Anonymous hacked Paypal, Symantec and Others Companies

The websites of PayPal, Symantec and several other companies have been hacked.

The Anonymous hacker collective has claimed responsibility for the cyberattacks, claiming on Twitter  the hacks are part of a “November 5th protest.”

Anonymous hacked ImageShack’s Server and Symantec Database using some zero day exploits. The hacked database of Symantec is dumped in a pastebin file. The hacked database of symantec includes phone numbers, email, domain, password, name, username etc. They have also hacked over 28,000 paypal accounts.

Anonymous has also called for a public protest in front of Britain’s Houses of Parliament at 8pm today.

“This is the centrepiece of a worldwide Anonymous operation of global strength and solidarity, a warning to all governments worldwide that if they keep trying to censor, cut, imprison, or silence the free world or the free internet they will not be our governments for much longer,” says the event’s description on Facebook.

Continue Reading

Application Security and Bug Free Coding - The Infographic

Infographic by Veracode Application Security

Continue Reading

Exploring the Duqu Bot

The Duqu trojan is composed of several malicious files that work together for a malicious purpose. The first component is a Windows kernel driver that searches for and loads encrypted dynamic link library (DLL) files. The decrypted DLL files implement the main payload of Duqu, which is a remote access trojan (RAT). The RAT allows an adversary to gather information from a compromised computer and to download and run additional programs.

Duqu vs Stuxnet

Attribute	Duqu	Stuxnet
Infection Methods	Unknown	USB (Universal Serial Bus) PDF (Portable Document Format)
Dropper Characteristics	Installs signed kernel drivers to decrypt and load DLL files	Installs signed kernel drivers to decrypt and load DLL files
Zero-days Used	None yet identified	Four
Command and Control	HTTP, HTTPS, Custom	HTTP
Self Propagation	None yet identified	P2P (Peer to Peer) using RPCs (Remote Procedure Call) Network Shares WinCC Databases (Siemens)
Data Exfiltration	Add-on, keystrokelogger for user and systeminfo stealing	Built-in, used for versioning and updates of the malware
Date triggers to infect or exit	Uninstalls self after 36 days	Hard coded, must be in the following range: 19790509 => 20120624
Interaction with Control Systems	None	Highly sophisticated interaction with Siemens SCADA control systems

Like Stuxnet, Duqu attacks Windows systems using a zero-day vulnerability. The installer file is aMicrosoft Word (.doc) that exploits the Win32k TrueType font parsing engine and allows execution. Duqu Malware targets one of the problems in T2EMBED.DLL, which is a TrueType font parsing engine.

How Does Duqu Spreads ? 

Duqu doesn't spread on its own. In one known case, Duqu was installed by a document attachment which was delivered via an e-mail message.

What are indicators of a Duqu infection?

Duqu contains a backdoor that steals information. Infostealers need to send the stolen info back somehow. Careful infostealers try to make the transfer look innocent in case somebody is watching network traffic. Duqu hides its traffic by making it look like normal web traffic. Administrators should monitor their network for systems attempting to resolve this domain or connect to the C2 IP address for possible infection.
Duqu connects to a server (206.183.111.97 a.k.a. canoyragomez.rapidns.com – which used to be in India) and sends an http request. The server will respond with a blank JPG image. After which Duqu sends back a 56kB JPG file called dsc00001.jpg and appends the stolen information (encrypted with AES) to the end of the image file.Read more about the jpeg here

Name	File Size	MD5
jminet7.sys	24,960 bytes	0eecd17c6c215b358b7b872b74bfd80
netp191.pnf	232,448 bytes	b4ac366e24204d821376653279cbad8
netp192.pnf	6,750 bytes	94c4ef91dfcd0c53a96fdc387f9f9c3
cmi4432.sys	29,568 bytes	4541e850a228eb69fd0f0e924624b24
cmi4432.pnf	192,512 bytes	0a566b1616c8afeef214372b1a0580c
cmi4464.pnf	6,750 bytes	e8d6b4dadb96ddb58775e6c85b10b6c
<unknown>   (sometimes referred to as keylogger.exe)	85,504 bytes	9749d38ae9b9ddd81b50aad679ee87e
nfred965.sy	24,960 bytes	c9a31ea148232b201fe7cb7db5c75f5
nred961.sys	unknown	f60968908f03372d586e71d87fe795c
adpu321.sy	24,960 bytes	3d83b077d32c422d6c7016b5083b9fc
iaStor451.sys	24,960 bytes	bdb562994724a35a1ec5b9e85b8e054f

(The byproducts in the Table  have been collected from multiple Duqu variants and would not be present on a single infected computer.)

Why DUQU ? 

The name “Duqu” was assigned to this malware because the keylogger program creates temporary files that begin with the prefix “~DQ”. A computer infected with Duqu may have files beginning with “~DQ” in Windows temporary directories.

References - 

www.pcworld.com/businesscenter/article/243405/microsoft_leaves_duqu_worm_exploit_unpatched.html

http://www.f-secure.com/weblog/archives/00002264.html

http://technet.microsoft.com/en-us/security/advisory/2639658

http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two

http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit

http://en.wikipedia.org/wiki/Duqu

Continue Reading

Save Yourself from Short URL Scams And Hacking

HOW TO: Save Yourself from Short URL Scams And Hacking!




Different URL Shortening services like TinyURL , bit.ly , is.gd , ow.ly , goo.gl , and many more have made it easier for us to share our links with ease, and in a neat and clean way.
But some scammers are also using this service for faking people into scam websites and other fraud affairs as users cannot distinguish between the good and the scam short urls, they look same to us.
So in order toprotect us from these types of scams in social networking sites such as Facebook or micro-blogging sites such as Twitter by means of using short urls, some people at LongURL has come up with the idea of showing previews of the short urls created by a huge number of sites, to users, so that they can see if the site is genuine or fraud. To check a short url follow these steps

Last time i was seen on our 4m s4m hackerz use bit.ly short url 4 hacking ff

Step - 1


Copy the short url you want to check, and then go to LongURL.org , and paste the short url in the box provided there, and click Expand!



Step - 2


Now you will be shown the details of the page the short url redirects to, the title of the page, a little description about the page if provided by the webmaster, and the long url it redirectsto.



Tip


If you don't want to visit the LongURL site everytime you want to check for a URL, then you can install the LongURLFirefox Extension to ease your work. Just bring your cursor over the link, andyou'll know about the site.



Get the LongURL Firefox Extension here!


So plz don't click on short url like , bit.ly , is.gd , ow.ly , goo.gl etc etc. If u want to click on this short url then first check the link on longurl.org

Continue Reading