::Digital Network::: security

Showing posts with label security. Show all posts

Saturday, January 03, 2009

How to remove Winzip123 or Bar311

Here's how to remove it:

Step 1: run the task manager or simply press CTRL+ALT+DEL

Step 2: End the following process:

password_viewer.exe or bar311.exe or photos.zip.exe

Step 3: The Virus have an entry in the registry, we should modify the entry in order to delete the virus. We will use regedit, Click on START then RUN then type regedit... *if regedit is disabled click here to solve...

Step 4: Now that regedit is popout, we will start to modify. Go to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\

WindowsNT\CurrentVersion\Winlogon

Step 5: In the userinit entry right click and modify

you will notice the value, userinit.exe,bar311.exe

remove the ,bar311.exe. "DO NOT DELETE userinit.exe"

Step 6: Go to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Explorer\Advanced

delete the ff. entries

"Hidden"=dword:00000001

"HideFileExt"=dword:00000000

"ShowSuperHidden"=dword:00000001

Step 7: Go to:

HKEY_CURRENT_USER\Software\Microsoft\Command Processor

in the autorun entry,

delete "c:\Windows\pc-off.bat" or delete the autorun key

Step 8: Now we will remove the autorun.inf, heres how...

Open a notepad then paste this codes

@echo off

attrib autorun.inf -h -r -s

del autorun.inf -h -r -s

attrib autorun.inf -h -r -s

del autorun.inf -h -r -s

del /a /f c:\Windows\bar311.exe

del /a /f c:\Windows\password_viewer.exe

del /a /f c:\Windows\photos.zip.exe del /a /f c:\Windows\pc-off.bat

Save the file as removezip.bat then run, this will remove the virus

Sunday, October 07, 2007

Default router password

Default router password here

Sunday, September 09, 2007

How To Remove haha.js

Its a javascript and not that really harmful to your PC but a little bit annoying though. Most noticeable effect if your PC are infected with this worm is the tittle bar of your IE change to "haha" word.

Some of the antivirus does detect this worm. Here is the way how to remove it manually..

Step 1
On your mycomputer menu option go to Tools>Folder option
uncheck box "hide protected operating system files"in Tool-Folder options and check "show hidden files".

Step 2
Open Task Manager by pressing ctrl+alt+del. End Process all Wscript.exe that you can found in the Task Manager(some times it can be more than one process)

Step 3
Open mycomputer and search for haha.js files and delete it there should be an autorun.inf file comes with this haha.js just delete it

*this haha.js run when you use double click to open your drive c: ,d: ,e: ..when removing this worm use right click instead to open any drives. Don't forget to look and delete this haha.js in your external hd and thumbdrive

Step 4
Go to Run type msconfig. At the startup tab look for any haha.js @ wscript.exe unchecked and delete the key location in the registry.

finally restart your PC. Good luck on trying!

Thursday, September 06, 2007

CBT nugget Certified Ethical_Hacker

Saturday, August 11, 2007

Disable Error Reporting

Whenever either Windows crashes, you will be asked if you want to send an error report to Microsoft. It's annoying, so here's a way to disable it:

1. Open the Control Panel.
2. Click on System.
3. Click on the Advanced tab.
4. Click on ERROR REPORTING at the bottom.
5. Select DISABLE ERROR REPORTING.
6. Click OK.

It's as easy as that.

Monday, July 23, 2007

How to Hacker

There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest ARPAnet experiments. The members of this culture originated the term 'hacker'. Hackers built the Internet. Hackers made the Unix operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker.

modern Zen poem has it:

To follow the path:
look to the master, follow the master, walk with the master, see through the master, become the master.

read this how to hacker e-book

Wednesday, July 18, 2007

Monitoring Physical Threats in the Data Center

Traditional methodologies for monitoring the data center environment are no longer sufficient. With technologies such as blade servers driving up cooling demands and regulations such as Sarbanes-Oxley driving up data security requirements, the physical environment in the data center must be watched more closely. While well understood protocols exist for monitoring physical devices such as UPS systems, computer room air conditioners, and fire suppression systems, there is a class of distributed monitoring points that is often ignored. This paper describes this class of threats, suggests approaches to deploying monitoring devices, and provides best practices in leveraging the collected data to reduce downtime.

download this e-book to readmore

INFORMATION ON VIRUS

1. How to create a sample file virus file ?

This particular codes is taken from www.eicar.org. It is meant for virus test file BUT it doesn't have any effect on your computer.

STEP 1
You can type this code below : X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

STEP 2
Save it into eicar.com.txt using notepad.

STEP 3
Rename this file to eicar.com, and your antivirus will detect this as a virus.

2. How to test this code HEURISTICALLY ?

You can change some of the codes as below :

Smith1.Txt
X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDING-ANTIVIRUS-TEST-FILE!$H+H*
(Changed STANDARD to STANDING)

Smith2.Txt
X5O!P%@AP[4PZX54(P^)7CC)7}$EICON-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
(Changed Eicar to Eicon)

Smith3.Txt
X5O!P%@AP[4PZX54(P^)7CC)7}$EICON-STANDING-ANTIVIRUS-TEST-FILE!$H+H*
(Changed EICAR to EICON, and STANDARD to STANDING)

Smith4.Txt
X5O!P%@AP[4PZX54(P^)7CC)7}$BALLZ-STINDORK-ANTISACKS-TEST-FORK!$H+H*
(Random Words)

Smith5.Txt
X5O!P%@AP[4PZX54(P^)7CC)7}$!$H+H*
(Completely removed text string)

Smith6.Txt
X5O!P%@AP[42233PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
(Additional Numbers added to binary)

Smith7.Txt
X5O!P%@AP[42233PZX54(P^)7CC)7}$RAIC-TARNDARD-ILIKESMOKE-TUST-FULE!$H+H*
(Inserted Random letters with addition numbers added into binary)

Smith8.Txt
X5O22!P%@AP[4PZX5422(P^)7CC)7}$!$H+H*
(Removed text string, inserted 22 twice into string to break up signature)

Command AV 4.90.4 Results:
Started scan: 6/14/2004 4:33:03 PM

C:DownloadsSmithTestSmith1.txt Infection: EICAR_Test_File.unknown?
C:DownloadsSmithTestSmith2.txt Infection: EICAR_Test_File (exact)
C:DownloadsSmithTestSmith3.txt Infection: EICAR_Test_File.unknown?
C:DownloadsSmithTestSmith4.txt Infection: EICAR_Test_File.unknown?
C:DownloadsSmithTestSmith5.txt Infection: New or modified variant of Trivial
C:DownloadsSmithTestSmith6.txt Infection: New or modified variant of Trivial
C:DownloadsSmithTestSmith7.txt Infection: New or modified variant of Trivial
C:DownloadsSmithTestSmith8.txt Infection: New or modified variant of Trivial

3. How antivirus works?

Antivirus scans all files (executables and non-executrable files) looking for a pattern or virus signature. If the pattern is found, then the file will be cleaned. The pattern is in HEX form e.g EA779078... (I juz make this one out for example sake).

Actual example of hex codes or sometimes known as footprint codes are listed below (NOTE: Ox means the number is in HEX format; so if 0x57 means 57 in hex)
(1) Stoned virus [stoned]
0x00 0x53 0x41 0x52 0x06 0x56 0x57 0xbe
(2) Ping Pong virus - version B [Ping]
&nbsp0xa1 0xf5 0x81 0xa3 0xf5 0x7d 0x8b 0x36 0xf9 0x81
(3) Friday 13th virus [Fri13]
&nbsp0xb4 0x4f 0xcd 0x21 0x73 0xf7 0x58

Actually, a binary file (executable file) or document (e.g. MS Word document) can be read easily by opening the file with the flag 'rb' (read binary). You can see the content in HEX. You can try do a project to simulate the output like in Ethereal. If you read MS Word document, you can see it in ASCII or HEX, but if the file is already secured with a PASSWORD, then you cannot see anything that can be understood.

You can also see the content of a file easily by downloading a free software called FileAnalyzer, very easy to use and I recommend that u try it.

Friday, July 13, 2007

SUN TZU'S ART OF WAR

"All warfare is based on deception. Therefore, when capable pretend to be incapable; when active, inactive; when near, make the enemy believe that you are far away; when far away, that you are near."
"Hold out baits to lure the enemy; feign disorder and strike him. When he has the advantageous position, prepare against him; when he is strong, avoid him. If he is prone to choleric temper, irritate him."
"Victory is the main objective in war. If this is long delayed, weapons will be blunt and the ardour of the soldiers will be dampened."
"Fighting to win one hundred victories in one hundred battles is not the supreme skill. However to the enemy's resistance without fighting is the supreme skill."
"A general is like the spoke of a wheel. If the connection is tight and complete, the wheel will be strong and so will the state; if the connection is defective, then the state will be weak." - to make decision, you MUST have a lot of CONCRETE data/information.
"If you know yourself and know your enemy; in a hundred battles you will never fear the result. When you you know yourself but not your enemy, your chances of winning and losing are equal. If you know neiher yourself nor your enemy, you are certain to be in danger in every battle."

Hide user accounts on Windows

Hide user accounts on a computer you have access to

Table Of Contents
1. Introduction
2. Getting to the right place
3. Finishing it up
4. Loging In

Part1: Introduction.
So this is my second article for HTS, and this article will be about hiding your user account on XP. Now before you say this is useless (wich it may be if you own your computer) this could potentially havemany good uses. Like if you're parents own the computer and you want to get on but you dont know the password.

Part2: Getting to the right place.
So what to do to solve that? Well of course we turn to the awesome regedit. From there it gets very easy. FOllow this path in regedit. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\SpecialAccounts\UserList

Part3: Finishing it up.
Now the last thing to do is to left click and add a new DWORD value. The name will be the account you want to hide. Set the value data to zero to hide the accounts.

Part4: Loging In
Now once your on the login screen hit ctrl-alt-del-del. Now just login on that login scren that should have popped up.

Well I hoped that worked

Monday, June 25, 2007

What You Should Know About Cyber Security

The concept of cyber security has gained a lot of strength in the last couple of years. The rapid change in the composition of the Internet has been the main factor that has forced users and companies, in particular, to beef up security on their PCs and networks.

A decade ago, people who setup and maintained servers, had very little knowledge of basic skills in security. Even today, average folks usually establish servers, websites and businesses, many of who have little security experience.

Ordinary users are pacified when big corporations make statements about how secure their servers/applications are. Nothing could be far from the truth. Each month we have more cases of hackers breaking into some server systems and stealing information.

But why should you care about all this? I could tell you greatly about all the websites defacements, stolen corporate secrets, or the break-ins to government servers, but let's give you a more personal reason to why should you care?

Let's ask you, the reader a question? Do you think your organization's data is valuable? How about all the contact lists, emails, credit card numbers that you have collected, or your current marketing strategies, financial reports, aren't these valuable.

What if I told you that I could break into any of these systems? What could I do? I could basically steal your credit card number and use it all over the country, destroying your bank account. I could change your records so you don't get any kind of service anymore.

I could access your confidential information to your competitor. I could get your phone disconnected. Or even worse, if you have an e-commerce site, I could crash it so you lose a lot of money.

Or what if I am working in your company as an employee and I'm not happy, I could launch a DOS (Denial of Service) attack so that no information can be accessed over network. I also with a few well-placed Trojans, can corrupt your entire database.

Are you convinced why we need security measures?

The problems with security can be grouped into four basic heading:

1. Network and Host Misconfigurations
2. Operating Systems and Applications Flaws
3. Irresponsible Vendor Effort or Response
4. Lack of Qualified People in the Field

Host Misconfigurations
This is responsible for most of the security breaches that take place. Many times even system administrators are not aware of the servers running on their servers. You may ask how is that possible? Think of some thing as simple as your word processor. How many of its services do you use or are aware off? Even some thing as simple as writing macros would put you in advance users category. Most people just use the basic functionalities save, spell, check, tables etc.

The same concept applies to the OS and software. The dynamic nature of the industry is such that a few can ever keep up with it. And such a machine when connected to the net is just waiting to be hacked.

Some basic examples of these types of utilities and services include:

1. Network Printing Utilities
2. Remote System Configuration Utilities
3. File Sharing Utilities
4. Sample CGI Programs and Scripts

These with default or misconfigured settings are the most common to being hacked especially if they have known vulnerabilities.

Application Flaws
Vulnerabilities due to flawed programming are other security breach and one, which is quite out of the control of the user. Vendor failure is the most common source of security problems. For instance, one of the most common used exploits is the IIS server and Microsoft. Other includes ISC's BIND (an implementation of the DNS), SSH (Secure Shell) or many services found in Sun's Solaris OS. One of the most common email program Outlook Express has constantly been a target of Trojans due to its programming nature. Remember the "I LOVE YOU" virus or "Melissa".

Irresponsible Vendors
Many vendors have no idea what is going into their codes. There is very little quality assurance in the software industry. We use substandard programmers to save money on development. Who would end up paying for the negligence of the vendors? The end users would by having their networks and computer breached.

Or even in the case of slow patch response, for example, issuing patches, would compromise security. Exploits travel at the speed of light in the hacker community. From email lists and discussion groups to IRC chats. They are alive with the latest exploits of one group or another. And if the vendor is slow in responding, there are many computers, which would be hacked virtually over night.

Incompetent Consultants
Even if all of the above problems would be resolved, companies would still find other problems on their hands such as the lack of qualified people. It's a hard job finding even a competent systems engineer, administrator or programmer, much less a security professional.

And you can't get training that can make you a security professional within days. It's a very long process, which takes into account TCP/IP, hardware, OS and basics of cryptography and programming. This would enable you to understand basics of security.

This lack of personnel contributes to misguided or absent information security programs within organizations. Policies are incomplete or non-existent. And this would leave your system vulnerable to attacks.

So how exactly do hackers break into systems?
Some people might want to prosecute me for distributing this information. Why? Simply because the information might be used to harm rather than for good. I'm not saying this information cannot let you do that. But only they can protect themselves, those who know what to look out for. All this information is available freely on the web and is known to all hackers. The ordinary user does not usually make an effort to acquaint them with it. That is more dangerous. This article would give them a brief insight to what they should expect.

Hacking is a nine part process as described in the book Hacking Exposed. It includes:

1. FootPrinting
2. Scanning
3. Enumeration
4. Gaining Access
5. Escalating Privileges
6. Pilfering
7. Covering Tracks
8. Creating "Back Doors"
9. Denial of Service

1. FootPrinting:
Here a hacker would try and get the maximum information possible about the server/company/user. It includes details on IP addressing using the ARIN Whois, DNS transfers, etc. A hacker generally uses search engines, or the online whois database to find information they need.

2. Scanning:
Once you have the information you need about the target, the second stage involves target assessment and the identification of listening services. This includes scanning for open ports, trying to determine the OS being deployed, etc. The tools used in this stage include nmap, WS pingPro, siphon, fscan and mainly other popular utilities.

3. Enumeration:
The third stage includes identifying poorly protected resources, or user accounts that can be used to break into the network. This is where the default passwords and/or sample scripts are used to break into the network. Many network administrators who don't turn off the default guest account in Windows NT have let many hackers in. Or many services that are running by default e.g. the Network Printing services are easy targets for compromising security or latest exploits in the vendor software are easily picking.

4. Gaining Access:
Here the hacker's attempts to access the network with the information gathered in the previous three stages. The methods could be using buffer overflows, password file grabbing or even brute forcing the password. Tools like NAT, podium, or Lopht are commonly used.

5. Escalating Privileges:
If for example, the hacker gained access to just the guest account, now they would try to gain account of whole system. They would try to crack the password of administrators, or use exploits to increase the level of access. John the Riper an excellent password cracker is mostly used here.

6. Pilfering:
Again the information search begins to identify methods of gaining access to other systems and networks. Clear Text passwords (password saved as .txt files), or other not so safe mechanism for storing passwords are a boon to hackers. They can even search the registry for passwords.

7. Covering Tracks:
Once they have the information they need from the computer, hackers cover their tracks. They do this by clearing the system log files on the OS so that the system administrator cannot find out.

8. Creating "Back Doors":
Hackers leave backdoors in system, so next time they don't have to work this hard to gain entry. This could mean leaving Trojans disguised as valid application files, or new user accounts (where companies have 1000s of users). The tools they used are BO2K, keystroke loggers, or changing the registry keys.

9. Denial of Service (aka DoS):
Many crackers if unsuccessful use a DOS attack as a last mean of breaking into a system. If the system is improperly configured, it breaks down and lets the hacker into the system. The tools here used mostly are Pong Of Death, teardrop, and super nuker.
How to Protect Yourself?

You the end user, would ask how can I protect myself from all this? Simply stated, you can't. Nothing in this world is 100 percent safe. New exploits come out all the time. New methods are invented overnight. Things thought safe before, end up having weakness.

But here are a few guidelines to protecting yourself:

1. Install a good firewall and make sure it's configured properly.
2. Disable all system utilities not in use or services, which you don't use.
3. Never run any files sent to you from a total stranger.
4. Make sure you have good antivirus software installed and make sure you update the software on regular basis.
5. Make sure you have latest service pack and patches installed and subscribe yourself to one of the online security lists like SANS (System Administration, Networking and Security) network, which posts regular information on the latest exploits and the patches for the systems.
6. Have a good internal security policy.
7. Make sure you have a good network architecture designed to minimize risks.
8. Invest in good security hardware.

These are not the bible of security. These are just the common tips, which most people don't follow at their own risks. They cannot prevent hacks but can minimize it to a greater degree.

Security is not a joke or to be taken lightly. Without security, that dependence on computers can leave us wrecked virtually overnight. With the tools used by the cracker community being what they are, this is not just a proclamation. It's an Omen of what can be.

taken from TechiWarehouse

Friday, June 22, 2007

worm breakout for Yahoo Messenger (YM)

There is a recent worm breakout for Yahoo Messenger (YM) users. As usual, the worm exploits the link usage in YM. If infected, the worm will send links to your buddy network, other than that, it also takes advantage of the status mode in YM, making a really innocent looking linked status for your friends to click. The interesting part is, the link will direct you to a webpage filled with high value Google Ads, so practically, the hackers (i assuming there are more than one) is trying to make a living out of worms. Another point of interest is that, you can get infected by this worm by visiting certain web build by the hackers, with Internet Explorer, no surprise there

This is how it look like

Tips to avoid getting infected by worm, for this particular situation, are as below:

Use Firefox

Though there are some recently stir about the security vulnerabilities of Firefox, Mozilla made a patch for that in lightning Internet speed. Even better, the updates were sent to the browser when it is activated. I can go on and on telling you all the better security features of Firefox compared to IE (IE 7 is an exception). But you get the idea, don't compromise the safety of your PC, use Firefox. If you don't already have one, get it here : Get Firefox. If you already have and are using Firefox, then hooray for you

Use IM in a Virtual Environment

This is at the moment, my best suggestion. It may require a little extra effort for you to activate the IM in a virtual environment, but i really believe it is better to be safe than sorry. Using IM within a virtual environment decreases your percentage of getting worms like this one into your system ,down to nothing. Any worms that tries to infect your PC will be stuck in the virtual folder. If you would like to learn more about Virtualization, read this : Read Virtualization Article.

Ask

Ask your friend whether the link is legitimate, just make sure it was a human that sent you the link, not a bot. Sounds a bit silly for some people to do this, but there is not harm from asking, there is a lot of harm that follows a worm though, if it infects your PC

You may read the full report of the worm attack here : Read Full Report
You may also refer to Symantec.com for technical detail of the worm variant