Latest Stories

Today i come to know about Hex Ray decompiler
i think it only works with the IDA pro and can generate pseudo code from the assembly.i think this what makes RE easier.consider a case of diffing two dlls,i know there is halvar flaks bindiff but that requires you to understand and digg through the assembly code while hex ray makes it easy to genrate the pseudo code and then you can easily determine the changes.  read more »

Hi folks,

Here are some of the Innocent Searches that might get you into trouble from just today. There are rather a lot of them...

AREA MEASUREMENT - wrong choice gets a link to a known exploit site
recipe for bine turkey - what's a bine turkey? anyway, wrong choice gets a rootkit
currency converter - rootkit
americanexpress/activate - rootkit
sixth avenue electronics - rootkit
deltashuttle - rootkit
blue licenses holding - rootkit
office depot links paper templates - rootkit
knitted or crocheted dachshund patterns - rootkit  read more »

Search engines are now routinely used to find ways of gaining unauthorized access to servers. Michael Cobb explains how to avoid exposing your important data to 'Google dorks.'

The fact that so many servers were compromised with malware suggests a trusted user on the inside engineered the data breach at Hannaford's, experts say.

Windows command-line tools can be a valuable resource to security professionals charged with the secure configuration of Windows' machines. In this tip, Ed Skoudis defines five more useful Windows commands that can provide new insight into the realm of Windows analysis.

Today i come to know about Hex Ray decompiler
i think it only works with the IDA pro and can generate pseudo code from the assembly.i think this what makes RE easier.consider a case of diffing two dlls,i know there is halvar flaks bindiff but that requires you to understand and digg through the assembly code while hex ray makes it easy to genrate the pseudo code and then you can easily determine the changes.  read more »

Hi folks,

Today we found what might be the ultimate irony... a spyware product where the home page has been hacked, and is installing someone else's rootkit!

The product is one of those spy-on-your-spouse/kids/employees things that says it's stealthy (in other words, _it's_ supposed to be a rootkit itself), and the home page has a chunk of escaped javascript  read more »

Dear Users,
update:i have removed tht due to some functionality problem.
I have added the support for voting down the stories which you don't like.I hope it will help to identify what you like and what you don't and then i can take proper actions.

Regards,
SecGeek

Hi folks,

hat-tip to Ståle Fagerland of Norman for noticing this article...

http://joongangdaily.joins.com/article/view.asp?aid=2886846  read more »

Correction: Sorry folks... there's so much happening at the moment, I've merged a couple of kits in my mind. It's not a mix of vbscript and javascript. It's just javascript, and thus far, we've only seen one exploit come out of it ... a mouldy, old MS06-014, although we expect there are more than that. The rest of the write-up is reasonably accurate, and we'll continue to correct things as we find more.

Hi folks,  read more »

Correction: Sorry folks... there's so much happening at the moment, I've merged a couple of kits in my mind. It's not a mix of vbscript and javascript. It's just javascript, and thus far, we've only seen one exploit come out of it ... a mouldy, old MS06-014, although we expect there are more than that. The rest of the write-up is reasonably accurate, and we'll continue to correct things as we find more.

Hi folks,  read more »

I'm kidding, I'm kidding!!!!!!!

Update number 2: Feb 26, 2008, 6:30am est

Dang, that was quick. Some of the sites, such as St Kilda, and the Geelong Cats sites, are now correctly marked as clean. They're not all correct though ... the Brisbane Lions site is still incorrectly marked as dangerous, for example, but that was still quick for the others, and we hope that all will shortly be corrected. Shout-outs to google for reacting quickly!

Update number 1:  read more »

Hi folks,

I keep getting requests offline for more innocent searches, so here are some from the last couple of days. Enjoy...

coal furnace with gas insert - fake codec
road trip - neosploit
pearl shop - neosploit
high capacity battery pack - fake codec/ rootkit
eyelashes + adhesive - fake codec
camping turon gate - fake codec
greenville gremlins - fake codec
blueberry jam - mpack/ icepack
school closings in illinois parents - search engine hijack
las vegas wedding photographers - mdac  read more »

Hi folks,

Here are some of the Innocent Searches that might get you into trouble from just today. There are rather a lot of them...

AREA MEASUREMENT - wrong choice gets a link to a known exploit site
recipe for bine turkey - what's a bine turkey? anyway, wrong choice gets a rootkit
currency converter - rootkit
americanexpress/activate - rootkit
sixth avenue electronics - rootkit
deltashuttle - rootkit
blue licenses holding - rootkit
office depot links paper templates - rootkit
knitted or crocheted dachshund patterns - rootkit  read more »

There's no such thing as a cure-all for stopping malware. Effective malware defense demands a keen attention to detail and careful planning. Expert Lenny Zeltser offers a malware-defense blueprint every enterprise can follow, plus plenty of free tools to help along the way.

Hi folks,

As you've probably noticed, Storm is back for Christmas. There are only two noteworthy points about it.

The first is that they've added another fairly new exploit to it, and that is for something called GomPlayer, or the Gretech Online Movie Player, which is apparently very popular in South Korea.

The exploit is from October 2007, and is explained here, http://www.milw0rm.com/exploits/4579, but the key point is that if you're using GomPlayer, you're potentially vulnerable.  read more »

Update: We should note that CA has offered a patch for this vulnerability. What is not clear is how widely adopted that patch is.

Hi folks,

On about March 17, 2008, some folks, such as frsirt started talking about a vulnerability in dll/ ocx used in various CA products. See here http://www.frsirt.com/english/advisories/2008/0902 , for example.

Today we found it in the wild, in none other than a new NeoSploit framework.

This means several things...

Firstly, the Neo developers are _very_ active.  read more »

Hi folks,

MalwareAlarm is so common now, we decided to give it it's own vid. Remember, it's not really scanning your pc, it's just pretending to, but it does a very good job of pretending. Enjoy...

Cheers

Roger

Note: One of our users, John Thomson (no relation as far as I know :-) ) noticed this first and brought it to our attention. His blog entry is here ...
http://www.roundtripsolutions.com/blog/2008/02/06/317/forth-road-bridge-website-hacked/

Sorry John! :-)

Hi folks,

Sometime between the 1st Feb 2008, and the 3rd of Feb 2008, the official website for the Forth Estuary Transport Authority was hacked an obfuscated iframe, using Neosploit encoding, was injected.  read more »

The fact that so many servers were compromised with malware suggests a trusted user on the inside engineered the data breach at Hannaford's, experts say.