Shaun Stanislaus’s Tech blog

Just another WordPress.com weblog

Business Software Alliance Has a Sense of Humor

For those who don’t know, the Business Software Alliance (BSA) is the RIAA-equivalent of software, representing such copyright holders as Microsoft, Adobe and Symantec. They recently released a very bizarre video, according to ZeroPaid, called “To Catch a Pirate”. I found it really odd, so I figured I would share it here. Check it out

As for HiTechVNN, apparently that site has shut down… these leech sites are up one day and down the next, so it is difficult to find a good one that lasts. When I find one I will be sure to post it for you guys.

Advertisements

September 19, 2009 Posted by | Games, Hack, hacker, Industry Best Practice, IT News, Life skills, Security, social engineering, Technology | , , , | Leave a comment

Social Network maybe Compromised with Namechk.com around

A new Web 2.0 name “NameChk”  can be a tool for hackers. What this does is it search for every social network for the particular USERNAME that you’re looking for and in real life people do not create a unique password for every social network account.

Most would stick with one password for all Social Network accounts.

Here is a detailed video which i explain of what it does

April 25, 2009 Posted by | IT News, Security, social engineering, Technology | , , , , , , | Leave a comment

Conficker’s autorun and social engineering guide

We wrote several diaries about Conficker (or Downadup, depending on the AV tool you are using). F-Secure posted some interesting information about the number of infections which is almost certainly in millions (and who knows how many machines will stay infected as the owners will not even notice anything).

One of the reasons for infecting so many machines is that Conficker uses multiple infection vectors:

  1. It exploits the MS08-067 vulnerability,
  2. It brute forces Administrator passwords on local networks and spreads through ADMIN$ shares and finally
  3. It infects removable devices and network shares by creating a special autorun.inf file and dropping its own DLL on the device.

F-Secure also blogged about the autorun.inf file where they noticed that it contained a lot of garbage (about 60 kb of random binary data). This fooled some AV programs so they didn’t scan the device properly (otherwise, they would have picked up the referenced DLL also stored on the device).

After removing garbage, one can see a nice autorun.inf file containing all important keywords. This grabbed my attention:

[Autorun]

Action=Open folder to view files
Icon=%systemroot%\system32\shell32.dll,4
Shellexecute=.\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

So, as you can see, the first part, “Install or run program” is there because Vista detected an autorun.inf file containing the shellexecute keyword. However, the text comes from the Action keyword and the icon is extracted from shell32.dll (the 4th icon in the file) – and it’s the standard folder icon! This can easily fool a user in clicking this one and thinking it will open the USB stick in Windows Explorer instead of the second (the real one). The first option will run Conficker, of course. Very smart. For administrators among you, I would suggest that you disable AutoPlay in your environments, unless it’s really necessary. Depending on the environment you might even completely disable USB, if you don’t need it. The following article explain nicely how the AutoPlay feature works and how to disable it (http://technet.microsoft.com/en-us/magazine/2008.01.securitywatch.aspx). Or check this article on the Autorun registry key (http://support.microsoft.com/kb/953252). UPDATE – fixed a typo in the vulnerability, it is MS08-067 (not MS08-068) – Nick Brown sent a URL to his blog where he described another method for disabling Autorun by modifying the IniFileMapping registry key, see more at http://nick.brown.free.fr/blog/2007/10/memory-stick-worms.html

April 2, 2009 Posted by | social engineering | , , , , , , , , , , , | 1 Comment