Tuesday, August 10, 2010

Horses & Rats - Future Masters of World

While using Internet one must upgrade his knowledge about Horses and Rats, as these animals are no longer pets. Yes we are talking about Trojan horses[HORSE] And Remote Administration Tools [RAT].A Trojan horse, is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system where as A Remote Administration Tool is used to remotely connect and manage a Victims computers with a variety of tools, such as Screen/camera capture or control, File management, or whole Computer control. These are the harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems.A Botnet is a collection of Such software agents, that run autonomously and automatically.
Recently on 24 April 2010, Trusteer, a web security company, reports that a trojan horse virus called Zeus can steal online banking details from infected computers. The virus has infected one out of every 3,000 computers of the 5,500,000 million which the company monitors in the world.
The trojan can infect users of Mozilla Firefox and Microsoft Internet Explorer on Microsoft Windows, and steals login information by recording keystrokes when the machine connects to certain websites, usually banks or other financial institutions. The stolen data is transmitted to a remote server and sold to cyber-criminals.
Some Security experts has catagories Zeus as a financial malware. According to there research it infects consumer PCs, waits for them to log onto a list of targeted banks and financial institutions, and then steals their credentials and sends them to a remote server in real time. Additionally, it may inject HTML into the pages rendered by the browser, so that its own content is displayed together (or instead of) the genuine pages from the bank’s web server. Thus, it is able to ask the user to divulge more personal information, such as payment card number and PIN, one time passwords and TANs, etc.
Zues is understood to be the biggest culprit among the family of malware targeting the financial websites and institutions. According to some of the studies, as much as 44% of all financial malware are based upon Zeus.
Despite such an alarming state, it is shocking to know that most of the Latest Security Software, even if they are updated to the latest version, are incapable of finding and removing Zeus Malware infections. In a recent study by Trusteer, it has been revealed that as much as as 55% of all the tested 10,000 computers, which were equipped with the latest updated security software and antivirus, were not able to detect and remove the traces of Zeus Virus.
According to Anti Hacking Anticipation Society, till now no software, howsoever smart, intelligent and pricey, can buy you the absolute PC Security and Privacy. The safety of your computer is within user's own hands. user must exercise caution before you click on any link.

Free Virus with Free AntiVirus

Rogue AV programs have become increasingly common in last two years. There are couple of things interesting about rogue AV programs. First, the bad guys here do not use (in most cases) any sophisticated attacks on clients. They instead rely on visitors to wittingly install their "AV program". How do they do this? Through social engineering – they create web pages which are very authentic copy of legitimate screens in Windows operating systems. These web pages make visitors believe that their machine is infected with several malicious programs and that the offered "AV program" can help them clean it.
Once the rogue AV program is installed, the victim has to pay money to get it "working" or, in some cases to even uninstall it. So, the money making scheme is simple (some rogue AV versions even steal local data and install keyloggers).

In order to get people to visit their web sites serving rogue AV programs, the attackers use different vectors-
They Spend a huge ammount on Advertisement like Google Adwords, which make them always on a top of google search list. The victims who trust google usually fall in such pranks and download these malwares.
The main reason, however, why rogue AV is so successful is its persistence and amount of details - the web page they use to scare the visitor looks almost exactly like Windows' Security Center. One such page is shown below:
I was, of course, interested to see what else they do so I decided to analyze the code behind. First of all, I must say that the code is very elegant and clean, it's obvious that the bad guys got a real programmer to code the page (and malware?) for them.
The web page uses JQuery, a well known and popular JavaScript library. After setting up the environment, the JavaScript code on the web page shows a fake scan of the machine with seemingly random file names. The file names are actually grabbed from a huge array contained in a separate file (flist.js). The file names in this array (there is 1100 of them) are actually copied from a Windows XP machine (C:WindowsSystem32 directory). This, of course, increases the authenticity of the scan.
After the scan finishes, the user is informed that the machine is infected with viruses. The JavaScript code on the web page initially set up some handlers, so no matter what the user does next he will see a window notifying him that his machine is infected (interesting, the attackers used JavaScript confirm() method to display this message).
Of course, this wasn't generated by Windows – it's actually just an image the attackers created. The "Remove all" and "Cancel" also aren't real buttons, just part of the image which has a handler that will get executed wherever the user clicks. You guess, on a click it will try to download the Rogue AV program. To eliminate any confusion, they also show this nice window where they explain what exactly needs to be done in order to install their rogue AV program.

It is now not strange that rogue AV programs are infecting so many machines. The devil is in the details, and the attackers made damn sure that all details are here to fool the potential victims.

Facebook Hacked !!

Social Networking websites have changed the way we interact in our personal lives and are in the process of transforming our professional lives. Increasingly, they play a significant role in how business gets done. But they're also high risk. With hundreds of millions of users, these tools have attracted attackers more than any other target in recent years.

According to Anti hacking Anticipation Society® the top social network threat that an enterprises or an individual must consider is "KOOBFACE" . Koobface an anagram of Facebook, has become, "the largest Web 2.0 botnet."which challenges the definition of "worm," it is specifically designed to propagate across social networks like Facebook, mySpace, Twitter, hi5, Friendster and Bebo.

Koobface is a computer worm that targets the Microsoft Windows users of the social networking websites. Koobface ultimately attempts, upon successful infection, to gather sensitive information from the victims such as credit card numbers. It was first detected in December 2008 and a more potent version appeared in March 2009.

Koobface spreads by delivering Facebook messages to people who are 'friends' of a Facebook user whose computer has already been infected. Upon receipt, the message directs the recipients to a third-party website, where they are prompted to download what is purported to be an update of the Adobe Flash player. If they download and execute the file, Koobface is able to infect their system. It can then commandeer the computer's search engine use and direct it to contaminated websites. There can also be links to the third-party website on the Facebook wall of the friend the message came from sometimes having comments like LOL or YOUTUBE. If the link is opened the trojan virus will infect the computer and the PC will become a Host Computer. Among the components downloaded by Koobface are a Special program that blocks access to well known security websites and a proxy tool that enables the attackers to abuse the infected PC.

The Windows operating system is currently the only operating system affected by these worms. Koobface is also known as W32/Koobface, W32/Koobface.AZ, W32.Koobface and Boface. Koobface gets on a machine and checks if there are cookies of social networking websites. If found, the worm infects victim’s profile. If no cookie found, it simply erases itself from the computer. Koobface also loads pop-ups that look like MS Windows error messages. The pop-up contains the following text: “Error installing Codec. Please contact support.” The Koobface worm targets Twitter users by spreading through links looking like Youtube Video Urls. When users click on that url, Koobface activates. Whenever this person logs on Twitter again, Koobface automatically comes out from its link and starts scrabling.

Some Tips to deal with KoobFace From Anti Hacking Anticipation Society®.

To manually remove Koobface from your PC, first kill processes fbtre6.exe, mstre6.exe and ld08.exe

Then, delete the registry values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”


Now delete the files fbtre6.exe, fmark2.dat and ld08.exe from your hard disk. Also Install Anti Viruses, and also update the signnature databases daily to protect you and your computer.

Have you experienced "carding" fraud?

OK, This was a touchy question. Touchy because:

a) No one wants to admit they're a victim of fraud.

b) No one wants to attract more fraud by talking about it.

Carding is a term used for a process to verify the validity of stolen card data. The thief presents the card information on a website that has real-time transaction processing. If the card is processed successfully, the thief knows that the card is still good. The specific item purchased is immaterial, and the thief does not need to purchase an actual product; a Web site subscription or charitable donation would be sufficient. The purchase is usually for a mall monetary amount, both to avoid using the card's credit limit, and also to avoid attracting the card issuer's attention. A website known to be susceptible to carding is known as a cardable website.

According Anti Hacking Anticipation Society ® (HANS) In the past, carders used computer programs called "generators" to produce a sequence of credit card numbers, and then test them to see which were valid accounts. Another variation would be to take false card numbers to a location that does not immediately process card numbers, such as a trade show or special event. However, this process is no longer viable due to widespread requirement by Internet credit card processing systems for additional data such as the billing address, the 3 to 4 digit Card Security Code and/or the card's expiration date, as well as the more prevalent use of wireless card scanners that can process transactions right away. Nowadays, carding is more typically used to verify credit card data obtained directly from the victims by skimming or phishing.

Here's how it seems to work:

* Underground internet credit card thief gets a bunch of card numbers/addresses

* Underground internet credit card thief wants to re-sell this information

* In order to sell this info, thief must prove that it's valuable (that the card limits are desirable)

* For this, he/she turns to the internet, and websites that sell an "intangible good" that doesn't actually ship. All he/she needs is an email confirmation of their purchase, noting the amount charged, to verify that the card will go through for a large purchase.

* Card thief then sells the stolen card info, along with proof that it works for X amount.

As credit card fraud are too common so there are some Tips By Anti Hacking Anticipation Society That must be taken care of:

• When you get a new card, sign the back of it right away.

• Save all receipts and supporting documents for payments and cash withdrawals on the card in an envelope. Check with your monthly statement to compare it with these receipts but don't throw the statement (or the receipts) in the trash without shedding.

• If you change your address, immediately notify your new address and make sure the letters are still in your old address is collected by someone you trust.

• Never write your card number or PIN number on a piece of paper that you keep in your wallet with the cards. Even worse, don't pencil in your PIN number on your card.

• When paying in public with a credit card, cross out all the spaces above the signature to which you can include other items and new totals.

• When shopping online, make sure the website where you buy is secured. The website should have a SLL certificate and display it on the web, or at least have and address that begins with "https." The "s" stands for secure. You should also see a little closed lock symbol or similar symbol in your browser when you are on an https site.

• If you have to give your card number over the phone, make sure you can verify the authenticity of the company you are dealing with.

• Check your statement regularly. If you see a purchase that you do not recognize, call your card's fraud protection hotline. Or research the supposed name of the retailer from which you made the purchase. The longer you wait to look at your statement the harder it will be to recall and verify purchase amounts. Nowadays you can go online and check your statement as often as you look. It's a good habit to get into.