RedNeck Hacker » 2008

Blog Search
Pages
- About
- Home Users
  - What to do first
Categories
- Forensics (3)
- Incident Response (5)
- Internet Browsers (1)
  - FireFox 3 (1)
- Mal-Ware (3)
- Misc. (1)
- Pentesting (2)
- Phishing (1)
- Protecting Your Finances (3)
- Security Awareness (2)
- spam (1)
- System Security (3)
- Web App Sec (3)
Blogroll

Google Search
Tags

BackTrack Browsers CSRF FireFox 3 Forensics Hacking Incident Response IR Malware Misc Pen Testing Phishing Protecting Your Finances SOTD spam Virus Web App Sec XPAntivirus
September 2008

M T W T F S S

« Jun Dec »

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30
Archives

September 2008
M	T	W	T	F	S	S
« Jun		Dec »
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Sep
30

30 September 2008, RedNeck @ 8:43 am

Well it has been awhile since CSRF has made the headlines. But here we go again. There was a paper publish by Ed Felten and Billy Zeller within the past few days that describes CSRF attacks in 4 major web sites, ING Direct, Youtube, Meta Filter, and New York Times. The wost of the attacks, ING Direct, would allow an attacker to tranfer funds out of a users account or open additional accounts on behalf a user.

Source: http://www.freedom-to-tinker.com/blog/wzeller/popular-websites-vulnerable-cross-site-request-forgery-attacks
White Paper: http://www.freedom-to-tinker.com/sites/default/files/csrf.pdf

Filed under: Protecting Your Finances,Security Awareness,System Security,Web App Sec | No Comments »

SOTD – Your internet access is going to get suspended

Sep
12

12 September 2008, RedNeck @ 8:05 am

SOTD – Spam of the Day

In one of my spam traps I ran across and email and, Oh no Someone at the “ICS Monitoring Team” (not to be confused with ISC at SANS.ORG) is going to kill my internet connectivity.

This email also came with an attachment: user-EA49943X-activities.zip
It seems to have pretty good coverage at virus total

File user-EA49943X-activities.zip received on 09.12.2008 18:02:31 (CET)
Current status: Loading … queued waiting scanning finished NOT FOUND STOPPED

Result: 24/36 (66.67%)

MD5: 92d9f920d470e3bc12a33768893fd734
Size: 33690 Bytes

Below is the message

Your internet access is going to get suspended

The Internet Service Provider Consorcium was made to protect the rights of software authors, artists.
We conduct regular wiretapping on our networks, to monitor criminal acts.

We are aware of your illegal activities on the internet wich were originating from

You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.

Sincerely
ICS Monitoring Team

Filed under: Mal-Ware,spam | No Comments »

When is Antivirus not Antivirus

Sep
10

10 September 2008, RedNeck @ 7:18 am

Over the past few months we have noticed a rash of Fake Antivirus running around the internet. This stuff is typically called XP Antivirus 200(8)(9) etc..

Personally I have cleaned around 15 systems from this infection and it is not easy. Once infected it is easier to just wipe the system than it is to clean it. This virus typically downloads other malware such as Keylogger’s, Browser toolbars, etc..

The writers are putting out new variants of this malware every couple of weeks, so what we have here is a virus that the real antivirus companies are having trouble keeping up with.

You can read more about the new variant here and here. Do not download and run the malware unless you know what you are doing.

Filed under: Mal-Ware,Security Awareness | No Comments »

RedNeck Hacker is based on WordPress platform, RSS tech , RSS comments design by Gx3.

Blog Search

Pages

Categories

Blogroll

Google Search

Tags

Archives