New Massive Botnet Twice the Size of Storm

Hi folks, this is so much necessary to be update about malwares :

from darkreading.com :

" SAN FRANCISCO -– RSA 2008 Conference –- A new botnet twice the size of Storm has ballooned to an army of over 400,000 bots, including machines in the Fortune 500, according to botnet researchers at Damballa. (See The World’s Biggest Botnets and MayDay! Sneakier, More Powerful Botnet on the Loose .)

The so-called Kraken botnet has been spotted in at least 50 Fortune 500 companies and is undetectable in over 80 percent of machines running antivirus software. Kraken appears to be evading detection by a combination of clever obfuscation techniques, including regularly updating its binary code and structuring the code in such a way that hinders any static analysis, says Paul Royal, principal researcher at Damballa.

"It’s easy to trace but slow to get antivirus coverage. It seems to imply [the creators] have a good understanding of how AV tools operate and how to evade them," Royal says.

Kraken’s successful infiltration of major enterprises is a wakeup call that bots aren’t just a consumer problem. Damballa and other botnet experts over the past few months have seen an unsettling rise in bot infections in enterprises. (See Bots Rise in the Enterprise .)

Royal says like Storm, Kraken so far is mostly being used for spamming the usual scams — high interest loans, gambling, male enhancement products, pharmacy advertisements, and counterfeit watches, for instance. "But given that it updates its binary, there’s no reason it couldn’t update itself to a binary that does other things," Royal says. "I’m wondering where this thing is going to go."

Damballa predicts that even now that Kraken has been outed, it will continue growing at least in the near-term — up to at least 600,000 new bots by mid-April. Its bots are prolific, too: The firm has seen single Kraken bots sending out up to 500,000 pieces of spam in a day.

Just how Kraken is infecting machines is still unclear, but Royal says the malware seems to appear as an image file to the victim. When the victim tries to view the image, the malware is loaded onto his or her machine. "We know the picture… ends in an .exe, which is not shown" to the user, Royal says.

Royal initially didn’t rule out the possibility that Kraken could be some sort of Storm spinoff, but later today concluded that recent analysis by Damballa confirms that the two botnets are unrelated.

Kraken’s bots and command and control servers communicate via customized UDP and TCP-based protocols, he says, and the botnet has built-in redundancy features that automatically generate new domain names if a C&C server gets shut down or becomes disabled. "And the actual payload is encrypted," Royal says.

Damballa first noticed Kraken late last year, but says early variants of the botnet appear to date back to late 2006. The primary C&C servers are hosted in France, Russia, and the U.S., according to Damballa. "

have any idea ?

leave it now …

Another Google Redirect Bug

Well, another Google redirect bug that allow you redirect whatever you want to redirect for your victim

here’s the redirect bug that redirect Google pages to my blog …

it’s interesting and the most interesting part of this bug is that you know this is unpatched yet

you can use this bug to redirect any pages you want to another one

interesting, huh ?

feedback

iPhone Software development Kit ( SDK )

original post at F-Secure Blog,

” So, the eagerly awaited SDK for iPhone and iTouch is now publicly available over at the iPhone Developer Program. The SDK is free but you can also join the Apple Developer Network which will cost you $99.

The security model is based on signed applications. The idea is that if someone attempts to develop something bad, Apple can pull the certificate and make the application unusable. This is the same approach as Symbian uses and while it’s a great idea in theory, we’ve seen bad applications such as spy-tools for phones being able to get their applications signed by claiming that they’re a backup tool.

 

Once you have developed an application, you upload it to the newly created App Store. The App Store is an application that will run on your iPhone/iTouch and enables you to download and install third party applications on your phone. Some apps will be free, others you’ll have to pay for and for that Apple will take a 30% share of the price.

While we haven’t yet had time to look closer at the SDK to see what’s possible and if it could potentially be used by malware writers for malicious purposes; what is great is that you now don’t have to JailBreak your iPhone to be able to run apps coming from third party developers. We’ve already seen one trojan targeting those who’ve used this approach to run applications not coming from Apple.

One interesting thing about all this, you have to have a Mac to be able to use the SDK, it doesn’t support Windows.

We’ll post more on this topic once we’ve had a closer look at the SDK.

Update: The Apple developer site seem to be under a very high load at the moment. Seems like we’re not the only ones trying to download the SDK.  “

 

and in my opinion the interesting part of this post is here :

“The security model is based on signed applications. The idea is that if someone attempts to develop something bad, Apple can pull the certificate and make the application unusable. This is the same approach as Symbian uses and while it’s a great idea in theory, we’ve seen bad applications such as spy-tools for phones being able to get their applications signed by claiming that they’re a backup tool.”

 

what’s your suggestion !?

leave it now,

New release of Cult Of Dead Cow / cDc Hacking Group

today I saw a program called ” Google Scanner ” which is designed for automated vulnerability discovery search engine with google dorks .

as you know cDc is one of the famoust hacking groups that created famous Backdoor named : “Back Orifice (bo2k)” .

now this group come with new idea and their new idea is great

more information about cDc Google Scanner available here

you can download it by hit this .

system administrators , web masters , network administratos can use this useful program for patching their unwanted / untrusted .

check it out and don’t forget feed back

till next …

Sun Microsystems acquired MySQL AB for around $1 Billion !

Sun Microsystems, Inc. today announced it has entered into a definitive agreement to acquire MySQL AB, an open source icon and developer of one of the world’s fastest growing open source databases for approximately $1 billion in total consideration. The acquisition accelerates Sun’s position in enterprise IT to now include the $15 billion database market. Today’s announcement reaffirms Sun’s position as the leading provider of platforms for the Web economy and its role as the largest commercial open source contributor.

feedback !? leave your comment now .

One of the newst Hacking Books that published in 2008

Today, as always I saw new books,

1 – 2 years ago I was looked for a useful book with name “Gray Hat Hacking, The ethical Hackers handbook ” but I can’t find it in electronic version. so I decided refer to another books and ignore it ,

but today I saw that the electronic version of this book was published and there’s some download link

then, I decided to introduce this book in my own blog and give a great link for downloading this useful hacking resource :

 

here’s you can see topics that teach you during this book and a brief description of the book :

Prevent catastrophic network attacks by exposing security flaws, fixing them, and ethically reporting them to the software author. Fully expanded to cover the hacker’s latest devious methods, Gray Hat Hacking: The Ethical Hacker’s Handbook, Second Edition lays out each exploit alongside line-by-line code samples, detailed countermeasures, and moral disclosure procedures. Find out how to execute effective penetration tests, use fuzzers and sniffers, perform reverse engineering, and find security holes in Windows and Linux applications. You’ll also learn how to trap and autopsy stealth worms, viruses, rootkits, adware, and malware.

* Implement vulnerability testing, discovery, and reporting procedures that comply with applicable laws
* Learn the basics of programming, stack operations, buffer overflow and heap vulnerabilities, and exploit development
* Test and exploit systems using Metasploit and other tools
* Break in to Windows and Linux systems with perl scripts, Python scripts, and customized C programs
* Analyze source code using ITS4, RATS, FlawFinder, PREfast, Splint, and decompilers
* Understand the role of IDA Pro scripts, FLAIR tools, and third-party plug-ins in discovering software vulnerabilities
* Reverse-engineer software using decompiling, profiling, memory monitoring, and data flow analysis tools
* Reveal client-side web browser vulnerabilities with MangleMe, AxEnum, and AxMan
* Probe Windows Access Controls to discover insecure access tokens, security descriptors, DACLs, and ACEs
* Find and examine malware and rootkits using honeypots, honeynets, and Norman SandBox technology

ok here you can download this book .

have fun, leave your comment .

a useful resource for Python language

yeap, another useful resource for learning python .

here is the index of a real useful book that teach you python well :

• HTML/XHTML^™/CSS^™
• Python Server Pages/CGI
• Networking/Sockets
• GUI/Tkinter/Python Mega Widgets
• PyOpenGL/Multimedia/Accessibility
• Databases/DB-API/SQL
• File Processing/Serialization
• Modules/Classes/Class Attributes
• Class Customization/Method Overriding
• Control Structures/Functions/Inheritance
• String Manipulation/Regular Expressions
• Lists/Tuples/Dictionaries/Data Structures
• Process Management/Multithreading
• Interprocess Communication
• Exceptions/XML Processing
• Security/Restricted Execution

 

Python How to Program

Deitel and Detel is great ,

here you can download the ebook from pdfchm library .

  Good luck,

 

what’s your suggestion !?

leave your comment now

 

BlackHat-2007 Conference Videos

BlackHat 2007 Videos

Good luck .

“Sys-Development” a great treasure !

recently, topics that I have focused on them are related to sys-dev ( system development )

in my opinion system programming is very essentional when you want to work on secure development and also want to design secure frameworks that can make your system secure like antivirus products( Kaspersky – Nod32 – Panda – BitDefender – McAfee and … ) .

one thing that is very obvious to me, sys-dev is hard and need to very time but if you learn it, it like a treasure and very invaluable .

people who was interested in programming and development applications ( not web-based ) I recommend them to learn it .

major books that was written for teaching/guiding readers to sys-dev have a problem and it is : there aren’t enough source code examples for understanding and learning sys-dev as well , regardless to theorical viewpoint they are great .

things are important for sys-development and you can name them “essencial” is low level realization, you must have a complete knowledge of assembly programming and low level matters as well, but if you haven’t them there isn’t any impossible but you may have hard problems with codes that you will see and will want to understand them .

anyway, sys-dev is very great stuff, I recommend everybody to learn it.

your skills for sys-dev will be complete with C/C++ language knowledge .

any suggestion !? leave it now .

alreading working on python language

well, now I’m already working on Python as well ,

for learning this good language you can find it’s books at amazon and then buy/download them .

I’m using a great book with name “Core python programming” .

it’s great for folks who want to start programming python without any fundamentally knowledge about this language .

this is high recommended that if you are a developer, read and learn this great open-source language.

it can be helpful

have nice times,

any idea ?