbtre6.exe, fmark2.dat and ld08.exe from your hard disk. Also Install Anti Viruses, and also update the signnature databases daily to protect you and your computer.

Have you experienced "carding" fraud?

OK, This was a touchy question. Touchy because:

a) No one wants to admit they're a victim of fraud.

b) No one wants to attract more fraud by talking about it.

Carding is a term used for a process to verify the validity of stolen card data. The thief presents the card information on a website that has real-time transaction processing. If the card is processed successfully, the thief knows that the card is still good. The specific item purchased is immaterial, and the thief does not need to purchase an actual product; a Web site subscription or charitable donation would be sufficient. The purchase is usually for a mall monetary amount, both to avoid using the card's credit limit, and also to avoid attracting the card issuer's attention. A website known to be susceptible to carding is known as a cardable website.

According Anti Hacking Anticipation Society ® (HANS) In the past, carders used computer programs called "generators" to produce a sequence of credit card numbers, and then test them to see which were valid accounts. Another variation would be to take false card numbers to a location that does not immediately process card numbers, such as a trade show or special event. However, this process is no longer viable due to widespread requirement by Internet credit card processing systems for additional data such as the billing address, the 3 to 4 digit Card Security Code and/or the card's expiration date, as well as the more prevalent use of wireless card scanners that can process transactions right away. Nowadays, carding is more typically used to verify credit card data obtained directly from the victims by skimming or phishing.

Here's how it seems to work:

* Underground internet credit card thief gets a bunch of card numbers/addresses

* Underground internet credit card thief wants to re-sell this information

* In order to sell this info, thief must prove that it's valuable (that the card limits are desirable)

* For this, he/she turns to the internet, and websites that sell an "intangible good" that doesn't actually ship. All he/she needs is an email confirmation of their purchase, noting the amount charged, to verify that the card will go through for a large purchase.

* Card thief then sells the stolen card info, along with proof that it works for X amount.

As credit card fraud are too common so there are some Tips By Anti Hacking Anticipation Society That must be taken care of:

• When you get a new card, sign the back of it right away.

• Save all receipts and supporting documents for payments and cash withdrawals on the card in an envelope. Check with your monthly statement to compare it with these receipts but don't throw the statement (or the receipts) in the trash without shedding.

• If you change your address, immediately notify your new address and make sure the letters are still in your old address is collected by someone you trust.

• Never write your card number or PIN number on a piece of paper that you keep in your wallet with the cards. Even worse, don't pencil in your PIN number on your card.

• When paying in public with a credit card, cross out all the spaces above the signature to which you can include other items and new totals.

• When shopping online, make sure the website where you buy is secured. The website should have a SLL certificate and display it on the web, or at least have and address that begins with "https." The "s" stands for secure. You should also see a little closed lock symbol or similar symbol in your browser when you are on an https site.

• If you have to give your card number over the phone, make sure you can verify the authenticity of the company you are dealing with.

• Check your statement regularly. If you see a purchase that you do not recognize, call your card's fraud protection hotline. Or research the supposed name of the retailer from which you made the purchase. The longer you wait to look at your statement the harder it will be to recall and verify purchase amounts. Nowadays you can go online and check your statement as often as you look. It's a good habit to get into.

Monday, June 28, 2010

Cyber Laws-- One should know.

 We all are facing the problem of Hacking in one or the other way.  But do we all know about the laws in which that culprit "Cracker"  can really be punished?


If not, then,  HANS is making an effort to make you aware about your rights so that a right step can be taken at the right time  so that this "CYBER TERRORISM" can actually be stopped.


Section 43 - Unauthorised Access  means Using someone account without permission and authentication.
       Under the IT Act, 2008 no limit on amount of compensation for offences under Section 43.
 
       Under IT Act, 2008 all the acts referred under section 43, are also covered u/Sec. 66 if they are done  “dishonestly” or “fraudulently”.
 
Section 66(A)  Sending of offensive or false messages , Also known as “Cyber Stalking”

Section 66(B) Dishonestly receiving stolen computer resource or communication device
Also covers use of stolen Computers, mobile phones, SIM Cards, etc
Punishment – imprisonment upto 3 years or fine upto Rs. 1 lakh or both


Section66(C) Identity theft
Fraudulently or dishonestly using someone else’s electronic signature, password or any other unique identification feature.
Punishment - Imprisonment upto 3 years and fine upto Rs. 1 lakh


Section 66(D) Cheating by personation
Cheating by pretending to be some other person
Punishment – imprisonment upto 3 years and fine upto Rs. 1 lakh.


Covers sending of menacing, offensive or false messages via SMS/EMAIL/MMS
Punishment – imprisonment upto 3 years and fine.


Section 66(E) Violation of Privacy ,Popularly known as Voyeurism
Pune spy cam incident where a 58-year old man was arrested for installing spy cameras in his house to ‘snoop’ on his young lady tenants


Covers acts like hiding cameras in changing rooms, hotel rooms, etc
Punishment –Imprisonment upto 3 years or fine upto Rs. 2 lakh or both.


Section 66(F) Cyber terrorism
Whoever uses cyberspace with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people
Punishment - Imprisonment which may extent to life imprisonment


Section 67 - Publishing or transmitting obscene material in electronic form.
Punishment
First instance - imprisonment upto 3 years and fine upto Rs. 5 lakh.
Subsequent - imprisonment upto 5 years and fine upto Rs. 10 lakh.


Section 67(A) Cyber Pornography.
Publishing or transmitting sexually explicit acts in the electronic form
Similarity with Sec. 292 IPC
Punishment
First instance - imprisonment upto 5 years Subsequent - imprisonment upto 7 years Fine upto Rs. 10 lakh.


Section 67(B)
Creating, collecting, browsing, downloading, etc of Child Pornography
Punishment
First instance - imprisonment upto 5 years.
Subsequent - imprisonment upto 7 years
Fine upto Rs. 10 lakh.


Section 69Government’s power to intercept
Government to intercept, monitor or decrypt any information generated through any computer resource if it thinks to do so in the interest of the sovereignty or integrity of India.

Section 67(C)Preservation of information by intermediaries
Intermediary shall preserve and retain such information as may be specified for such duration and in such manner and format as the Central Government may prescribe.


Section 72(A) - Liability of Intermediary not to disclose any personal information
Intermediary to act as per the terms of its lawful contract and not beyond it.
Punishment – imprisonment upto 3 years or fine upto 5 lakh or both.


Section 79- Liability of Intermediary
An intermediary not to be liable for any third party information, data, or communication link made available or hosted by him.


Liability of Intermediary:-
Intermediary need to prove that he didn’t –
  • Initiate the transmission,
  • Select the receiver of the transmission, and
  • Select or modify the information contained in the transmission and
The intermediary observes due diligence while discharging his duties under the Act.

Section 84(B)Abetment
Abetting to commit an offence is punishable
Punishment – Same punishment provided for the offence under the Act


Section 84(C)Abetment
Attempt to commit an offence is punishable.
Punishment – Imprisonment which may extend to one-half of the longest term of imprisonment provided for that offence


Section 78Investigation Powers
As per the IT Act, 2008 Cyber crime cases can be investigated by the “Inspector” rank police officers.
Under  the IT Act, 2000 such powers were with the “DYSP/ACP”.


Section 77 (A)Compounding of Offences
Compounding – “Out of court settlement”


Offences
  •  “for which less than three years imprisonment has been provided” can be compounded.
  •   Such offence should not affect the socio economic conditions of the country or
  •   has been committed against a child below the age of 18 years or a woman.
These are the"Laws" according to the "IT AMENDMENT ACT 2008" which was passed in 2009.   We all should be aware of  our  CYBER RIGHTS,  so that  we together can fight with the "CYBER THREATS"