The Observer On: Storm Worm

22 10 2007

 Looks like someones just as worried about the “gathering” power of the Storm Worm as I have been.

I’ve posted previously on this topic:

Here’s a small excerpt from a recent article in The Observer:

In millions of Windows, the perfect Storm is gathering
John Naughton
Sunday October 21, 2007
The Observer

A spectre is haunting the net but, outside of techie circles, nobody seems to be talking about it. The threat it represents to our security and wellbeing may be less dramatic than anything posed by global terrorism, but it has the potential to wreak much more havoc. And so far, nobody has come up with a good idea on how to counter it.

It’s called the Storm worm.

The article goes on to say pretty much what I have been saying since July of 06!!

Anyway, hope somebody is starting to get the whole scope of the situation that is only continuing to grow.

In other words, HAAAALP!!11!!1!!!!11!!





Tutorial: Create An Auto Hack USB Drive {via IronGeek}

13 10 2007

Hot off the presses from IronGeek (so you know its good):

Creating An Auto Hack USB Drive Using Autorun and Batch Files. By Dosk3n (Hacking Illustrated Series)

During 2005 Sony BMG was discovered to be including Extended Copy Protection (XPC) and MediaMax CD-3 software on music CDs. The software was automatically installed in the background onto users computers systems that used the autorun function to start running the CD. The software could hide itself from the computers process list in the same way a rootkit would. There was over 100 titles in total that included this “rootkit”. Using similar techniques we are going to use the autorun feature with a USB drive to run multiple hacking tools…

As part of IronGeek’s “Hacking Illustrated Series”, this tutorial is a video (by Dosk3n).  Go watch it over at IronGeek (pro tip – click the article title).  There’s even a download link so you can watch it at your leisure over and over again.

Big ups to IronGeek and DosK3n on the tutorial and the sweet sweet “turn their own weapons against them” intro.

Enjoy.





How To: Avoid Being “Tracked 100% of The Time” When Using P2P and Bittorent (Noob Friendly)

12 10 2007

According to researchers at UC Riverside, “use a blocklist or you will be tracked… 100% of the time“. That’s an awful statistic. It comes from an article found on Ars Technica, so you know its pretty darn reputable information. I recommend you read the whole article (already linked up there). However, here is a small excerpt:

Title: P2P researchers: use a blocklist or you will be tracked… 100% of the time
The old cliché “You’re not paranoid if they really are out to get you” turns out to apply quite nicely to the world of P2P file-sharing. A trio of intrepid researchers from the University of California-Riverside decided to see just how often a P2P user might be tracked by content owners. Their startling conclusion: “naive” users will exchange data with such “fake users” 100 percent of the time.

Sources: ARS TECHNICA via HACK THE PLANET rss

Basically, at the very least, you need to use a blocklist or you are gonna get ThomASS’d (aka sued). I can just imagine many users out there thinking, “What’s a blocklist? Where do I get one? How do I use it? OMG, OMFG, WTF DO I DO?”

CALM DOWN!!! JUST TAKE A DEEP BREATH, TMBBITW is here to help. And by help we mean, offer up some information. Below we will lay out some resources, links and downloads that, when used, will ease you worries.

Now, a blocklist in and of itself is simple, its a list. A list of IP addresses, and some IP ranges, that are known to be essentially bad. By “bad” we mean that those IP’s are people or machines that are either tracking what you are doing or passing data to you that you do not want. An application on your computer uses a blocklist to stop those IP’s from connecting to your computer. Are you getting that warm fuzzy feeling of being informed yet? Well, keep reading.

Here are the most basic blocklist/P2P safety resources:

  • P2PNet: The original daily p2p and digital news site. Always First!
  • Slyck: Great site to learn how to use P2P services safely.
  • PhoenixLabs: These guys have been creating blocklists since forever and they also run blocklist.org.
    • Created (Windows/Mac Only): Peerguardian (app that keeps your blocklists updated and integrates with your P2P app)
  • Blocklist Manager : A free utility to download, merge, sort, and export IP lists in a variety of formats.
  • Protowall: A free utility that blocks undesired connections, to and from your computer via blocklist.
  • Protowall Mods: Cleric’s Protowall Mods

Now you’re wondering what P2P or BitTorent clients should I use. See below:

  • Azureus: BT Client that can update its own blocklists.
  • uTorrent: Small fast BT client with great traffic encryption.
  • BitCommet: BT app, written in C++, best for people behind a school firewall. Encrypts packet headers. This is for those that can not use port forwarding.
  • LimeWire: P2P app using the Gnutella network, that is great for small files. However you will need Peerguardian or Protowall, because it does not natively support any ipfilter or blocklist.
  • FrostWire: Based on LimeWire Pro, a free open source app that comes with some linux distributions. Still need Peerguardian or Protowall.

At the very least, those two lists above contain all you need. Something to go all P2P with, and a way to use a blocklist. You can use peerguardian and uTorrent, or Azureus and set up its IPfiltering option, or if you’re all Gnutella is good BT is hard… you can use FrostWire and peerguardian. As you can see there are lots of options.

For the sake of speed: You will probably need to open a port, via your firewall application or router software, in order for uTorrent or Azureas to let connections in using DHT (distributed hash tables, google it). This WILL speed everything up alot.

So you’re all done, you can go out and not ever be tracked, right? Well, sort of. You are pretty safe. However, there are some applications that you can use to actually try and mask your real IP address. Its an extra measure of security instead of just keeping the bad IPs out. These are the best, free, anonymity apps out there:

  • TOR: The Onion Router – Can help to hide your IP.
  • Privoxy: Helps to secure TOR even more.
  • Putty: Telnet/SSH client that can be used to secure your traffic going out to a Tor node.
    • NOTE: Using Putty and Tor together is a pretty complicated process, so you may want to skip this. If you’re up to it, read this tutorial.
    • Thanks to dBlackshell here are two more links on proxies from InsaneSecurity: one and two
  • JAP: Java based anonymity app. Some like it better than TOR some don’t.

In order for the above applications to work, you need to configure your P2P or BT client to connect to the internet THROUGH them. Tor has great instructions for this on their site. You can also configure your browser to go through those anonymity apps. The big drawback here is loss of speed. Any proxy based application will slow down your internets. Its a trade off that’s totally up to you.

You MUST know by now that you will eventually need more information, but you are afraid. Why? Because search engines like google and yahoo keep tabs on what you are searching for. For anonymous searching use:

As one can see, there are alot of resources out there to TRY and make your P2P life safe from being tracked. However, as with anything you do on the net, you will never be 100% anonymous. Its like having sex, sure there’s no 100% effective safe sex, but a condom is damn close enough to let you go at it. Just remember to keep your lists updated as well as your software. Now go be safe.

Got questions? Post them in the comments. (Note: This needs some Major editing, cause it was late and I got too tired to finish polishing it up)

*TMBBITW does not condone or support illegal file sharing in any form. In fact, TMBBITW and its writers promote, and fully support, Free Open Source Software, legal DRM-free music, Open Music and all sorts of nice legal things. Things that keep programmers employed and running your internets and creating games and all that good stuff.




Storm Worm Update: I Hate To Say I Told You So…

8 10 2007

Anyone remember this article I wrote back in July:  STORM WORM: LARGEST ATTACK IN TWO YEARS, BUT WHY?
Well, it looks like I was correct in being concerned that the Storm Worm and its resulting botnets could become even more of a problem even though the code was so old.  Now this nasty little trojan has a bran new bag:

Storm Worm Descends on Blogspot
It seems like spammers, scammers, phishers and now malware authors are starting to leverage blogs more and more, especially Blogger/Blogspot as Google tend to be quite slow in responding and sometimes don’t respond at all.

This makes it an ideal platform for dodgy behaviour as the crooks have adequate lead time to con/infect people before they get shut down.

In this case Blogspot was used as the platform to propagate malcious messages by the Storm worm, people clicking these messages were liable to infection.

Source – Darknet – The Darkside

Notice what I underlined there.  Darknet sees a growing threat from Splogs.  I see that threat mixed with Storm Worm, and I say, “I knew Storm Worm would only become a larger problem”.  I still don’t know why though, beyond the basic malicious crap people do.

There are probably millions of undetectable variants of the Storm Worm trojan.  I am sure that the growing power of the extremely slippery botnets, that Storm Worm is used to create, will eventually do something very big and very naughty.  I don’t know how or why or what will happen, but if unchecked, something really BIG is going to come crashing down on some rather large target, maybe even a government.

I know it seems like I keep saying “THE SKY IS FALLING”, but I’m not.  I am only saying that there is the potential for “the sky to fall” if security companies and professionals don’t create a fool proof definition to stop all the Storm Worm variants and the botnets it creates.

Just in case you were wondering; No, I do not have the knowledge to create this “fool proof definition”, nor do I know how much work or how possible it could be.

Keep your eye’s open, and don’t click on random crap.





Ha.ckers.org on: De-anonymizing Tor, or any HTTP Proxy

8 10 2007

Just a heads up for all you peeps seeking anonymity and or privacy on the net. I saw this article on Ha.ckers.org – De-anonymizing Tor and Detecting Proxies

This code (it takes a several seconds to load) uses a piece of JavaScript to instantiate a Java socket call back to the origin site. In doing so it bypasses the proxy settings of the browser, allowing you to de-anonymize people using proxies. It works great for Tor or just about any HTTP proxy that I can think of. Cool stuff.

Source – ha.ckers.org web application security lab

Daaaaaaamn!!  That’s some scary shit for those of us just trying to keep a bit of privacy on the net.  Some of us just want to look at some titties without the whole net following us around.  Some of us want to study some information perceived clandestine by our governments. (Note: Germany just made posting penetration testing tools illegal!! See Darknet)

There’s alot of information to cover here and some of it just plain confused me at first, so I summarized what I saw as potential  bullet points in the article.

Follow the jump to read the rest: Read the rest of this entry »





Einstien: On The US Government

8 10 2007

The prestige of government has undoubtedly been lowered considerably by the prohibition law. For nothing is more destructive of respect for the government and the law of the land than passing laws which cannot be enforced. It is an open secret that the dangerous increase of crime in the United States is closely connected with this.

- Albert Einstein

Good thing Al’s been dead for a while, otherwise the Bush administration might come after him waving the Patriot Act and a pair of cuffs!

Patriot Act Says Shut Up





Dial DIR-ECT-IONS

19 09 2007

Check it out.

Dial DIR-ECT-IONS

Free directions when you call in and they send you a txt msg!!

Nice








Follow

Get every new post delivered to your Inbox.

Join 54 other followers