Hitman Pro Runs Eight Different Anti-Malware Apps With One Click
Free application Hitman Pro scans your system for malware using not one, not two, but eight different anti-malware applications. Essentially, Hitman Pro is a helper utility that runs up to eight different cleaning tools when you tell it to. Some are favourites we all know and love, like Ad-Aware and Spybot S&D, while others are a bit more obscure. The idea behind Hitman Pro is that you've got a one-stop shop for killing off any malware that hits your system—regardless of whether it's spyware, adware, or some nasty virus. As the MakeUseOf post points out, scanning your system with each app can be a time-consuming process, so it's best to use when your computer is idle.
Refer here to download and for more details.
lm2ntcrack
lm2ntcrack provides a simple way to crack instantly Microsoft Windows NT Hash (MD4) when the LM Password is known. lm2ntcrack is Free and Open Source software. This sofware is entirely written in Perl, so its easily ported and installed.
lm2ntcrack must be used with the password cracker John the Ripper.
Please refer here for more details.
Browser-based NTLM Attack Toolkit
The purpose of this little doodad is to help you prove to your employer, your client, your best friend, your dog, or God that NTLM is truly dead. It does this by taking control of any browser that comes into contact with it and making it perform NTLM authentication at will. By using a set of API calls you can imbed Squirtle into existing penetration toolkits, proxies or otherfun tools at your disposal.
Please refer here for more details and to download.
Advances in attacking WPA-PSK
Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK, the protocol that today de-facto protects public WIFI-airspace. The project's goal is to estimate the real-world security provided by these protocols. Pyrit does not provide binary files or wordlists and does not encourage anyone to participate or engage in any harmful activity. This is a research project, not a cracking tool.
Pyrit's implementation allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff. The performance gain for real-world-attacks is in the range of three orders of magnitude which urges for re-consideration of the protocol's security. Exploiting the computational power of GPUs, this is currently by far the most powerful attack against one of the world's most used security-protocols.
Pyrit compiles and runs fine on Linux and MacOS X. None of the BSD systems were tested but all posix systems should be fine anyway. I don't care about Windows; drop me a line (read: patch) if you make Pyrit work without copying half of GNU in binary form...
Refer here to read more details and to download or refer here to read their blog.
Microsoft Says Windows Flaw Could Bring Worm Attack
Microsoft fixed a critical bug in its Windows operating system Thursday, saying that it is being exploited by online criminals and that it could eventually be used in a widespread "worm" attack.
Microsoft took the unusual step of issuing an emergency patch for the flaw, several weeks ahead of its regularly scheduled November security updates, saying that it is being exploited in "limited targeted attacks."
Please refer here to read full article on CIO.
I quote from Microsoft's Security Vulnerability Research & Defense website:
Most perimeter firewalls will block exploit attempts from outside your organization
If you are behind a perimeter firewall that filters inbound connections to TCP ports 139 and 445, you will not be reachable from the Internet. This is a common home user scenario. In this scenario, only the machines in your local LAN will have the ability to exploit this vulnerability.
This basically means, if you have strong filtration at firewall you are still safe from this exploit but this doesn't mean we should take vulnerability easy. I recommend all my readers and especially home users to deploy this patch as soon as possible.
More useful links can be found on Roger Halbheer's blog.
WiFi is no longer a viable secure connection
Global Secure Systems has said that a Russian's firm's use of the latest NVidia graphics cards to accelerate WiFi ‘password recovery' times by up to an astonishing 10,000 per cent proves that WiFi's WPA and WPA2 encryption systems are no longer enough to protect wireless data.
David Hobson, managing director of GSS, claimed that companies can no longer view standards-based WiFi transmission as sufficiently secure against eavesdropping to be used with impunity. He also said that the use of VPNs is arguably now mandatory for companies wanting to comply with the Data Protection Act.
He said: “This breakthrough in brute force decryption of WiFi signals by Elcomsoft confirms our observations that firms can no longer rely on standards-based security to protect their data. As a result, we now advise clients using WiFi in their offices to move on up to a VPN encryption system as well.
Please refer here to read full article.
WPA and WPA2 is the secure method after WEP which is commonly used by home users and perhaps many small-to-large size companies. This basically means, all wireless users using WPA and WPA2 are at risk and we should start looking at more secure wireless methods before we get victim of these types of attacks.
Monitor Ethernet Activity
Arpwatch tool monitors ethernet or fddi activity and maintain a database of ethernet/ip address pairings. It also reports certain changes via email. Arpwatch uses libpcap, a system-independent interface for user-level packet capture. Before building arpwatch, you must first retrieve and build libpcap. Once libpcap is built (either install it or make sure arpwatch and libpcap share the same parent directory), you can build arpwatch using
the procedure in the INSTALL file.
Refer here for more details and more interesting tools.
Firewalk - OpenSource Network Security tool
Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway.
If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway hostdoes not allow the traffic, it will likely drop the packets on the floor and we will see no response.
To get the correct IP TTL that will result in expired packets one beyond the gateway we need to ramp up hop-counts. We do this in the same manner that traceroute works. Once we have the gateway hopcount (at that point the scan is said to be `bound`) we can begin our scan.
It is significant to note the fact that the ultimate destination host does not have to be reached. It just needs to be somewhere downstream, on the other side of the gateway, from the scanning host.
To read more details about Firewalk please refer here.
Four in five Australian companies suffered data breach in past five years
A new survey reveals almost 80% of local companies have experienced data breaches in the past five years, with 40% recording between six and 20 breaches.
The Symantec Australian data loss survey shows 59% of businesses suspect they have been the victim of data breaches, but are unable to identify stolen information. A whopping 34% of respondents report an average breach cost them $5000, while 14% say breaches cost them between $100,000 and $999,999, and 7% over $1 million.
But the main cause of data breaches, the survey reports, was lost laptops at 45%, while human error accounted for 42% of cases. Malicious attacks were responsible for 28% of breaches, while hacking and malware were responsible for 24%.
A new virus electronic extremely dangerous threatening the owners of cards
A new type of virus "Trojan horse" threatening the owners of bank cards and electronic payment users, integrating into the sites and deceive consumers to provide confidential data such as credit card numbers and PIN. Moreover, the virus can infect any computer with a simple operation of a browser update.
According to IDG News Service, the malware known as Limbo “integrates itself into a Web browser using a technique called HTML injection, said Uri Rivner, head of new technologies at RSA Consumer Solutions. Because it’s so closely integrated in the browser, it can operate even while the user is at the real bank site and can actually change the layout of that site, he said.”
I quote from the article,
“Nothing tells you that something is wrong here, with one exception: You’re being asked to provide some information that you were never asked to do before,” Rivner said during a briefing for reporters and analysts earlier this week. “If you are convinced that you are now communicating with the bank, the fraudsters can get away with anything they like.”
Limbo can get onto a user’s computer through many paths, including both pop-up messages that ask you to download an add-on program and methods that are invisible to the user, he said. They sometimes get on to PCs in conjunction with other phishing attacks.
And like other malware programs, Limbo is becoming available to more fraudsters through an underground market that includes a complex supply chain and falling prices, according to Rivner. Limbo costs about $350 (U.S.), down from about $1,000 a year ago and $5,000 two years ago, he said.
“The big trend here is that it’s becoming affordable,” Rivner said.
The online fraud marketplace consists of so-called harvesters, who collect user information and “cash-out” operations that use the information to do whatever has to be done to translate that information into money. For example, harvesters may capture credit card numbers and cash-out operations may use those cards to buy products online, have them delivered to an address and sell them on the black market, Rivner said. The two classes of fraudsters typically meet and do business with each other in IRC chatrooms and dedicated Web forums, where the most successful fraudsters are the ones who develop a reputation for working reliably and honestly with other participants, Rivner said.
In line with this, internet users are advised to update their antivirus softwares and enable strict online security and privacy measures through their web browsers like Google Chrome, Firefox 3.0.1 or later versions and Internet Explorer 8.
An antivirus software that has a capability to protect you from accessing unsecure websites (Like McAffee Antivirus software and AVG Pro) can also help.
Just beware of this malware or else you will lose a lot of money if you’re into online banking.
Wabisabilabi puts 'zero day' shield into UTMs
I recently come across an interesting news that WabiSabilabi joined hands with UTMs and they will be using the "Zero Day Threats" into UTMs hardwares.
I quote from the article:
According to Roberto Preatoni, the company's chief technical officer, the original researchers of these flaws will be rewarded as subscribers pay for updates to the database, in essence earning them ongoing revenue.
"No more ‘one shot peanuts' as the researchers used to get as a treatment from the traditional hardware/software security producers; as long as their signatures will be useful, they will keep cashing money," he said.
If i understand this correctly, this means bad guys can sell the vulnerabilities of the copyright software plus they will get monthly loyalty subscribers pay?
I quote again from the news:
The company also planned to create a portal to allow researchers to sell their vulnerabilities directly to OneShield customers, he indicated.
If monthly subscibers pay is not enough, you can even directly sell the vulnerabilities to the customers.
Is this some kind of Internet Italian Mafia bringing their unethical principals in our security industry? In the eyes of world, they are trying to help researchers but in real sense they are supporting them!
PDF Files and Flash Ads Can Contain Malicious Code
Flash and PDF files on the Internet can contain hidden malicious code that's so sophisticated that most antivirus software won't detect the attacks even after they infiltrate vulnerable computers, according to a report released by the company Finjan, a provider of Web gateway and content-inspection solutions.
On Sept. 23, 2008, Finjan released its Malicious Page of the Month report detailing how malevolent hackers use Web 2.0 technologies to infest operating systems with the latest malware. The report's data, compiled by the company's Malicious Code Research Center, tracks the evolution of "obfuscated code," or code that is encrypted so well by its authors that it's difficult to recognize. This code can be built into Flash and PDF files by people with bad intentions.
"This vulnerability will enable them to gain access to our local disk so they can install their Trojan horse or keylogger software," said Yuval Ben-Itzhak, Finjan's chief technology officer. This gives them the opportunity to slip in undetected and wreak havoc.
The report divulges the following details of this trend:
• In 2008, obfuscated code was embedded in rich-content files, such as Flash-constructed ads on Web pages or the ever-popular PDFs that millions of Internet users download regularly. Some hapless Web surfers are unwittingly compromising their computers merely by visiting sites with code-infested Flash ads on them or by downloading seemingly harmless PDFs containing the same type of code.
• In 2007, obfuscation techniques mimicked legitimate encryption-decryption processes. In this method, a malicious hacker sends a "key" to users that seems legitimate. After a user obtains and activates the key, it unlocks malicious code that goes to work on the user's machine.
• In 2006, malicious hackers wrote harmful code into programs that are activated once users input passwords or other forms of typed input.
• In 2005, obfuscated code attacks consisted of two formats: scrambling code to make it more complicated, and character-based encoding to use it in any format a browser can interpret.
Again, my advice is same. Don't open files or attachment from the source you don't know or trust.
Metasploit 3.2 Offers More 'Evil Deeds'
"It will abuse the HTTP security model, stealing cookies and saved form data," Moore said.
Hacking into systems is apparently getting easier with the upcoming open source Metasploit 3.2 framework, according to its creator. During a packed presentation at that SecTor conference here yesterday, Metasploit creator H. D. Moore detailed some of the new features in the upcoming Metasploit 3.2 release. They include names such as Browser AutoPwn, Metasploit in the Middle and the Evil Wireless Access Point.
"For http we do a whole bunch of evil things to a browser," Moore mentioned, addressing an audience of security and networking professionals from sectors such as government and leading corporations.
If that's not enough to give security researchers a taste of the latest developments in security vulnerabilities, there is the Evil Wireless Access Point feature. Moore said it can create an access point that consumes all other access points around it. Adding insult to evil, it has the ability to spoof any access point that is already on a user's preferred access point list. Moore also added that Metasploit 3.2 now has full IPv6 support.
It seems that Metasploit 3.2 will be sporting a BSD 3-Class license. That basically means that MSF can be forked or modified and repackaged and sold by commercial entities. The 3-Class license basically means that the source code and binaries keeps the copyright but they can’t say the mutant product is endorsed by HD.
DarkReading has an article about it and one of the ideas tossed around is Core Impact integrating MSF into their tool. Aside from the thousands of dollars that Core cost, the lack of reporting functionality is one of the reasons MSF is kept in the shadows with researchers and pen-testers. MSF is awesome and it is regularly used by auditors/pen-testers and other security researchers. I have always thought someone should build some reporting plug-in’s for MSF maybe someone will now.
Metasploit is an open source attack framework first developed by Moore in 2003.
Spammers using "Microsoft" name to trick users to install Malware
A fake phishing email making the rounds seemingly comes from Microsoft, but actually contains a “backdoor” trojan.
The email has a subject line that reads, “Security Update for OS Microsoft Windows” and supposedly came from the "Microsoft Official Update Center" at a domain named securityassurance[at]microsof[dot]com.
The message urges users to run an attached file to install an update that the email said will protect from the recipient from security threats and performance problems.
The malicious attachment is not a Microsoft update, but rather malware identified as “Trojan.Backdoor.Haxdoor,” which has the potential to turn computers into bots or enable an attacker to access corporate networks.
Please refer here to read advice from Roger Halbheer, as mentioned by him, Microsoft will never send updates or any kind of software as attachment via e-mail.
Fake YouTube pages used to spread viruses
Savvy Internet users know that downloading unsolicited computer programs is one of the most dangerous things you can do online. It puts you at great risk for a virus or another time bomb from a hacker.
But even some sophisticated surfers could get taken in by a sneaky new attack in which criminals create fake YouTube pages _ dead-on replicas of the real site _ to push their malicious software and make it look like it's safe stuff coming from a trusted source.
A program circulating online helps hackers build those fake pages. Users who follow an e-mail pointing them to one of the pages would see an error message that claims the video they want won't play without installing new software first. That error message includes a link the hacker has provided to a malicious program, which delivers a virus.
Even worse: once the computer is infected, it's simple for the hacker to silently redirect the victims to a real YouTube page to see videos they were hoping to see _ and hide the crime.
My advice will be same as usual, don't click links and open emails from the people you don't know.
