31 Ağustos 2012 Cuma

Other:W32/Generic

Other:W32/Generic is a Generic Detection for a wide range of malicious programs, such as trojans, worms and keyloggers.

eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler

Microsoft: Critical Vista Patch Coming

Microsoft plans to ship two patches on Jan. 8, 2008 to patch code execution vulnerabilities in its newest OS.

nod32 serial nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri

PeopleSoft founder seeks windfall in Workday IPO

The billionaire who founded business software maker PeopleSoft is looking to strike it rich again by taking his latest startup public.

nod32 full download full nod32 download est nod32 serial

5 takeaways from Las Vegas

Probably the two most important security conferences in the world are held in Las Vegas during the same week, gathering more than 15,000 attendees and offering dozens of talks. Even if you are here, you will find a situation where you want to attend 2 or 3 talks at the same time, or the frustration of attending one talk only to find there is no room left for you in the next one you wanted to attend.

So I thought it would be useful, whether you were in Las Vegas or not, to highlight the most relevant things that happened there during these 2 weeks, in my opinion:

64 bit nod32 esed nod32 4 nod32 esed nod32

Romney Campaign Fundraises for Success With Square

Romney Campaign Fundraises for Success With SquareIn a sign that Mitt Romney's campaign is serious about digital innovation in politics, it used this past week's Republican National Convention to do a major roll out of its branded version of Square, the mobile credit card processing app and iPhone/iPad/Android accessory already popular with small businesses which the campaign is using for fundraising.


est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce

How To Skip Product Key When Installing Windows 8

http://cdn.windowsvalley.com/wp-content/uploads/2012/08/windows-8-setup-product-key.png

Microsoft has released Windows 8 to MSDN/TechNet subscribers and few other channels starting from August 15th. Few weeks ago; I got lucky to lay hands on it and I noticed that Windows 8 doesn?t allow keyless installation, like Windows 7, by default.

But after doing some R&D I have found a way to bypass the product key wizard while performing the installation. And in this article, you?ll learn how to suppress product key prompt while installing Windows 8. Note: The following method is effective, legal, and does not requires a lot of technical expertise.

Prerequisites:

Tags: 

nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key

Dorifel is much bigger than expected and it's still active and growing!

Yesterday it was a dark day for many companies in Europe, but especially in the Netherlands. A piece of malware known as Worm.Win32.Dorifel infected over 3000 machines globally, and 90% of infected users were both from public and business sector organizations based in the Netherlands. We have seen government departments and hospitals being victims. The other countries with a large amount of infections were detected in Denmark, the Philippines, Germany, the United States and Spain. All users running Kaspersky Lab�s Products are protected from this threat.

The malware is initially distributed via email to victims. It uses a �Right To Left� vulnerability to hide its original file extension. The malware then downloads another malware which encrypts documents and executes them on the infected computer. Dorifel also attempts to encrypt files found on network shares.

When I was sitting down and investigating the Dorifel malware I noticed that the servers hosting the Dorifel malware was not configured properly and allowed for example directory listing in certain directories. This triggered me to search for more interesting directories, which I did and to my surprise I noticed that the server was hosting a lot more malicious �components� and not just the Dorifel malware. It is very difficult to say if this scam is complex and advanced since it uses many different components with different complexity level. Some of the interesting things I found includes:

est nod32 key esed nod32 serial esed nod32 antivirus

Trying to unmask the fake Microsoft support scammers!

I�m pretty sure that most of you guys know about the recent phone scam which is circulating right now. They have been calling a lot of people in countries such as Germany, Sweden, the UK and probably more. The scam is pretty simple; they pretend to be from a department within Microsoft which has received indications that your computer is infected with some malware. They will then offer (for free) to verify if this is the case. If the victim agrees on this, they will ask the victim to perform certain actions, and also type certain commands, which will trick a non-experienced user that the output is actually showing that the computer is infected.

I just want to mention that there is no such department at Microsoft, and they would never call up customers offering this. So if you ever get a call �from Microsoft� stating that there are some indications that your computer is broken or infected - please hang up!

Well, they have called me several times, and finally Ii got fed up with this and started to play along. At the same time I had my virtual machines running and was recording everything that they were doing. The goal was to find out who they were and exactly what the scam was. Luckily I was able to get hold of information such as their internal IP addresses, the PayPal accounts used to wire money and the numbers they are calling from.

esed nod32 indir nod32 serial nod32 güncel keyleri nod32 keyleri güncel

Using TS RemoteApp as an attack vector

So in today's session at SMBNation that I spoke at, I showed how to use TS RemoteApp with TS Gateway on SBS2008 to deliver remote applications through Remote Web Workplace. It is one of the most cool features in the Windows Server 2008 operating system. But we have to remember what its doing.

Part of the conversation we had was on the difference between local desktop display in TS RemoteApp vs just having a full desktop to the Terminal Server. One issue that came up was that as a RemoteApp, you can't run other applications.

Well, that is not actually true. If you think that, then a TS RemoteApp has the ability to be an attack vector for you. What do I mean? Well below is a screen shot of what happens if you hit CTRL-ALT-ENTER with the cursor focused on the RemoteApp window (in this case MS Paint running remotely):

At this point, you can run Task Manager.... then hit File->Run and run something else. In my case, I showed a few people afterwards how to start cmd and start exploring the network. Now, you will only have the privileges of the user account logged in as, but it is still something you have to be careful about. If you think a RemoteApp bundle prevents access to other application sor the network... you are wrong.

So is this bad? No. Is it really an attack vector? No. You just need to understand that when allowing ANY type of Terminal Services based access, you have to restrict the policies and access accordingly. No matter if its local or remote. Running a TS RemoteApp bundle of Office will display on the local desktop, but is STILL running on the Terminal Server. So it will be browsing the network the Terminal Server is connected to as the local net. It will also browse your own drives mapped via tsclient. So you have to remember that.

Hope thats useful. A TS RemoteApp bundle does NOT mean you won't have access to the TS desktop when displaying remotely on your personal desktop. And that's not a bad thing. TS Remote App is a convenient way to extend the workspace to your local machine, anywhere in the world. No pun intended. That's its power... and the benefit. Great remote productivity enhancement in Windows Server 2008. Use it. (Safely of course)

full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys

Six ways to protect against the latest Java vulnerability

http://www.flickr.com/photos/cyberhades/7117373645/

Security researchers have proposed several methods for users to protect their computers from ongoing attacks that target a new and yet-to-be-patched vulnerability in all versions of Java Runtime Environment 7.

Most of the proposed solutions have drawbacks or are applicable only to certain system configurations and environments. However, the hope is that in the absence of an official patch from Oracle users will be able to use one or a combination of them in order to reduce the risk of their systems being compromised.

esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir

Anonymous hits U.K. government sites over Assange situation

The loosely knit hacktivist group launches denial-of-service attacks against the U.K. Justice Department, as well as a handful of other government sites.

indir com nod32 nod32 keyleri nod32 keyler

Blackhat USA 2012 - Pushing Past Intrusion Tolerance, Cutting Edge Research

The Blackhat 2012 keynote started the event with Shawn Henry, former Executive Assistant Director of the Fbi, painting a grim, seemingly unspeakable picture of cyberespionage in the US. It was interesting that he continually spoke about the gravity of the situation and the need to apply what he learned at the Fbi to protecting digital assets, but he couldn't describe a single concrete example. At the same time, other than a weapon of mass destruction, he claimed that cyber threats are the single biggest problem facing this nation. This inability to convey concrete details during the Blackhat keynote only highlights some of the problem in understanding the cyber problem. And it's the problem of overclassification of computer network exploitation (CNE) incidents and a tangled set of dynamics that silence breach data sharing and exchange. There is a long way to go here to fixing it.

While parts of the talk were very interesting, especially discussion of creating a hostile network for your adversaries and taking intrusion tolerance a step further, it was criticized for being a bit self-promoting. All across the twittersphere, tweets like this one protested signs of this year's corporate influence.

The two days of talks explored some new territory. Day 1 included "Advanced ARM Exploitation", where Stephen Ridley and Stephen Lawler provided some more indepth Android exploitation details and the quirks in exploring the software and developing exploits on the platform. For example, ROP techniques are required even to perform the ancient ret2libc technique on Android. They poured over data manipulation on ARM and particular assembly level tricks, specifics of discovering ROP pivots and pushing data into the stack on ARM for control. The talk provided content from their hands-on, 650+ slides across 12 decks, 80 page lab manual, multi-day course "Practical ARM Exploitation".

nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key

Second LulzSec hacker, Raynaldo Rivera, also surrenders

http://www.lulzsecurity.com/

A second member of the global hacking collective ?LulzSec? has surrendered to US authorities for his help in the 2011 attacks on Sony Computer Corp.

20 year-old Raynaldo Rivera of Tempe, Arizona was indicted by a grand jury last week on charges stemming from his participation in the Sony hack, including charges of conspiracy and unauthorized impairment of a protected computer. The indictment was returned on August 22, but wasn?t unsealed until Tuesday, when Rivera surrendered to FBI agents. If convicted, he could face up to 15 years of prison time.

indir com nod32 nod32 keyleri nod32 keyler nod32 key

In the digital age, whither the campaign button?

Keith Ketcham, left, sells buttons of Republican presidential nominee Mitt Romney outside the Republican National Convention on Wednesday, Aug. 29, 2012, in Tampa, Fla. While buttons are seen at the convention, they are far from ubiquitous, and the days when delegates were littered with partisan messages from seemingly head to toe appear to be long past. (AP Photo/Peter Prengaman)Eugene Ola was on a street corner hawking some political buttons with phrases like "Believe in America" and featuring photos of a smiling GOP presidential nominee Mitt Romney and his running mate, Paul Ryan. But most passersby simply smiled and kept on walking, barely looking at the piece of cardboard he carted around with 50 buttons fastened to it.


esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key

Critical TCP/IP Worm Hole Dings Windows Vista

Microsoft has issued a high-priority security update to fix a pair of "critical" flaws that expose Windows users to remote code execution attacks.

nod32 keyleri nod32 keyler nod32 key

You Can Write, But You Can't Hide: Big Data Knows Your Writing Quirks

http://www.flickr.com/photos/star-dust/775368469/

As I wrote recently, data scientists have been able to decode unstructured data to accurately predict where violence will occur in Afghanistan. Now, they can also mine unstructured data to determine the identity of a document?s writer. All of us, it seems, have a ?write-print? as unique as our fingerprint.

nod32 keyleri nod32 keyler nod32 key esed nod32 download

Rootkit:W32/ZAccess

Rootkit:W32/ZAccess constantly displays advertisements on the infected machine and may silently contact remote servers to retrieve additionaly advertising information.

esed nod32 antivirus nod32 turkce nod32 full indir nod32 full download

5000th Tweet

nod32 esed nod32 indir nod32 nod32 güncel key

New Kaspersky appeals to your cash sense

A new way to lock down your financial transactions called Safe Money is a big part of Kaspersky's plan to make bank in its 2013 security suites.

esed nod32 keyleri esed nod32 key esed nod32 keys

30 Ağustos 2012 Perşembe

Exploit:W32/D-Encrypted.Gen

A program or technique that takes advantage of a vulnerability to remotely access or attack a program, computer or server.

full nod32 download est nod32 serial 64 bit nod32 esed nod32 4

Amazon Kindle Fire sold out as new model expected

FILE- This Wednesday, Sept. 28, 2011 file photo shows the Kindle Fire at a news conference in New York. Amazon.com Inc. quenched the Kindle Fire on Thursday, Aug. 30, 2012, saying its first tablet computer is now sold out. The Internet retailer has a major press conference scheduled for next Thursday in Santa Monica, Calif. It's widely expected to reveal a new model of the Fire there. (AP Photo/Mark Lennihan, FILE)Amazon.com Inc. says it has sold out of its Kindle Fire tablet computer amid expectations of a new model for the holiday season.


nod32 turkce nod32 full indir nod32 full download full nod32 download

Bejtlich's Thoughts on "Why Our Best Officers Are Leaving"

esed nod32 4 nod32 esed nod32 indir nod32

Bastion tops iPhone Games of the Week

This is a very special week in iOS gaming as far as I'm concerned. The incredibly lauded indie hit Bastion dropped on the iPad totally unexpectedly, and it is far and away the best game of the week, if not the summer. We've also got some other solid titles, such as an indie puzzler called Blast-a-Way, a crazy endless runner called The Last Driver, and a port of the most creative and fun game Square Enix has put out in the last half decade. Here are this week's top iPhone games.

nod32 guncel key güncel key nod32 full nod32

The Mystery of the Encrypted Gauss Payload

There are many remaining mysteries in the Gauss and Flame stories. For instance, how do people get infected with the malware? Or, what is the purpose of the uniquely named �Palida Narrow� font that Gauss installs?

Perhaps the most interesting mystery is Gauss� encrypted warhead. Gauss contains a module named �Godel� that features an encrypted payload. The malware tries to decrypt this payload using several strings from the system and, upon success, executes it. Despite our best efforts, we were unable to break the encryption. So today we are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets. We are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload.

The containers

Infected USB sticks have two files that contain several encrypted sections. Named �System32.dat� and �System32.bin�, they are 32-bit and 64-bit versions of the same code. These files are loaded from infected drives using the well-known LNK exploit introduced by Stuxnet. Their primary goal is to extract a lot of information about the victim system and write it back to a file on the drive named �.thumbs.db�. Several known versions of the files contain three encrypted sections (one code section, two data sections).

The decryption key for these sections is generated dynamically and depends on the features of the victim system, preventing anyone except the designated target(s) from extracting the contents of the sections.

By the way, the 64-bit version of the module has some debug information left in it. The module contains debug assertion strings and names of the modules:

.\loader.cpp NULL != encSection Path NULL != pathVar && curPos < pathVarSize NULL != progFilesDirs && curPos < progFilesDirsSize NULL != isExpected NULL != key (NULL != result) && (NULL !=str1) && (NULL != str2) .\encryption_funcs.cpp

The data

The mysterious encrypted data is stored in three sections:

The files also contain an encrypted resource �100� that seems to be the actual payload, given the relatively small size of the encrypted sections. It is most likely that the section �.exsdat� contains the code for decrypting the resource and executing its contents.

nod32 serial nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri

Bejtlich's Thoughts on "Why Our Best Officers Are Leaving"

nod32 key esed nod32 download nod32 serialleri esed nod32 indir

Patch Tuesday July 2012 - Focus on the Browser

This month's patch Tuesday brings a set of three "critical" bulletins focused on Windows/web browser component vulnerabilities and six other bulletins rated "important". In other words, two of the critical components are considered "Windows" components, but most likely would be attacked through the web browser. Also, the top priority bulletin patches the CVE-2012-1889 vulnerability being exploited not only by attackers targeting high value targets, but common-off-the-shelf/commodity exploit packs.

Kaspersky products detect malicious web pages exploiting CVE-2012-1889 with "HEUR:Exploit.Script.Generic". Addition of a working exploit targeting MSXML Core Services 3.0 within IE6 and IE7 XPSP3 to the Metasploit Framework on June 12th helped make this one more mainstream. While it may seem that targeting XP would limit its reach, it's important to note that various market share surveys and reports show that Windows XP continues to take major OS market share. Interestingly, the MS12-043 Bulletin addressing this vulnerability patches MSXML Core Services 3, 4, and 6, leaving out version 5. Versions 3 and 6 ship with Windows itself. Accordingly, msxml3.dll and msxml6.dll reside in c:\windows\system32 across all supported versions of Windows, while the other versions are installed by Microsoft Office and other software.

Also patching the potential for web client-side drive-by's, MS12-045 addresses an MDAC vulnerability, reminiscent of MS06-014, one of the longest lasting, reliable, most heavily targeted client-side vulnerabilities in Microsoft technology. It was taken advantage of for years by the Russian Business Network, purchasers of MPack, and later others, distributing Torpig and Rustock, while the nascent exploit kit market was solidifying back in 2006. It continues to be included in some of the live exploit pack control panels that we see. We'll see how this new MDAC issue compares.

The third of the bulletins fighting "critical" rated web client side vulnerabilities fixes a couple of newer vulnerability types being targeted ("Cached Object Remote Code Execution Vulnerability - CVE-2012-1522", "Attribute Remove Remote Code Execution Vulnerability - CVE-2012-1524") introduced by Internet Explorer version 9 itself. Versions 6, 7 and 8 do not maintain the vulnerable code.

With that, we leave you to your regularly scheduled patching.

Follow me on Twitter

nod32 turkce nod32 full indir nod32 full download full nod32 download

Vidro: How deep and mobile is the rabbit hole?

The appearance of a new Android malware family is not that surprising at all today. Especially when we talk about SMS Trojans which are one of the most popular and oldest type of threats created for extracting money from users. A new family of SMS Trojans named Vidro appeared a few days ago but we�ve already collected a lot of APK files with very similar functionality. At the moment all the samples we have found target users only from Poland.

Spreading

Trojan-SMS.AndroidOS.Vidro is spread via porn sites. The mechanism is very similar to the way the very first Android malware (Trojan-SMS.AndroidOS.FakePlayer) spread. If the user visits a porn site with a desktop browser he will see something similar to this:

But if the potential victim somehow visits the same website using an Android device, a porn web site will be �optimized� for the smartphone:

nod32 key esed nod32 download nod32 serialleri

Anonymous hits U.K. government sites over Assange situation

The loosely knit hacktivist group launches denial-of-service attacks against the U.K. Justice Department, as well as a handful of other government sites.

nod32 keyler nod32 key esed nod32 download nod32 serialleri

Virus:W32/Ramnit.N

A program that secretly and maliciously integrates itself into program or data files. It spreads by integrating itself into more files each time the host program is run.

nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32

The Madi Campaign - Part I

For almost a year, an ongoing campaign to infiltrate computer systems throughout the Middle East has targeted individuals across Iran, Israel, Afghanistan and others scattered across the globe.

Together with our partner, Seculert, we-ve thoroughly investigated this operation and named it the ?Madi�, based on certain strings and handles used by the attackers. You can read the Seculert analysis post here.

The campaign relied on a couple of well known, simpler attack techniques to deliver the payloads, which reveals a bit about the victims online awareness. Large amounts of data collection reveal the focus of the campaign on Middle Eastern critical infrastructure engineering firms, government agencies, financial houses, and academia. And individuals within this victim pool and their communications were selected for increased monitoring over extended periods of time.

This post is an examination of the techniques used to spread the Madi malware to victim systems, the spyware tools used, and quirks about both. In some cases, targeted organizations themselves don't want to provide further breach information about the attack, so some perspective into the parts of the campaign can be limited.

güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32

Gauss: Nation-state cyber-surveillance meets banking Trojan

Introduction

Gauss is the most recent cyber-surveillance operation in the Stuxnet, Duqu and Flame saga.

It was probably created in mid-2011 and deployed for the first time in August-September 2011.

Gauss was discovered during the course of the ongoing effort initiated by the International Telecommunications Union (ITU), following the discovery of Flame. The effort is aimed at mitigating the risks posed by cyber-weapons, which is a key component in achieving the overall objective of global cyber-peace.

In 140 chars or less, �Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation�. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations.

Just like Duqu was based on the �Tilded� platform on which Stuxnet was developed, Gauss is based on the �Flame� platform. It shares some functionalities with Flame, such as the USB infection subroutines.

In this FAQ, we answer some of the main questions about this operation. In addition to this, we are also releasing a full technical paper (HTML version and PDF version) about the malware�s functionalities.

What is Gauss? Where does the name come from?

Gauss is a complex cyber-espionage toolkit created by the same actors behind the Flame malware platform. It is highly modular and supports new functions which can be deployed remotely by the operators in the form of plugins. The currently known plugins perform the following functions:

  • Intercept browser cookies and passwords.
  • Harvest and send system configuration data to attackers.
  • Infect USB sticks with a data stealing module.
  • List the content of the system drives and folders
  • Steal credentials for various banking systems in the Middle East.
  • Hijack account information for social network, email and IM accounts.

The modules have internal names which appear to pay tribute to famous mathematicians and philosophers, such as Kurt Godel, Johann Carl Friedrich Gauss and Joseph-Louis Lagrange.

The module named �Gauss� is the most important in the malware as it implements the data stealing capabilities and we have therefore named the malware toolkit by this most important component.

Gauss Architecture

In addition, the authors forgot to remove debugging information from some of the Gauss samples, which contain the paths where the project resides. The paths are:

Variant Path to project files
August 2011 d:\projects\gauss
October 2011 d:\projects\gauss_for_macis_2
Dec 2011-Jan 2012 c:\documents and settings\flamer\desktop\gauss_white_1

One immediately notices �projects\gauss�.

In regards to the �white� part - we believe this is a reference to Lebanon, the country with the most Gauss infections. According to Wikipedia, �The name Lebanon comes from the Semitic root LBN, meaning "white", likely a reference to the snow-capped Mount Lebanon.� http://en.wikipedia.org/wiki/Lebanon#Etymology

nod32 guncel key güncel key nod32 full nod32

Inside Huawei, the Chinese tech giant that's rattling nerves in DC

A congressional committee wants to know whether this telecommunications powerhouse is a national security threat. Why? CNET went to China to find out.

nod32 full download full nod32 download est nod32 serial 64 bit nod32

Sprint lights up LTE in four new markets

Sprint lights up LTE in four new marketsSprint (S) on Wednesday announced the expansion of both its 3G and 4G LTE networks. The company?s high-speed LTE network is now available in Baltimore, Md., Gainesville, Ga., Manhattan/Junction City, Kan., and Sedalia, Mo. In addition, locations in Baltimore, Boston and Washington, D.C will have now have access to Sprint?s ?all-new 3G service,? which the company claims will deliver better in-building coverage and fewer dropped calls. ?Our customers are enjoying new applications and devices that increase the demand for mobile data,? said Bob Azzi, senior vice president of Sprint. ?The network build-out ? that today is playing out in four new cities ? will provide nothing less than a state-of-the art network platform for the next generation of customers. Customers


nod32 key esed nod32 download nod32 serialleri esed nod32 indir

Gauss: Nation-state cyber-surveillance meets banking Trojan

Introduction

Gauss is the most recent cyber-surveillance operation in the Stuxnet, Duqu and Flame saga.

It was probably created in mid-2011 and deployed for the first time in August-September 2011.

Gauss was discovered during the course of the ongoing effort initiated by the International Telecommunications Union (ITU), following the discovery of Flame. The effort is aimed at mitigating the risks posed by cyber-weapons, which is a key component in achieving the overall objective of global cyber-peace.

In 140 chars or less, �Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation�. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations.

Just like Duqu was based on the �Tilded� platform on which Stuxnet was developed, Gauss is based on the �Flame� platform. It shares some functionalities with Flame, such as the USB infection subroutines.

In this FAQ, we answer some of the main questions about this operation. In addition to this, we are also releasing a full technical paper (HTML version and PDF version) about the malware�s functionalities.

What is Gauss? Where does the name come from?

Gauss is a complex cyber-espionage toolkit created by the same actors behind the Flame malware platform. It is highly modular and supports new functions which can be deployed remotely by the operators in the form of plugins. The currently known plugins perform the following functions:

  • Intercept browser cookies and passwords.
  • Harvest and send system configuration data to attackers.
  • Infect USB sticks with a data stealing module.
  • List the content of the system drives and folders
  • Steal credentials for various banking systems in the Middle East.
  • Hijack account information for social network, email and IM accounts.

The modules have internal names which appear to pay tribute to famous mathematicians and philosophers, such as Kurt Godel, Johann Carl Friedrich Gauss and Joseph-Louis Lagrange.

The module named �Gauss� is the most important in the malware as it implements the data stealing capabilities and we have therefore named the malware toolkit by this most important component.

Gauss Architecture

In addition, the authors forgot to remove debugging information from some of the Gauss samples, which contain the paths where the project resides. The paths are:

Variant Path to project files
August 2011 d:\projects\gauss
October 2011 d:\projects\gauss_for_macis_2
Dec 2011-Jan 2012 c:\documents and settings\flamer\desktop\gauss_white_1

One immediately notices �projects\gauss�.

In regards to the �white� part - we believe this is a reference to Lebanon, the country with the most Gauss infections. According to Wikipedia, �The name Lebanon comes from the Semitic root LBN, meaning "white", likely a reference to the snow-capped Mount Lebanon.� http://en.wikipedia.org/wiki/Lebanon#Etymology

güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32

Flame Hypocrisy

nod32 turkce nod32 full indir nod32 full download

Fired Toyota coder trashes systems, steals data

http://en.wikipedia.org/wiki/Toyota

�After being fired last week, a contract computer programmer at Toyota Motor Manufacturing intentionally "sabotaged" and crashed the company's supplier computer network and downloaded highly confidential information, Toyota has alleged in a federal lawsuit.

In a complaint filed Friday in U.S. District Court in Lexington against Ibrahimshah Shahulhameed, the automaker said, "If this information were disseminated to competitors or otherwise made public, it would be highly damaging to Toyota and its suppliers, causing immediate and irreparable damage."

nod32 turkce nod32 full indir nod32 full download full nod32 download

New Java 7 exploit can potentially affect Macs

While there are no known attempts to use a newly discovered vulnerability to target Mac users, the exploit has been successfully triggered in both Safari and Firefox on Macs running Mountain Lion.

esed nod32 key esed nod32 keys est nod32 key esed nod32 serial

ISIS mobile payment service to finally debut in September

ISIS mobile payment service to finally debut in SeptemberThe joint mobile payment venture�known as ISIS�that is backed by AT&T (T), Verizon (VZ) and T-Mobile is on track to debut in September. The group initially planned to roll out its services in the first half of 2012, but various delays have pushed back the launch date. ?The focus has been: Get it right, make sure it?s secure,? Brad Duea, senior vice president of product management at T-Mobile USA, said in an interview with Bloomberg. ISIS uses NFC technology to allow users to make purchases with their smartphones, although it can also be used for other things as well. T-Mobile plans to use the technology to allow customers to download applications and content by tapping their phones against a special


nod32 keyler nod32 key esed nod32 download nod32 serialleri

29 Ağustos 2012 Çarşamba

HP Ventures Back Into Tablets With Envy x2 Hybrid

HP Ventures Back Into Tablets With Envy x2 HybridHP Envy x2 Windows 8 Hybrid PC


nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri

Second accused LulzSec hacker arrested in Sony breach

Arizona man is charged in connection with movie studio security breach that yielded thousands of names, e-mail addresses, and passwords.

eset nod32 guncel key eset nod32 güncel key indir com nod32 nod32 keyleri

Exploit:W32/D-Encrypted.Gen

A program or technique that takes advantage of a vulnerability to remotely access or attack a program, computer or server.

esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key

Cat videos get their moment at Minn. film festival

Katie Hill, a program associate with the Walker Art Center, shows a frame from a cat video of a cat playing the piano Wednesday, Aug. 29, 2012, in Minneapolis. The Walker will present its first "Internet Cat Video Film Festival" to showcase the best in filmed feline hijinks. (AP Photo/Jim Mone)Warning: This is a story about online cat videos. If you're among the seemingly tiny minority of the general population not interested in watching a 1-minute clip of a cat in a T-shirt pounding on a keyboard, then move along.


est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce

The end of DNS-Changer

FBI's “Operation Ghost Click” was discussed earlier by my colleague Kurt here and here and now it comes to an end.

Next Monday, 9th of July, at 06:00 (MEZ) the temporary DNS-servers setup by FBI will be shut down. But still there are still thousands of infected machines - one can wonder, what will happen to them?

Computers in the internet have their own address - the IP-address. There are two versions:

  • IPv4 which is a 32-bit address e.g. 195.122.169.23 and
  • IPv6 which is a 128-bit address e.g. 2001:db8:85a3:8d3:1319:8a2e:370:7347

You clearly see that these addresses are not so easy to remember compared to e.g. “kaspersky.com”. Therefore the “Domain Name System” was created which translates domain-names as “kaspersky.com” to their respective IP-address to connect to the server.

The DNS-Changer malware replaces the DNS-servers on the infected system with its own. FBI Press Release

The reason they do this is because it facilitates “Click Hijacking”. This is a technique where infected users are redirected to advertisement websites from the criminals and “Advertising Replacement” where on legitimate websites the advertisements were exchanged with one from the criminals.

Luckily, the FBI caught the criminals and installed temporary DNS-Servers in order to avoid a “black-out” for the mass of infected computers.

This temporary solution will come to an end on Monday when the servers are shut down. When this happens, the infected machines will no longer able to resolve domain names in order to connect to e.g. a website.

Of course, if you know the address of the server you can still use it instead of the name e.g. 195.122.169.23 is “securelist.com” but this is not easy solution.

We would like to point out that despite the big noise around this topic, there is no need to panic. The solution is rather simple - read below for more.

First of all, it might be interesting to point out that in 2012 we detected 101.964 attempts by DNSChanger malware to infect our users.

The good news is that the infections were blocked and the number of infection attempts is going down.

For instance, this map of the past week shows that the amount of infection attempts/detections as decreasing. Of course, computers with no or old protection are still in danger of possible unspotted infections.

So, how to check if you are infected with DNSChanger?

The DNS Changer Working Group provides helpful information on their website - unfortunately, we previously mentioned that automatic websites setup for this purpose do not work 100% well. So, the manual solution of checking the DNS server IPs is better.

If you are infected, you can change your DNS entries to the free DNS-Servers from Google: 8.8.8.8 and 8.8.4.4. OpenDNS also offers two: 208.67.222.222 and 208.67.220.220, which we also recommend for additional security features.

The best solution is of course to install a security suite capable of detecting and cleaning the infection and fixing the DNS servers.

Since many DNSChanger infections are accompanied by TDSS, a rather nasty rootkit, you can also use our tool “Kaspersky TDSSKiller” in order to detect and delete the infection

nod32 guncel key eset nod32 guncel key eset nod32 güncel key

Hacking humans: Building a better you

'Man is something that shall be overcome,' wrote Nietzsche. He may have never envisioned today's efforts to re-engineer the body, but he looks prophetic as pioneers aim to push the envelope of human capability.

est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce

Trying to unmask the fake Microsoft support scammers!

I�m pretty sure that most of you guys know about the recent phone scam which is circulating right now. They have been calling a lot of people in countries such as Germany, Sweden, the UK and probably more. The scam is pretty simple; they pretend to be from a department within Microsoft which has received indications that your computer is infected with some malware. They will then offer (for free) to verify if this is the case. If the victim agrees on this, they will ask the victim to perform certain actions, and also type certain commands, which will trick a non-experienced user that the output is actually showing that the computer is infected.

I just want to mention that there is no such department at Microsoft, and they would never call up customers offering this. So if you ever get a call �from Microsoft� stating that there are some indications that your computer is broken or infected - please hang up!

Well, they have called me several times, and finally Ii got fed up with this and started to play along. At the same time I had my virtual machines running and was recording everything that they were doing. The goal was to find out who they were and exactly what the scam was. Luckily I was able to get hold of information such as their internal IP addresses, the PayPal accounts used to wire money and the numbers they are calling from.

nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri

Impressions: Web Application Security: A Beginner's Guide

güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32

Chief creative officer leaves Zynga

Zynga chief creative officer Mike Verdu said in a blog post that he is off to start a new companyAnother top Zynga executive has cashed in his chips as the social games company behind "Zynga Poker" and "Farmville" strives to improve its fortunes after a losing fiscal quarter.


esed nod32 keys est nod32 key esed nod32 serial

Reforming the DisGrace Period

Opinion: Another step has been taken on the long, plodding path to maybe addressing the problem of Domain Tasting.

nod32 full indir nod32 full download full nod32 download est nod32 serial

Review of SSH Mastery Posted

esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir

Bejtlich's Thoughts on "Why Our Best Officers Are Leaving"

eset nod32 guncel key eset nod32 güncel key indir com nod32 nod32 keyleri

Worm:W32/Morto.A

Worm:W32/Morto.A propagates through Remote Desktop Services on Windows servers by brute-forcing the login credentials of the server.

nod32 guncel key eset nod32 guncel key eset nod32 güncel key

Flame Hypocrisy

nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32

Flame Hypocrisy

esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir

Television Fraud of Olympic proportions

��� Whenever an important event takes place, new opportunities for cyber criminals, especially for those who develop attacks based on social engineering, arise.� Currently, the whole world has its eyes glued to TV screens watching the London 2012 Olympic Games. Worldwide interest on this event is so strong that cyber criminals were quick to take advantage of this opportunity and launched multiple campaigns promoting alleged paid online TV programming that would allow users to see live broadcasts of the Olympic Games via the Internet.� Several fake pages were found with titles such as: Best way to watch London 2012 Olympics online live stream HD
London 2012 Live Streaming

nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32

DNSChanger - Last Call on Cleanup

UPDATE (7/9/2012):
Thank you Barry Greene and the DCWG. The DCWG-run DNS servers have been taken down:

"On 12:01 Eastern Time on Monday July 9th 2012, the DCWG stop responding to DNS queries from infected machines. This is in compliance with the US Justice Department Court Order authorizing the clean DNS servers.

At 12:23 Eastern Time on Monday July 9th 2012, the server started to reply to all DNS request with an ICMP Unreachable. This would help infected computers troubleshot their problem is they find they cannot access DNS servers."

**************************************************

Here we are. It's the last call on DNSChanger cleanup. On Monday, the Fbi-run replacement DNS servers are coming down because the court-ordered extension is coming to an end, and your systems may using these servers for resolution. There are a set of sites that may unreliably help you identify whether your machine or router continues to maintain DNS settings to the "DNSChanger" operators' servers. This unreliability is partly because upstream major internet backbone providers have created unintended confusion, and partly because of poor/ineffective web-side detection implementations.

In the US, 60k hosts are reported to require that their DNS settings remain to be changed. How many of those systems are truly "infected"? No one knows. And, the number could be inflated. It could be that none of these systems are infected. Or all of them could be infected. Perhaps all LAN-side systems behind home and corporate routers, or systems cleaned of malware that may still maintain artifacts of this infection, continue to use Rove Digital servers for DNS resolution.

In other words, it doesn't mean you have pneumonia, but you still have a cough. And it makes you extraordinarily more likely to get sick again. Some vendors' products, like here at Kaspersky, have been detecting the artifact DNSChanger settings on effected machines and offering to reconfigure these settings to a set of "clean" DNS servers. This DNS reset routine is presented by Kaspersky Endpoint Security 8.0 and 2010+ home products with this popup for "Trojan.Multi.DNSChanger.Gen":

Just click on "Yes" and your system's DNS settings will be reconfigured to use DHCP-assigned or clean, open DNS services. After host-side reconfiguration, it still would be interesting to visit the www.dns-ok.us sites to find out if your home router is still maliciously configured.

nod32 keyleri nod32 keyler nod32 key

Inside Huawei, the Chinese tech giant that's rattling nerves in D.C.

A Congressional committee wants to know if this telecommunications powerhouse is a national security threat. Why? CNET went to China to find out.

nod32 serialleri esed nod32 indir nod32 serial nod32 güncel keyleri

Singapore suffers from 'false sense of security'

http://en.wikipedia.org/wiki/Singapore

Singapore's "vibrant" IT security environment, low rate of reported breaches and incidents, and not being at the frontlines of online attacks have lulled local businesses into a "false sense of security" which leaves them vulnerable.

According to Ngair Teow Hin, founder and CEO of security firm SecureAge, the "vibrant" security scene in the city-state with more than 100 security companies here, and existing laws such as the Computer Misuse Act, help deter people from hacking into organizations here. This can be seen by the low number of reported security incidents, he added.

eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler

Worm:W32/Todon.I

Worm:W32/Todon.I is a worm that spreads to new victim machines via infected removable and network drives. The worm also has trojan-downloader capabilities, as it attempts to download additional files from remote servers.

nod32 full download full nod32 download est nod32 serial 64 bit nod32

28 Ağustos 2012 Salı

Impressions: Fuzzing

esed nod32 serial esed nod32 antivirus nod32 turkce

Other:W32/Generic

Other:W32/Generic is a Generic Detection for a wide range of malicious programs, such as trojans, worms and keyloggers.

esed nod32 download nod32 serialleri esed nod32 indir nod32 serial

Reforming the DisGrace Period

Opinion: Another step has been taken on the long, plodding path to maybe addressing the problem of Domain Tasting.

nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key

How to Kill Teams Through "Stack Ranking"

esed nod32 indir nod32 serial nod32 güncel keyleri nod32 keyleri güncel

Prices of Facebook stock since long-awaited IPO

A Facebook worker waits for friends to arrive outside of Facebook headquarters in Menlo Park, Calif., Friday, Aug. 17, 2012. Facebook stock is trading at $19 and has lost half its market value since its May public offering. (AP Photo/Paul Sakuma)Facebook's stock has been down on 41 trading days, up on 28 and unchanged on two since its initial public offering.


nod32 keyleri nod32 keyler nod32 key

China's High-Tech Military Threat and Air Sea Battle

nod32 keyleri nod32 keyler nod32 key esed nod32 download

New ZitMo for Android and Blackberry

Ten months ago we�ve published an article about ZeuS-in-the-Mobile which contains an overview of everything we knew about ZitMo at that moment. The paper finishes with the following prediction: �they [attacks involving ZitMo] will become more specifically targeted against a smaller number of victims�. This prediction appears to have been correct. It�s not that often when we hear/find new wave of ZeuS-in-the-Mobile (or SpyEye-in-the-Mobile) attack. So every new piece of information about these types of malware and/or attacks involving them is very important and helps to understand the evolution of one of the most interesting threats in mobile space so far. Just a small reminder: ZeuS-in-the-Mobile is almost 2 years old. And this blog is about new samples (and probably new wave of attack)) of ZitMo for Android and Blackberry.

New samples overview

We�ve got 5 new files of ZitMo: 4 for Blackberry and 1 for Android. As you may know, the Blackberry platform has never been actively targeted by malware. And here we have 4 different samples of ZeuS-in-the-Mobile for Blackberry at once: 3 .cod files and 1 .jar file (with one more .cod inside). Yes, finally we�ve got a ZitMo dropper file for Blackberry.

As for Android, there is only one .apk dropper. But this ZeuS-in-the-Mobile for Android has been modified and now looks like a �classic� ZitMo with same commands and logic.

Countries and C&C numbers

All samples of ZitMo we�ve seen so far target users from various European countries (Spain, Poland, Germany, etc). This case is no exception. Here is a list of countries from which users are threatened by new ZeuS-in-the-Mobile with C&C number from the sample.

Blackberry:

  • Germany +46769436094
  • Spain +46769436073
  • Italy +46769436073
  • Spain +46769436073

Android

  • Germany +46769436094

To summarize, there are 3 countries (Germany, Spain and Italy) and 2 C&C numbers (both are Swedish). We found out that these cell phone numbers belong to Tele2 mobile operator in Sweden.

eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler

Adware:W32/ClickPotato.A

This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.

esed nod32 indir nod32 nod32 güncel key nod32 guncel key

Thoughts on Air-Sea Battle Briefing at Brookings

eset nod32 güncel key indir com nod32 nod32 keyleri

T-Mobile Adding microSIM Kits For iPhone 4/4S, Training Employees For 'Selling Against The iPhone'

http://www.tmonews.com/wp-content/uploads/2012/08/Screen-Shot-2012-08-27-at-3.11.29-PMwtmk.jpg

Based on both pieces of information that just came into our inbox, we?re trying to draw two conclusions, one that T-Mobile isn?t getting the iPhone 5, which shouldn?t surprise anyone. The second is that with the receipt of new Monthly4G microSIM kits supporting the iPhone 4 and iPhone 4S, T-Mobile is close to announcing some news about their network refarm.

esed nod32 key esed nod32 keys est nod32 key esed nod32 serial

Can Curiosity Mars mission inspire like Apollo?

In this photo taken on Sunday, Aug. 26, 2012, a handmade sign honoring astronaut Neil Armstrong is hung under a freeway off ramp sign at the NASA-JPL exit on the CA-210 Freeway in Pasadena, Calif. Armstrong, the first man on the moon, who inspired millions with his moonwalk died Saturday, Aug. 25, 2012. He was 82. (AP Photo/Damian Dovarganes)Neil Armstrong inspired millions with his moonwalk. Can a feisty robotic rover exploring Mars do the same for another generation? With manned missions beyond the International Space Station on hold, the spotlight has turned on machines.


eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler

Trojan-Spy:W32/FinSpy.A

Trojan-Spy:W32/FinSpy.A is a component of a commercial surveillance product that monitors user activity.

eset nod32 guncel key eset nod32 güncel key indir com nod32 nod32 keyleri

Samsung's Plan to Keep Its Phones on the Market

Samsung's Plan to Keep Its Phones on the MarketFollowing its�patent lawsuit victory, Apple�might want to�take your Samsung device off the market, but Samsung has vowed to take "all necessary measures" to prevent that from happening.�To do this, the Apply copy-cat has three options, according to a spokesperson talking with The Wall Street Journal's Evan Ramstad: Filing to stop the injunction, appealing if the judge grants it, and modifying products. ...


esed nod32 antivirus nod32 turkce nod32 full indir

Trojan:Android/DroidKungFu.C

Trojan:Android/DroidKungFu.C forwards confidential details to a remote server.

nod32 keyleri nod32 keyler nod32 key esed nod32 download

Singapore suffers from 'false sense of security'

http://en.wikipedia.org/wiki/Singapore

Singapore's "vibrant" IT security environment, low rate of reported breaches and incidents, and not being at the frontlines of online attacks have lulled local businesses into a "false sense of security" which leaves them vulnerable.

According to Ngair Teow Hin, founder and CEO of security firm SecureAge, the "vibrant" security scene in the city-state with more than 100 security companies here, and existing laws such as the Computer Misuse Act, help deter people from hacking into organizations here. This can be seen by the low number of reported security incidents, he added.

esed nod32 download nod32 serialleri esed nod32 indir nod32 serial