Saturday, September 10, 2011

Differnt Types Of Malware

?
Different Types Of Malware

Nowadays when people here the word virus they think keylogger or RAT(remote administration tool) but viruses/malware go alot more in depth then most people think

The main types i will be going over are

* Worms
* Trojan Horses(RAT)
* Logic Bombs
* Adware & Spyware


Worms
A worm is a program that can spread full copies or smaller versions of its self all over the harddrive and even over network sharing to other computer and even use your own email to send its self to everyone in your contacts. And it will either replace all your files with itsself or just keep spreading untill your harddrive has no more space left on it. One famous worm was the "IloveYou"
http://en.wikipedia.org/wiki/ILOVEYOU
How Do I Know If Im Infected?
With worms its pretty self evident, because you will notice either tons of junk files showing up or your hardrive space getting lower and lower, and the type of worm will depend on how fast it eats through your HD.

Trojan Horses
Trojan horses go by many names, RATS, remote admin tool, and the list is almost endless. The reason trojan horses are called remote administration tools are because thats just it, it allows them to access and control the infected computer from there own. RATS usually when ran create another copy of themself somewhere on the victims computer so that the slave can delete the original file and be nun the wiser. One way to check for trojans are check your "Start Up" (msconfig) or preform a portscan on your localhost.
How Do I Know If Im Infected?
Some signs signs that your infected with a trojan is that your anti virus/firewall could be disabled, or random events such as your wallpaper changing, random mouse movements, files being deleted without knowledge.

Logic Bombs
You dont really hear much about logic bombs anymore because there not that widely used.But just a little something about them.Logic bombs are highly destructive and can range from changing bytes of data on the HD to making the entire HD unreadable.Logic bombs are most commonly installed by insiders with access to the system.Like in 2008 an insider attempted to load a logic bomb with a timer onto a computer system at the Federal National Mortgage Association but was unsuccessful and was arrested.
How Do I Know If Im Infected?
At first you can have no knowledge because most logicbombs have timers to execute hours, days, weeks, months after file execution. But after it executes like a worm it will be self evident but unlike the worm filling space, you will notice a loss of data on the HD.

Adware & Spyware
Have you ever downloaded a program you thought was safe but all it did was give you popups? Thats typical adware. Adware is advertising software they arnt high security risks most of the time like the above. And most of the spyware is included with adware, spyware is more dangerous than adware because it "mines" data such as browsing history, emails, and sometimes creditcard #s and either uses it for marketing or sells it to other companies.
How Do I Know If Im Infected?
Adware is pretty obvious because you will get popups and stuff like that, but spyware is alot harder to notice sometimes.

Keep Rocking, Keep Hacking

Virus spreading II

?
How to distribute viruses:

So I saw an article here on how to distribute viruses, Botnets and RATs. It seemed quite short and unfinished so I will try to finish it.

My history with viruses and Botnets is quite vast. I've been jumping between viruses for awhile, going around the net meeting many different virus writers and learning a lot about what makes a good writer and what makes a good distributor. A good writer rarely sends out his own work himself, instead he might hand it over to another person to send out to the world. I know that seems a bit weird but its true, people would work in teams to write, distribute, monitor and maintain.

So it's time to get started with this.

1. Warez

If you have read the first article you will know that a warez site is mainly for downloading cracked programs that would normally cost a fortune like AVG and Norton. However, these sites aren't as great as you might think. Most of these programs however contain a surprise that might cause upset to the downloader. Warez sites are the breeding ground for new viruses. Viruses can be bound to a program and when you set it up you could get an awful kick in the teeth. There are people who are willing to open up a program and setup a virus inside the program itself making it much harder to find. These people are usually part of a group of serious attackers. You could be in some serious s**t if you get hit by one of these.

2. Spam, spam everywhere

We all hate spam; it's a tangy kind of meat that doesn't hold a candle to ham. :D But really, who likes spam? Well, viruses love them. We all get spam every day, and most of it is just pure rubbish. They want us to go to some site and enter details, or to reply to the prince of Nigeria saying thanks but no thanks. We all know that viruses are in emails - almost all emails, whether they have an attachment or not. So the emails say beware of an upcoming virus that is going to spread all over the internet, is going to destroy the world, and will rape all the kids in your neighborhood, and that YOU are going to get the blame! Yep, spam is great for viruses, scareware, freeware, shareware; it's all the same! Spam is there to get you to read a dodgy PDF file that just exploits your OS, or to get you to visit a dodgy site that claims to know how Michael Jackson really died (you should really click that email, it's true).

3. IM and IRC

Instant messaging and IRC are great ways to meet people and talk to friends. But it only takes one idiot to get infected and to screw up everyone else.

The MSN bug...
The MSN bug is very annoying. Anyone who has more than ten contacts on it has faced it. Your friend says something along the lines of, "Hey LOL whats up? I just found this great new site www.istickthingsinmyarse.com YOU SHOULD SO CHECK IT OUT LOL!!!!!!!!!!!" Then you see that your friend is offline, send them a text asking if they are online and they say no. Well now you know that your friend got suckered into clicking something stupid. We aren't really sure what the point of the virus was. It was thought that it was a botnet, but this is too big and too quite to be a botnet.

IRC Worms...
IRC worms aren't as big or as common, but they do crop up and are worth a mention. IRC worms in the underbelly of the IRC are very dangerous when you can get smacked with one. You might go into an IRC you don't know, and the admin might say that he has to update the Client you are using to match the server. Now you and I both know that you would have to be an IRC n00b to believe this. But people are that stupid. Once these people get infected then they are at the mercy of the worm. Yep, it's kind of hard to believe that people are willing to accept something through IRC that they don't know what exactly it is.

4. People

People are willing to do many things to get you to download their virus or to get on their botnets. They will lie to you, entice you, seduce you - anything. These people will either be just harmless pranksters or serious groups of attackers that want to really get a lot out of you by any means. These are the people that are the front-end of the virus industry, and they are the ones that are pushing the virus. Like drug dealers on the street, they get caught, then get in trouble, small time stuff. They are the fall guys for the bigger gangs; they usually get a one time payment and are cut off once they get caught.

5. Hardware

Have you ever found a lost USB key? Ever think of looking at what's inside? You might find something unpleasant inside. There are people who will "lose" their USB key and want to it be found. Once you put it in, you might just get smacked in the face with a virus. Yeah, it's one of the new ways that is taking the world. Open up a MyUsb.pdf file and then this could get very messy. It could scan your documents, pictures, downloads, anything - and then send it on to an FTP server in some country such as Russia, and then simply delete itself. These viruses have to be fast, effective, and leave no trace. These high tech viruses are the latest in gathering information. But they are just much more than random attacks. They are being targeted at businesses and large companies - trojans that slam a system or that leave a backdoor for the attacker to get in for further use.

6. Torrents

Lastly, we have torrents. Torrents are open to the public to FREELY DOWNLOAD ITEMS THAT USERS HAVE UPLOADED! That had to be said since this is a very dangerous area. DON'T DOWNLOAD THINGS THAT AREN'T BY TRUSTED USERS!!!!!!! This section I will leave short since I have mentioned already most of which is said in the Warez section.

7. Random downloads

IF YOU DO THIS, YOU DESERVE WHAT YOU GET! THIS IS VERY STUPID AND SHOULD NOT BE DONE BY ANYONE THAT DOESN'T WANT TO RISK THEIR COMPUTER! IF YOU DO NOT KNOW WHAT YOU ARE DOWNLOADING THEN DONT DOWNLOAD IT!

This is a simple article with some ways that viruses are sent around. I hope you liked it. I will be doing more articles if you like this one.

Keep Rocking, Keep Hacking

Virus Spreading Tactics

?
Virus Spread Tutorial

Hey all. This is my new tutorial about some of ways to spread your virus and get more logs from stealer, Botnet(s), RAT connections and much more.

Tutorial is by me so if you post on some other websites,blogs,forums etc. please put credit on me, Om3n.


(1.) First of all the bust way what i suggest to others are warez sites.

Whats Warez-Website?

Warez is site where you can find free cracked expensive software like AVG Internet Security, Kaspersky Internet Security 2008, Keyscrambler but the best way to spread on that kind of website is to post something which includes a crack that the user needs to run to crack the software but ofc must work + crypted + binded Trojan. Also you can do that on some stupid people to pind some videos, pictures or something that is not .exe! Also the really important thing is to post colored text,interesting images,virus scan (make sure it's novirusthanks.org or some other what doesn't sent scan results to Antivirus companies) and find some people to post fake comments like i do. Also when you spread make sure you got few accounts not one, maybe 3-4.

(2.) Second and really important thing is YouTube

What's YouTube?

Uhh everyone knows what YouTube is. It's a famous website where people share their videos, ideas, and software, etc. There comes our part: Thumb-sup. So what you have to do is to make new account. Don't put anything in your username that would keep people from downloading it such as "hacker". Make something stupid simple so that people think you are a kid. That's the really important thing. Also like I said before, get fake comments. That's really important too for spreading. Also, you will need few accounts as I said before. I suggest one for some fake programs (like some programs you make in C#,C++,VB.NET,VB6, for explanation: WoW Gold Hack, Runescape Hack etc). A lot of people want to be hackers so they will sure download these kinds of programs. I get around 20 victims per day per account (so that's around 40-50 a day) because of this. Also use GAME CHEATS. People love cheating so they will surely download it. I make videos for games like CS 1.6, CS:S, COD4, WoW etc. Make sure they works and they are crypted. This is really important or you will lose your connections because when AV detect Trojan they automatic block it and make your virus unusable (what you don't want to happen of course). Next way is like on Warez website is to use Cracks, good software, antiviruses etc.

(3.) The next important part of spreading your virus are Torrent websites.

What's a Torrent?

On torrent sites, you can find anything, movies, pictures, wallpapers, games, programs, etc. So that's good for us. But i don't really use torrents for spreading viruses, although they are great. I don't have time to upload big games, movies and things like that so i just use YouTube and Warez. I suggest not to use big torrent sites like piratebay because they send every file on virus scan to antivirus companies which is really bad for you if you buy one FUD private crypter. You don't want that to happen so just use some small Torrent websites.



IMPORTANT: Never upload your crypted Trojans on rapidshare. The reason because sometimes if you don't have premium account it will limit downloads on 25 or maybe close your premium account ( what happened to one guy i know ) SO NO RAPIDSHARE.

Keep Rocking, Keep Hacking

Worms

?
Worms


A computer worm is by definition a self-replicating code that infects computers. They can be malicious or for good use. They use a computer network to get from computer to computer. They can be made to send themselves through emails and other means that the user may not notice. Unlike viruses, worms do not need to attach to files to get onto computers.
Worms can attack computers to infect them using the latest exploits for that system. This is called a wormnet. This is where the original worm learns of a new exploit, wheter by means of AI and Exploit-db[1] or by the original creater writing a new exploit to the worm and sending it out. Each worm will then copy the source of the worm it copied from so it can infect more computers. This method of high level attack can keep a single worm going for many months.
The difference between worms and viruses is that viruses are there to cause harm on purpose. They can modify or currupt the system. Worms however can cause harm to the network wheter as to just consume bandwidth or hook computers onto botnets.
Payloads are extra bits of code that make the worm do more than just copy itself, they can cause harm to the victim like the ExploreZip. This worm was sent by email to victims, when opened it would copy itself and modify WIN.INI so it is started on started on reboot. It would then look for Outlook and send itself to everyone in the mail contacts. Other payloads were ones that would encrypt a users files then display a pop-up asking the user to pay money to unlock their content or it would be deleted. This is called ransomware which a few worms have done.
Some payload free worms like the Morris worm and MyDoom didn't cause any actual damage but can cause network trouble.
Other payloads are ones like backdoors, keyloggers and RAT, Remote Admin Tool. Backdoors are when a system can be accessed again with need of hacking as the system has already been attacked. Backdoors are usually shells that stay open for the attacker to use. Keyloggers are scripts that can capture what keys are pressed. It can send reports live to the attacker as the user types or they can be sent to an FTP server when the victim is offline or the attack is offline. The FTP server needs a username and password. The issue with this is that if this code isn't obfusticated then if the worm is found and the source opened then the attack may get caught.
A RAT is a program that runs connects the victim to the attacker. Some advance RATs can allow the attacker to use the camera, microphone and the on screen keyboard. Most let you use a keylogger and several other tools. The best known RAT is DarkComet which can be tied to a worm to make it very very dangerous.
Not all worms are bad though. There are worms that infect computers to patch them. I would make a windows updater joke here but that's too obvious. These worms use user made patches for computers. Some like the Nachi family of worms, for example, tried to download and install patches from Microsoft's website to fix vulnerabilities in the host system–by exploiting those same vulnerabilities. These worms continued to infect and clean and so on until it hit a dead end and deleted itself. However these worms would work without the users concent and it rebooted the computer when the update was complete.
Worms can now spread though many other means like through social sites such as facebook by means of clickjacking and LikeJacking sessions. These encourage the victim to do something against their knowing, editing account info or visiting a site via iframe which can infect them.
Protecting from worms can be easy unless the bad guys have the upper hand. Zero day exploits are exploits that there is no patch for at the moment. These can be very dangerous and could take some time to get to the surface for the company to start fixing. Updating your system, keeping an eye on what needs urgent updates such as your java which you should update. Flash aswell as java needs to be monitered to be kept up to date as to protect your system from attack.
My personal favourite worm is the Blaster Worm which was written back in 2003 by a team of chinese hackers used to infect american computers. This worms infects the victim then says it will shut down the computer in 60 seconds. If the user can not react quick enough to kill this process then the computer will shutdown and reboot over and over. This worm would do one of a few things to infect other computers before shutting down. It would look for Outlook and use that and send itself to others. It would try to hijack an email session cookie for Hotmail or Yahoo. It would try to infect via port scanning the computer was in contact with and try to attack them wheter by wifi or wired connection.
Well known worms like the conficker worm in my opinion got way to much press for what it did. There are severeal versions of the worm and what was not told to the public was that users who were not infected with Conficker.A-D were not going to get infected with Conficker.E. This lack of information caused global panic and let companies like Symantic run rampid claiming that it was from Russia, it was from the UK, it accused people for writing it, they never found the person, they just proved that they are full of crap and know nothing on anything security as they can't even do their jobs right.
The Conficker worm did very little, it blocked users from running some programs that would give it away. It killed processes including an error in the code from Conficker.B that let the worm kill itself and try to restart itself while it kills itself causing infected computers to overclock after an hour or so of this. This error was fixed in Conficker.C It also stopped the victim from looking up certain words, phrases, sites or IP ranges. The worm did also opened up the limit as to how much data could be sent on the network. The Conficker family is classed as sevre which is quite strange as it does no real long term damage with a simple fix for it. This is very strange as no other worm is classed as sevre without doing real damage to the computer. This is proof that media can seriously make things worse when they go talking about stuff they don’t know about.
Media and worms go about as well together as gas and fire do. When they come together things just blow up and get out of hand. Lack of understanding they are there to report a new unholy worm that will eat your memory and email your porn to your grandmother. When it will do what the Conficker does, very little. With people who are reporting on these new worms before experts can even disect the matter. It’s all rush in get some small detail and blow it to all hell and scare half the internet offline. Also relying on companies like Symantic, AVG and Kaspersky have bad track records of keeping things quiet and bad monitering it as they are more focused on profit instead of just trying to catch and stop the worms and viruses.
This sort of behavior has allowed the bad guys to get the upperhand with new ways of encrypting their methods of attack and moving faster than any company can keep up.
This is a worm race between who can get which worm out fastest to the worm using whatever eploit they can. And an endless fight between which language is the dominant C++ or perl in worm creatation.
So all in all the worm is a fasinating piece of work, a masterpiece of coding which uses the most up to date attacks and is second to none in the world of infections.

Keep Rocking, Keep Hacking

Top 10 Windows Tools

?
Top 10 Windows Tools

1. Cain & Abel - Cain & Abel is a password recovery tool for the Microsoft Windows Operating System. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

2. SuperScan - SuperScan is a powerful TCP port scanner, pinger, resolver. SuperScan 4 (Current Version) is a completely-rewritten update of the highly popular Windows port scanning tool, SuperScan.

3. GFI LANguard Network Security Scanner - GFI LANguard N.S.S. is a network vulnerability management solution that scans your network and performs over 15,000 vulnerability assessments. It identifies all possible security threats and provides you with tools to patch and secure your network. GFI LANguard N.S.S. was voted Favorite Commercial Security Tool by NMAP users for 2 years running and has been sold over 200,000 times!

4. PWDumpX v1.1 - This tool allows a user with administrative privileges to retrieve the domain password cache, the password hashes and the LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.

5. Dark Elevator - This tool is a Windows privilege escalation tool. It has two main modes, running as a standard user, it tries to find a way to Admin or System access on a box. In audit mode, it runs as admin and tries to find ways for a specific user to escalate their privileges.

6. GetAcct - An oldie, but still useful on Pen Tests. GetAcct sidesteps "RestrictAnonymous=1" and acquires account information on Windows NT/2000/XP/2003 machines.

7. Solarwinds - Solarwinds contains many network monitoring, discovery and attack tools. The advanced security tools not only test internet security with the SNMP Brute Force Attack and Dictionary Attack utilities but also validate the security on Cisco Routers with the Router Security Check. The Remote TCP Reset remotely display all active sessions on a device and the Password Decryption can decrypt Type 7 Cisco Passwords. The Port Scanner allows testing for open TCP ports across IP Address and port ranges or selection of specific machines and ports.

8. Burp Suite - Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.

9. CookieDigger - CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values.

10. Netcat (The Network SwissArmy Knife) - Netcat was originally a Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

Keep Rocking, Keep Hacking