The-Insider's Blog (11)

The "Not A Phishing Worm" really got me interested as it sent special Christmas messages so I decided to dig in just a bit. So as discovered, after the user supplies his MSN credentials, his friends get a link to the "Not A Phishing" website and a lot of tricky links leading to DesktopSmiley.com to download their toolbar. Which they say is "Not Spyware". So we got a non-phishing worm downloading a non-spyware program, let's see its non-evil actions :) The first thing I did was downloading the i… Continue

Apple Store - XSS (less then 15 minutes to find it, manually) http://store.apple.com/us/product/TU243LL/A?fnode=MTY1NDA4Mg&mco=MjQyMDQ1OA&s=newest'">%3E%3Cdiv%20id=%22 American Express - HTTPS XSS (less then a minute to find it, manually) https://www01.extra.americanexpress.com/ProductImage.aspx?url=https://merpic.intelliwebservices.com/img/full/10185/b2/50fe31e266936b2887ab3ef9608f2db2.gif%22%3E%3Cscript%3Ealert(%27American%20XSSspress%27)%3C/script%3E%3Cdiv%20id=%22 How can us c… Continue

This is a funny one actually :) I am just working as usual when I got the following message on my MSN Messenger: This is how real girls party. Great high quality pictures on http://jusmineza.PartyPicturez.info Now of course i understood that it’s a worm, but still, lets see where it leads to. So I went into the site and it looked like this: With what i have seen until now, this is a classic phising site, I saw dozens like it for Yahoo! in the past. But wait! lets look at that GREY text blow:… Continue

Are viruses attracted to me specifically or it happens to everyone and they just don't notice or say nothing about it. It getting really hard to speak with people using instant messengers and to be sure it is them sending you a message and not a virus. Before i begin, let's notice a few close viruses :) This: http://www.cisrt.org/enblog/read.php?106 Is a different one, older one from July. Reported and still not fully detected by vendors. Now for the painful part, this: http://blog.threatfire.… Continue

I made a pen-test lately to a medium size American firm and it seems public remote exploits for devices such as Juniper, Netopia, Cisco (telnet) and default Linux services has gone to as low as one or two for each since 2004. Since any respectable firm has windows update turned on and the Fedora style Linux distribution also has automatic updates, I got to the conclusion that the cycle of: Safe --> Research --> Exploit --> Public Disclosure --> Patch --> Automatic Update --> S… Continue

Not so long ago, I found one of the most bizzar bugs. It seems there is some kind of bug in the parsing of the command line read from the registry for filetype handled by explorer.exe. This was checked on Windows XP SP3 but I guess it existst in SP2 too. This bug allows controling the icon which appears in the "Open File - Security Warning" Dialog for all the executables downloaded from the internet. Each time you download a file from the internet/intranet to a drive with NTFS file system an AD… Continue

Before I start this one, I must say I never thought of myself as a blogger. I was always reading other people's blog thinking they try to be "I am cool I have a blog" kind of people. Well, I just think the malicious stuff I see everyday should be shared with YOU :) At these times, torrents are currently the world's most active network for file sharing. The current windows version is always One of the most shared files and therefore crime follows there :) I recently decided to put it to the tes… Continue

You probably know by now about the fake Anti-Virus that is planted everywhere to fool people into buying it, go figure maby it will self update some day and will start stealing bank accounts... I can't believe we have come to this to point where it is so spread and has so much different domains and versions and nobody stops them!!! The internet needs some kind of global FBI to keep control over these criminals!!! These guys operate from Russia and they are the "180 Solutions" team (i proove it b… Continue

Lately I have seen many web downloads, some at forums and some at rapidshare and also a few torrents such as "Adobe Acrobat 9" that include installation and a crack. The installation or crack is in a password protected rar file that in order to get the password, one must run the supplyed tool called "XXX Password Generator". This installs another variant of the AntiVirus 2008, I can truely say I can't tell anymore if it comes from the same guys, ok of course it's them but there is just no way t… Continue

The last posts clearly show It is well known that static virus detection is not something AV vendors do well enough. Now this one is quite a story. As I was researching many trojans I was moving files into and out of my Virtual PC machine used to test viruses. My computer has kaspersky 2009 installed and running with maximum security settings (including keyloggers and kernel object modifications). I accidently executed without noticing on my host PC one of the samples I was testing in the VM. I… Continue

Where would it be better to attack then where all the people trust each other? A single individual or a group of individuals of which tracks lead to turkish people and chinese hosting or chinese partners is spreading viruses though infected files and setup installations shared in vBulletin forums. It seems these individuals have a registration bot with captcha bypass mechanism for vBulletin 3.7.xx versions (may be other versions too) and they are using it to spread all kinds of malware. I first… Continue