New Massive Botnet Twice the Size of Storm

Hi folks, this is so much necessary to be update about malwares :

from darkreading.com :

" SAN FRANCISCO -– RSA 2008 Conference –- A new botnet twice the size of Storm has ballooned to an army of over 400,000 bots, including machines in the Fortune 500, according to botnet researchers at Damballa. (See The World’s Biggest Botnets and MayDay! Sneakier, More Powerful Botnet on the Loose .)

The so-called Kraken botnet has been spotted in at least 50 Fortune 500 companies and is undetectable in over 80 percent of machines running antivirus software. Kraken appears to be evading detection by a combination of clever obfuscation techniques, including regularly updating its binary code and structuring the code in such a way that hinders any static analysis, says Paul Royal, principal researcher at Damballa.

"It’s easy to trace but slow to get antivirus coverage. It seems to imply [the creators] have a good understanding of how AV tools operate and how to evade them," Royal says.

Kraken’s successful infiltration of major enterprises is a wakeup call that bots aren’t just a consumer problem. Damballa and other botnet experts over the past few months have seen an unsettling rise in bot infections in enterprises. (See Bots Rise in the Enterprise .)

Royal says like Storm, Kraken so far is mostly being used for spamming the usual scams — high interest loans, gambling, male enhancement products, pharmacy advertisements, and counterfeit watches, for instance. "But given that it updates its binary, there’s no reason it couldn’t update itself to a binary that does other things," Royal says. "I’m wondering where this thing is going to go."

Damballa predicts that even now that Kraken has been outed, it will continue growing at least in the near-term — up to at least 600,000 new bots by mid-April. Its bots are prolific, too: The firm has seen single Kraken bots sending out up to 500,000 pieces of spam in a day.

Just how Kraken is infecting machines is still unclear, but Royal says the malware seems to appear as an image file to the victim. When the victim tries to view the image, the malware is loaded onto his or her machine. "We know the picture… ends in an .exe, which is not shown" to the user, Royal says.

Royal initially didn’t rule out the possibility that Kraken could be some sort of Storm spinoff, but later today concluded that recent analysis by Damballa confirms that the two botnets are unrelated.

Kraken’s bots and command and control servers communicate via customized UDP and TCP-based protocols, he says, and the botnet has built-in redundancy features that automatically generate new domain names if a C&C server gets shut down or becomes disabled. "And the actual payload is encrypted," Royal says.

Damballa first noticed Kraken late last year, but says early variants of the botnet appear to date back to late 2006. The primary C&C servers are hosted in France, Russia, and the U.S., according to Damballa. "

have any idea ?

leave it now …

Another Google Redirect Bug

Well, another Google redirect bug that allow you redirect whatever you want to redirect for your victim

here’s the redirect bug that redirect Google pages to my blog …

it’s interesting and the most interesting part of this bug is that you know this is unpatched yet

you can use this bug to redirect any pages you want to another one

interesting, huh ?

feedback

iPhone Software development Kit ( SDK )

original post at F-Secure Blog,

” So, the eagerly awaited SDK for iPhone and iTouch is now publicly available over at the iPhone Developer Program. The SDK is free but you can also join the Apple Developer Network which will cost you $99.

The security model is based on signed applications. The idea is that if someone attempts to develop something bad, Apple can pull the certificate and make the application unusable. This is the same approach as Symbian uses and while it’s a great idea in theory, we’ve seen bad applications such as spy-tools for phones being able to get their applications signed by claiming that they’re a backup tool.

 

Once you have developed an application, you upload it to the newly created App Store. The App Store is an application that will run on your iPhone/iTouch and enables you to download and install third party applications on your phone. Some apps will be free, others you’ll have to pay for and for that Apple will take a 30% share of the price.

While we haven’t yet had time to look closer at the SDK to see what’s possible and if it could potentially be used by malware writers for malicious purposes; what is great is that you now don’t have to JailBreak your iPhone to be able to run apps coming from third party developers. We’ve already seen one trojan targeting those who’ve used this approach to run applications not coming from Apple.

One interesting thing about all this, you have to have a Mac to be able to use the SDK, it doesn’t support Windows.

We’ll post more on this topic once we’ve had a closer look at the SDK.

Update: The Apple developer site seem to be under a very high load at the moment. Seems like we’re not the only ones trying to download the SDK.  “

 

and in my opinion the interesting part of this post is here :

“The security model is based on signed applications. The idea is that if someone attempts to develop something bad, Apple can pull the certificate and make the application unusable. This is the same approach as Symbian uses and while it’s a great idea in theory, we’ve seen bad applications such as spy-tools for phones being able to get their applications signed by claiming that they’re a backup tool.”

 

what’s your suggestion !?

leave it now,

New release of Cult Of Dead Cow / cDc Hacking Group

today I saw a program called ” Google Scanner ” which is designed for automated vulnerability discovery search engine with google dorks .

as you know cDc is one of the famoust hacking groups that created famous Backdoor named : “Back Orifice (bo2k)” .

now this group come with new idea and their new idea is great

more information about cDc Google Scanner available here

you can download it by hit this .

system administrators , web masters , network administratos can use this useful program for patching their unwanted / untrusted .

check it out and don’t forget feed back

till next …

Sun Microsystems acquired MySQL AB for around $1 Billion !

Sun Microsystems, Inc. today announced it has entered into a definitive agreement to acquire MySQL AB, an open source icon and developer of one of the world’s fastest growing open source databases for approximately $1 billion in total consideration. The acquisition accelerates Sun’s position in enterprise IT to now include the $15 billion database market. Today’s announcement reaffirms Sun’s position as the leading provider of platforms for the Web economy and its role as the largest commercial open source contributor.

feedback !? leave your comment now .

BlackHat-2007 Conference Videos

BlackHat 2007 Videos

Good luck .

Python !?

currently I’m working on system programming with C/C++ .

I decided to work on python language, it’s useful for folks who want to active and work on reverse engineering stuff .

you maybe tell yourself what’s wrong with perl & ruby ? why python .

I had looked at google and other resource/reference about this question and I’d ask this question from one of my friend who is security expert and work on iDefense Labs .

and he told me python is a perfect language and if you can work on it , it can help you and very useful .

now I’m tired and I want to go on bed for rest , and then I must be go to google and find python compiler and print the first chapter of it’s book .

what’s your syggestion about python ?

leave your comment .