Tuesday, July 28, 2009

Botnet Economics



Kaspersky released a paper on Botnet economics few days ago, the numbers are showing the huge financial gain from such fraudulent activities.
One interesting example is the price of "shadow" botnet with more than 100,000 PC which was put in sale by a 19 years old hacker for 36,000$.

Read the full paper here.

Wednesday, July 15, 2009

UAE Etisalat's Trojan BlackBerries



The United Arab Emirates phone operator Etisalat recently sent out a firmware update to its BlackBerry-using customers, after customers reported battery drain when installing the update, one of the security researchers examined the code and discovered a spyware that could forward all emails and text messages to a third party server.

It is not clear yet if Etisalat itself is responsible of that spyware or another entity. The operator is seeing all that traffic anyway if it is not encrypted.

The code has the name of company that sells some lawful interception technologies.

Read the full story here.

The official comment from Etisalat did not mention any kind of spyware, they said it is just a problem in the patch released to enhance the handover from 2G to 3G network.

Sunday, July 12, 2009

Long URL Please

I came across this nice Firefox add-on, which convert short url into full url. As spammers are using short urls specially in Twitter, this add-on will translate it on-the-spot, in order not to be fooled by clicking on a link that you do not know.

You can get the add-on from here.


Wednesday, July 8, 2009

BlackHole DNS

This is a nice step-by-step paper on how to blackhole DNS queries for malicious domains.

http://www.malwaredomains.com/bhdns.html


These guys are running a DNS Blackhole, and they are providing zone files for download. The full list and updates files are available in different formats to be used easily with BIND, or ISA.

The List now is constantly updated with the current IE 0day malicious domains that are spreading now.

Friday, July 3, 2009

SMS Vulnerability in IPhone

Charlie Miller, a Security researcher revealed information about a new vulnerability affecting IPhone, the vulnerability might be exploited remotely using SMS.

The IPhone is considered a secure device as it execute only signed code, and all programs are executed in sandbox.

The vulnerability "theoretically" could allow running un-signed code, with no user interaction and gain root access. The only working exploit for now will crash the phone.

The announcement of vulnerability was in Singapore yesterday, More details will be available in the coming Blackhat in Las Vegas in a few weeks.

Thursday, July 2, 2009

New Tool to Embed and Hide Files in pdf Documents

Didier Stevens released his new tool to embed and hide files in a pdf document, the tool will corrupt the reference so the pdf reader will not detect the embedded file.
Download the tool. .

pdf specification allow for embedding files and there are many tricks to obfuscate your work. Read the full Article.