Look Ma, I created a botnet!

June 15, 2009

The abstract concepts of "botnet" and "Trojan" just became a lot more concrete for me.

In less than an hour on Thursday, I was able to use programs readily available on the Internet underground for as little as $300 to infect several Windows clients and take complete control of them in a test environment.

In contrast to the real world, the McAfee Malware Experience event, which was akin to a Malware 101 class (or, in my case, Malware for Dummies), served up printed step-by-step instructions for us nonhacker journalists. But McAfee researchers said the programs used--real samples of malicious code from the wild--were not particularly sophisticated and any script kiddie could manage them easily.

First, I used a tool to infect a PC with a Sub Seven Trojan. With a few clicks it was on the client and I had remote access to everything on that machine via a so-called "back door." A management console provided an easy-to-use interface, including drop down menus with names like "Fun Manager."

Feeling mischievous I used the "flip screen" feature so that everything on the victim's PC was upside down and I changed the colors for the desktop and background to Hello Kitty hues of pink and orange. If I wanted to be nastier I could have directed the victim's browser to a URL of my choosing, turned on the client's Web cam, taken control of a chat session, printed out obscenities on the networked printer, or hidden the desktop or mouse from sight.

McAfee didn't let us save screen shots so I found this one on the Internet. It shows the interface of the Sub Seven Trojan and the "fun" things that can be done to a victim's computer with it.

(Credit: All-Interenet-Security.com)

I tested out the keystroke logger and found it to be particularly empowering and scary. It was thrilling to have so much control at my fingertips. It felt a bit like the electronic equivalent to pranks we did as kids, such as shorting the sheets and drawing on someone while the victim was sleeping. But these digital shenanigans have much more dire consequences.

Next up was creating a botnet, which would give me control over multiple zombies to do things like shut Web sites down with a denial of service attack and blanket e-mail inboxes with spam. I infected the two clients with the bot software and then created a command-and-control center on an IRC room. I then ordered up the system information from the bots, scanned their ports, and downloaded a malicious file onto the computers, as well as a keystroke logger. As they say in hacker lingo, I "p0wned" the machines.

Finally, I used a program called "Shark" (also known as "Backdoor-DKG") to create a Trojan and install it on the victim clients by sending it through a Microsoft Outlook e-mail. Using a spreadsheet interface, I was able to set the functions of the Trojan, activate a keystroke logger and could have disabled antivirus software or set it to shut the system down based on certain conditions.

Following the tutorial, McAfee provided some bleak statistics to put my actions into perspective. For instance, the company's Avert Labs sees more than 400,000 new zombies a day, 4,000 new pieces of malware a day and 1.5 million malicious sites a month. There were 1.5 million pieces of unique malware last year and McAfee predicts that number will rise to 2.4 million this year.

The numbers aren't all that surprising to me now that I've seen firsthand how easy the malware is to create and use. All in all, I'd say it was a very sobering experience.

Posted by Oyya-Info. Posted In : Security 

 

Who wins, loses with browser-less Windows 7

June 15, 2009

Microsoft's move to offer Windows 7 in Europe without a browser may help rivals, but it could make life more difficult for European consumers, particularly those who want to upgrade their existing machines.

As first reported earlier on Thursday by CNET News, Microsoft plans to ship Windows 7 to both PC makers and retail stores with Internet Explorer removed.

Now, most people will get Windows 7 on a new PC. Presumably, in that case, the computer maker will chose to add back Internet Explorer, include one or more rival browsers, or do both.

Indeed, that is what Microsoft itself is suggesting.

"Microsoft recommends that OEMs pre-install either IE8 or at least one other browser of their choice before distribution," Microsoft said in a memo to PC makers that was seen by CNET News. "If you do this, your end users in the European territory should be able to access the Internet without any additional steps or inconvenience."

The real hassle comes for those who want to upgrade their existing PC to Windows 7.

Moving from Windows Vista to Windows 7 can normally be done via an upgrade that preserves one's applications and data. However, because it removes the browser, moving to the "E" version of Windows 7 can only be done with a clean installation.

At that point, users have a system with no browser at all. So if they want Firefox or Opera or any other browser, they have no easy way to get it. For its part, Microsoft plans to make it as easy as possible for them to get IE. It will offer it via CD-ROMs at retail stores and via FTP, an old file downloading technique that has been largely sidelined due to modern browsers.

Forrester Research analyst J.P. Gownder said that the result is something that is very unfriendly to the very consumers that the EU is allegedly trying to protect. The European Union said in January that it had reached a preliminary finding that the inclusion of a browser within Windows violated its antitrust laws.

"It's a disaster caused by poor regulatory oversight," he said."It's definitely regulation gone wild and it's not going to help the consumer."

Matt Rosoff, an analyst with Directions on Microsoft, said the software maker probably made the move in an effort to avoid further regulatory action on the part of the European Union, which said in January that it believed the inclusion of a browser in Windows was a violation of European antitrust law.

"I guess Microsoft has taken the preemptive move to avoid a big fine," he said. "The EU didn't ask them to do this. They are still fighting the statement of objections."

So who benefits? Well, PC makers stand to gain, because they now have a more valuable piece of real estate to sell. In the past, they could offer deals to include rival browsers as the default on a new PC, but they were still shipping a PC with Internet Explorer. Presumably now, a browser maker could strike a deal to be the only browser on a machine.

"It certainly gives them a new placement to sell," Rosoff said. "Previously, with IE included, there wasn't as much incentive for browser makers to strike these kind of deals."

Of course, striking an exclusive deal would probably take a lot of cash. So it would seem Google, and not Opera (which brought the EU complaint), is in the best position to take advantage of the new landscape.

Gownder said he expects most new machines sold in Europe will still come with Internet Explorer, though some smaller PC makers might opt to exclude Microsoft's browser.

"It could be that there are some deals cut," Gownder said. "I would think the more typical case is that they ship with IE or IE plus one other."

As for Microsoft, Rosoff said that the company plans to offer an "Internet Pack" disc that includes not only IE, but also its Windows Live programs such as Windows Live Mail and Windows Live Messenger.

Posted by Oyya-Info. Posted In : Microsoft 

 

Microsoft takes aim at fake antivirus program

June 15, 2009

Microsoft's Malicious Software Removal Tool was updated this week to detect a generic type of fake antivirus program known as "Win32/InternetAntivirus."

The Microsoft Malware Protection Center gives Win32/InternetAntivirus an alert level of "severe." The software is "a rogue program that displays false and misleading alerts regarding malware, in order to convince users to purchase rogue security software," according to a Microsoft Malware Protection Center blog post. The program also displays a fake "Windows Security Center" message.

This screenshot shows the fake alert the Win32/InternetAntivirus malware displays to try to scare people into paying money.

In addition, the rogue program runs a password stealer called "TrojanSpy:Win32/Chadem," which tries to steal FTP usernames and passwords that can be used to compromise servers for hosting malware.

"They use new domain names every day, often registering multiple names at a time, like scanfan4.info, star4scan.info and scanstar4.info," the Microsoft post says. "This is all pretty normal rogue behaviour these days. As always, only use security software that has been tested by a trusted third party."

Fake antivirus programs are very common and provide a way for scammers to make easy money. The scammers prey on the fears of Web surfers who are misled into believing their systems are infected and then pay, typically, $50 for a program that not only doesn't protect their computers, but often turns out to be malicious.

Microsoft and the Attorney General's office in Washington state filed a handful of lawsuits last year over so-called "Scareware" pop-up ads that entice consumers into paying for software that supposedly fixes critical errors on a PC.

The Malicious Software Removal Tool is updated every second Tuesday of the month as part of Patch Tuesday.

Posted by Oyya-Info. Posted In : Security 

 
« Newer posts
Older posts »
 



Best Communitation Website
Which communication website is best?

Myspace
Facebook
Twitter
Furry-paws
Youtube


Make a free website with Yola