Wednesday, June 1, 2011

Malware increases by 46% in only one year

virus ,
Malware increases by 46% in only one year


There is a steady growth of threats to mobile platforms, according to a new McAfee report.

The number of pieces of new mobile malware in 2010 increased by 46 percent compared with 2009. The report also uncovered 20 million new pieces of malware in 2010, equating to nearly 55,000 new malware threats every day.

Of the almost 55 million total pieces of malware McAfee Labs has identified, 36 percent was created in 2010. Concurrently, spam accounted for 80 percent of total email traffic in Q4 2010, the lowest point since the first quarter of 2007.

Threats to mobile platforms are not new. However, as more consumers use mobile devices and tablets in their daily lives and at work, cybercriminals have taken note. During the last several years, McAfee Labs has seen a steady growth in the number of threats to mobile devices.

Some of the most interesting mobile threats of Q4 2010 were SymbOS/Zitmo.A and Android/Geinimi. SymbOS/Zitmo.A was a high-profile threat that struck early in the quarter. The creators of the Zeus botnet repurposed an old version of a commercial spyware package.

Android/Geinimi, a Trojan inserted into legitimate mobile applications and games for the Android platform, was one of the most important threats of the quarter.

With the adoption of so many new mobile platforms, combined with the lack of security awareness and mobile safeguards, McAfee Labs expects cybercriminals to use botnet infections to target mobile devices.

In Q4 2010, Cutwail was dethroned as the global leader in botnet activity, with Rustock the most prevalent in many parts of the world, and Bobax closely trailing behind the two.

The onslaught of malware seems to have no end, and the proliferation of both handled and IP-enabled devices’ affect on this growth remains to be seen. The top malware threats in Q4 2010 were very different in various geographies, due in part to the larger trend that threats now tend to match the types of users, habits and events that are specific to a region.

Favorites for cybercriminals worldwide this quarter consisted of AutoRun malware (Generic!atr), banking Trojans and downloaders (PWS or Generic.dx), as well as web-based exploits (StartPage and Exploit-MS04-028).

Spam hitting its lowest levels in years can be attributed to a “transition period,” with several botnets going dormant during a time of year when spam volumes are usually on an upward path.

In Q4, McAfee Labs learned the Bredolab botnet had been closed along with parts of the Zeus botnet. Around the Christmas holiday, spam from the Rustock, Lethic, and Xarvester botnets all disappeared, while the spam leaders this quarter were the Bobax and Grum botnets.

As more users access the Internet from an ever-expanding pool of devices—computer, tablet, smartphone or Internet TV—web-based threats will continue to grow in size and sophistication. In Q4, some of the most active threats included Zeus-Murofet, Conficker and Koobface, and the number of potentially malicious domains grew at a rapid pace.

Phishing URLs in the form of the IRS, gift cards, rewards accounts, and social networking accounts were also among the most popular. McAfee Labs found that within the top 100 results of the top daily search terms, 51 percent led to malicious sites, and on average each of these poisoned results pages contained more than five malicious links.

McAfee Labs expects attacks using the techniques of search-engine abuse and trend abuse to focus more specifically on new types of devices in 2011.

In 2009, McAfee Labs predicted that vulnerabilities in Adobe product would become the clear choice of malware authors and cybercriminals for distribution malware and compromising systems and networks. This prediction has come true. Throughout 2010 malware developers have heavily exploited weaknesses in both Flash and especially PDF technologies.

McAfee Labs databases reveal that malicious PDFs targeting Adobe Acrobat topped the number of unique samples by a wide margin, making them the favorite target of client-side exploitation. McAfee Labs is certain that the “Adobe” trend will continue this year, as more mobile devices and non-Microsoft operating systems support various Adobe technologies.
Read more »
at 21 comments:
Labels:

Tuesday, May 31, 2011

Turning Firefox to an Ethical Hacking Platform

security tips ,
Turning Firefox to an Ethical Hacking Platform

Turning Firefox to an Ethical Hacking Platform


Internet is an amazing virtual world where you can "virtually" do anything: gambling, playing, watching movies,

shopping, working, “VoIPying”, spying other people and for sure auditing remote systems.

The security testers’ community has a large panel of security tools, methodologies and much more to perform

their pentests and audit assessments. But what happens if you find yourself weaponless.

No more Top 100 security tools, no more LiveCDs and no more exploitation frameworks. A security auditor

without toolbox is like a cop without gun.

Nevertheless, there is maybe a way to rescue yourself from this nightmare situation.

The magical solution could be Firefox and its extensions developed by ethical hackers and coders.

This article comes as an update for what we posted previously about how to switch your Firefox to more than an

usual simple browser. It was about application auditing

Here is an updated list of useful security auditing extensions:

Information gathering


● Whois and geo-location

o ShowIP : Show the IP address of the current page in the status bar. It also allows querying

custom services by IP (right mouse button) and Hostname (left mouse button), like whois,

netcraft.

o Shazou : The product called Shazou (pronounced Shazoo it is Japanese for mapping)

enables the user with one-click to map and geo-locate any website they are currently

viewing.

o HostIP.info Geolocation : Displays Geolocation information for a website using hostip.info

data. Works with all versions of Firefox.

o Active Whois : Starting Active Whois to get details about any Web site owner and its host

server.

o Bibirmer Toolbar : An all-in-one extension. But auditors need to play with the toolbox. It

includes (WhoIs, DNS Report, Geolocation, Traceroute, Ping). Very useful for information

gathering phase


● Enumeration / fingerprinting

o Header Spy : Shows HTTP headers on statusbar

o Header Monitor : This is Firefox extension for display on statusbar panel any HTTP

response header of top level document returned by a web server. Example: Server (by

default), Content-Encoding, Content-Type, X-Powered-By and others.


● Social engineering

o People Search and Public Record : This Firefox extension is a handy menu tool for

investigators, reporters, legal professionals, real estate agents, online researchers and

anyone interested in doing their own basic people searches and public record lookups as

well as background research.


● Googling and spidering

o Advanced dork : Gives quick access to Google’s Advanced Operators directly from the

context menu. This could be used to spider a site or scan for hidden files (this spider

technique is used via scroogle.org)

o SpiderZilla : Spiderzilla is an easy-to-use website mirror utility, based on Httrack from

www.httrack.com.

o View Dependencies : View Dependencies adds a tab to the "page info" window, in which it

lists all the files which were loaded to show the current page. (useful for a spidering

technique)

Security Assessment / Code auditing


● Editors

o JSView : The ’view page source’ menu item now opens files based on the behaviour you

choose in the jsview options. This allows you to open the source code of any web page in

a new tab or in an external editor.

o Cert Viewer Plus : Adds two options to the certificate viewer in Firefox or Thunderbird: an

X.509 certificate can either be displayed in PEM format (Base64/RFC 1421, opens in a new

window) or saved to a file (in PEM or DER format - and PKCS#7 provided that the

respective patch has been applied - cf.

o Firebug : Firebug integrates with Firefox to put a wealth of development tools at your

fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript

live in any web page

o XML Developer Toolbar : Allows XML Developer’s use of standard tools all from your

browser.


● Headers manipulation

o HeaderMonitor : This is Firefox extension for display on statusbar panel any HTTP response

header of top level document returned by a web server. Example: Server (by default),

Content-Encoding, Content-Type, X-Powered-By and others.

o RefControl : Control what gets sent as the HTTP Referrer on a per-site basis.

o User Agent Switcher : Adds a menu and a toolbar button to switch the user agent of the

browser


● Cookies manipulation

o Add N Edit Cookies : Cookie Editor that allows you add and edit "session" and saved

cookies.

o CookieSwap : CookieSwap is an extension that enables you to maintain numerous sets or

"profiles" of cookies that you can quickly swap between while browsing

o httpOnly : Adds httpOnly cookie support to Firefox by encrypting cookies marked as

httpOnly on the browser side

o Allcookies : Dumps ALL cookies (including session cookies) to Firefox standard cookies.txt

file


● Security auditing

o HackBar : This toolbar will help you in testing SQL injections, XSS holes and site security. It

is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site.

Its main purpose is to help a developer do security audits on his code.

o Tamper Data : Use “tamper data” to view and modify HTTP/HTTPS headers and post

parameters.

o Chickenfoot : Chickenfoot is a Firefox extension that puts a programming environment in

the browser’s sidebar so you can write scripts to manipulate web pages and automate web

browsing. In Chickenfoot, scripts are written in a superset of JavaScript that includes

special functions specific to web tasks.

Proxy/web utilities


FoxyProxy : FoxyProxy is an advanced proxy management tool that completely replaces Firefox’s

proxy configuration. It offers more features than SwitchProxy, ProxyButton, QuickProxy, xyzproxy,

ProxyTex, etc


SwitchProxy : SwitchProxy lets you manage and switch between multiple proxy configurations

quickly and easily. You can also use it as an anonymizer to protect your computer from prying eyes


POW (Plain Old WebServer) : The Plain Old Webserver uses Server-side JavaScript (SJS) to run a

server inside your browser. Use it to distribute files from your browser. It supports Server-side JS,

GET, POST, uploads, Cookies, SQLite and AJAX. It has security features to password-protect your

site. Users have created a wiki, chat room and search engine using SJS.

Misc


● Hacks for fun

o Greasemonkey : Allows you to customize the way a webpage displays using small bits of

JavaScript (scripts could be download here)


● Encryption

o Fire Encrypter : FireEncrypter is a Firefox extension which gives you encryption/decryption

and hashing functionalities right from your Firefox browser, mostly useful for developers or

for education & fun.

Malware scanner


● QArchive.org web files checker : Allowing people to check web files for any malware (viruses,

trojans, worms, adware, spyware and other unwanted things) inclusions.


● Dr.Web anti-virus link checker : This plugin allows you to check any file you are about to download,

any page you are about to visit


● ClamWin Antivirus Glue for Firefox : This extension scans every downloaded file automatically with

ClamWin.

Anti Spoof


● refspoof : Easy to pretend to origin from a site by overriding the URL referrer (in a http request). —

It incorporates this feature by using the pseudo-protocol spoof:// .. Thus it’s possible to store the

information in a "hyperlink" - that can be used in any context... like html pages or bookmarks

Besides, we keep watching new extensions and we are on the way to develop a new extension for Nmap and Nessus.


Thank You

INDIAN CYBER SQUAD TEAM

Read more »
at 2 comments:
Labels:

Monday, April 18, 2011

“Scenarios and Impacts of Cyber Terrorism”

security tips ,
“Scenarios and Impacts of Cyber Terrorism”

We are currently living in Cyber age, where Internet and computers have major impacts on our way of living, social life and the way we conduct businesses. and owing to this the new kind of crime has evolved that troubles users with the computer more precisely, criminal exploitation of the Internet.


▬ The trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent exposure, constitutes one of the most important Cyber crimes known today. The potential harm of such a crime to humanity can hardly be amplified. This is one Cyber crime which threatens to undermine the growth of the younger generation as also leave irreparable scars and injury on the younger generation, if not controlled

▬ Cyber terrorism is one distinct kind of crime in this category. The growth of internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the international governments as also to terrorize the citizens of a country. This crime manifests itself into terrorism when an individual "cracks" into a government or military maintained website.
▬ Corporate espionage has shifted grounds — it has now become digital and certainly more dangerous.
Planting a mole in a rival company to get sensitive data or hiring a detective firm to get access to company secrets are passé.
Take for instance, the case of a Delhi-based software firm whose sensitive source code data was stolen. The company that was working on one of its software lost its data to hackers.

Cyber criminals target trade secrets and product planning documents that they later sell to rival firms, many people have access to a computer whether at home, school, or a local coffee shop. As a result, cyber crime can be committed from almost anywhere. And for those that aren't computer savvy, falling victim may be easier than you would think. But there are some precautions you can take to help guard you and your family against cyber crime, Antivirus And Anti spyware Software which are used to restrict backdoor program, trojans and other spy wares to be installed on the computer then there are firewalls which protect a computer network from unauthorized access.

Also there are Cyber ethics and cyber laws are being formulated to stop cyber crimes. It is a responsibility of every individual to follow cyber ethics and cyber laws so that the increasing cyber crimes shall reduce.

Besides these there are several steps you can take to protect your computer from cyber crime.

First, keep your computer's operating system and software updated. Manufacturers will regularly send out patches and fixes to defend your computer from problems. Secondly, install a firewall and make sure that it is turned on at all times. The firewall prevents hackers from gaining access to your computer as well as passwords that you've created. In some cases, when you install new software you need to turn off the firewall briefly. If you do, be sure to turn it back on immediately after installation. Thirdly, install anti-virus software and update it regularly. For best results, have it perform a daily scan to check for computer threats as well as any new software that may need to be installed. Lastly, be careful what you download. Many email attachments contain computer viruses which can be launched upon opening. If you don't know the sender, don't bother opening it. It's not worth the risk of an email virus.
E-mail Scams


• Today's cyber criminals are sophisticated, they can send e-mails that look like they are from reputable companies asking for your personal information. If you aren't aware of how they operate you may unwittingly send them information, which will give them access to your personal account information. Once they have this, they can drain your account of all available funds. Likewise, some criminals will send e-mails posing to be from foreign countries and asking for help with moving money from their country to America. The rule of thumb is, if it sounds too good to be true it probably is. Why would someone you don't know contact you with help moving money and offer you a cut of it? It doesn't add up and your best bet is to delete these e-mails immediately
Peer Sharing
• While it may seem great to swap files over the Internet there are many risks associated with it. Because all parties involved must download software, which allows them to access each others computers, it opens up opportunity for computer hackers to attack your system. Hackers can then release viruses and worms onto your hard drive. And if you didn't properly download the file sharing software, hackers may be able to see the entire contents of you hard drive, not just the drives where your shared files are stored. In addition, file sharing can make your computer the target of child pornography images. It can also result in copyright infringement violations. It's best to not share information with those you don't know, especially over an open connection on the computer. Instead, opt for sharing with those who are your friends and put the information on a flash drive. Also, don't share information that is copyrighted as it opens you up for being sued.



Notice:Please do not copy this article if you copy it kindly provide a link back to this article.
MyFreeCopyright.com Registered & Protected
Read more »
at No comments:
Labels:

Thursday, February 3, 2011

Crack Wifi Network's WEP password with backtrack

WiFi Hack ,
Crack Wifi Network's WEP password with backtrack


How to Crack a Wi-Fi Network's WEP Password with BackTrack






You already know that if you want to lock down your Wi-Fi network, you should opt for WPA encryption because WEP is easy to crack. But did you know how easy? Take a look.

What You'll Need

How to Crack a Wi-Fi Network's WEP Password with BackTrackUnless you're a computer security and networking ninja, chances are you don't have all the tools on hand to get this job done. Here's what you'll need:

  • A compatible wireless adapter—This is the biggest requirement. You'll need a wireless adapter that's capable of packet injection, and chances are the one in your computer is not. After consulting with my friendly neighborhood security expert, I purchased an Alfa AWUS050NH USB adapter, pictured here, and it set me back about $50 on Amazon.Update: Don't do what I did. Get the Alfa AWUS036H, not the US050NH, instead. The guy in this video below is using a $12 model he bought on Ebay (and is even selling his router of choice). There are plenty of resources on getting aircrack-compatible adapters out there.
  • A BackTrack 3 Live CD. We already took you on a full screenshot tour of how to install and use BackTrack 3, the Linux Live CD that lets you do all sorts of security testing and tasks. Download yourself a copy of the CD and burn it, or load it up in VMware to get started. (I tried the BackTrack 4 pre-release, and it didn't work as well as BT3. Do yourself a favor and stick with BackTrack 3 for now.)
  • A nearby WEP-enabled Wi-Fi network. The signal should be strong and ideally people are using it, connecting and disconnecting their devices from it. The more use it gets while you collect the data you need to run your crack, the better your chances of success.
  • Patience with the command line. This is an ten-step process that requires typing in long, arcane commands and waiting around for your Wi-Fi card to collect data in order to crack the password. Like the doctor said to the short person, be a little patient.

Crack That WEP


To crack WEP, you'll need to launch Konsole, BackTrack's built-in command line. It's right there on the taskbar in the lower left corner, second button to the right. Now, the commands.

First run the following to get a list of your network interfaces:

airmon-ng

The only one I've got there is labeled ra0. Yours may be different; take note of the label and write it down. From here on in, substitute it in everywhere a command includes (interface).

Now, run the following four commands. See the output that I got for them in the screenshot below.


airmon-ng stop (interface)
ifconfig (interface) down
macchanger --mac 00:11:22:33:44:55 (interface)
airmon-ng start (interface)

How to Crack a Wi-Fi Network's WEP Password with BackTrack









If you don't get the same results from these commands as pictured here, most likely your network adapter won't work with this particular crack. If you do, you've successfully "faked" a new MAC address on your network interface, 00:11:22:33:44:55.

Now it's time to pick your network. Run:

airodump-ng (interface)

To see a list of wireless networks around you. When you see the one you want, hit Ctrl+C to stop the list. Highlight the row pertaining to the network of interest, and take note of two things: its BSSID and its channel (in the column labeled CH), as pictured below. Obviously the network you want to crack should have WEP encryption (in the ENC) column, not WPA or anything else.

How to Crack a Wi-Fi Network's WEP Password with BackTrack









Like I said, hit Ctrl+C to stop this listing. (I had to do this once or twice to find the network I was looking for.) Once you've got it, highlight the BSSID and copy it to your clipboard for reuse in the upcoming commands.

Now we're going to watch what's going on with that network you chose and capture that information to a file. Run:

airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface)

Where (channel) is your network's channel, and (bssid) is the BSSID you just copied to clipboard. You can use the Shift+Insert key combination to paste it into the command. Enter anything descriptive for (file name). I chose "yoyo," which is the network's name I'm cracking.

How to Crack a Wi-Fi Network's WEP Password with BackTrack









You'll get output like what's in the window in the background pictured below. Leave that one be. Open a new Konsole window in the foreground, and enter this command:

aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)

Here the ESSID is the access point's SSID name, which in my case is yoyo. What you want to get after this command is the reassuring "Association successful" message with that smiley face.

How to Crack a Wi-Fi Network's WEP Password with BackTrack










You're almost there. Now it's time for:

aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)

Here we're creating router traffic to capture more throughput faster to speed up our crack. After a few minutes, that front window will start going crazy with read/write packets. (Also, I was unable to surf the web with the yoyo network on a separate computer while this was going on.) Here's the part where you might have to grab yourself a cup of coffee or take a walk. Basically you want to wait until enough data has been collected to run your crack. Watch the number in the "#Data" column—you want it to go above 10,000. (Pictured below it's only at 854.)

Depending on the power of your network (mine is inexplicably low at -32 in that screenshot, even though the yoyo AP was in the same room as my adapter), this process could take some time. Wait until that #Data goes over 10k, though—because the crack won't work if it doesn't. In fact, you may need more than 10k, though that seems to be a working threshold for many.

How to Crack a Wi-Fi Network's WEP Password with BackTrack









Once you've collected enough data, it's the moment of truth. Launch a third Konsole window and run the following to crack that data you've collected:

aircrack-ng -b (bssid) (file name-01.cap)

Here the filename should be whatever you entered above for (file name). You can browse to your Home directory to see it; it's the one with .cap as the extension.

If you didn't get enough data, aircrack will fail and tell you to try again with more. If it succeeds, it will look like this:

How to Crack a Wi-Fi Network's WEP Password with BackTrack









The WEP key appears next to "KEY FOUND." Drop the colons and enter it to log onto the network.

Problems Along the Way

With this article I set out to prove that cracking WEP is a relatively "easy" process for someone determined and willing to get the hardware and software going. I still think that's true, but unlike the guy in the video below, I had several difficulties along the way. In fact, you'll notice that the last screenshot up there doesn't look like the others—it's because it's not mine. Even though the AP which I was cracking was my own and in the same room as my Alfa, the power reading on the signal was always around -30, and so the data collection was very slow, and BackTrack would consistently crash before it was complete. After about half a dozen attempts (and trying BackTrack on both my Mac and PC, as a live CD and a virtual machine), I still haven't captured enough data for aircrack to decrypt the key.

So while this process is easy in theory, your mileage may vary depending on your hardware, proximity to the AP point, and the way the planets are aligned. Oh yeah, and if you're on deadline—Murphy's Law almost guarantees it won't work if you're on deadline.

Read more »
at 9 comments:
Labels: