Tuesday, April 22nd, 2008
Following a friendly heads up from someone yesterday morning, I re-loaded the
following Kraken samples into my honeypot:
1d51463150db06bc098fef335bc64971
65b958bf6f5eddca3d9455354af08b6f
6ec7d67d5553cbec2a99c7fbe385a729
7ecef2f126e66e7270afa7b803f715bc
8fd8c67103ec073d9303a7fbc702f89a
and began monitoring them. Each sample proceeded to update itself;
the updated binary is around 160KB, given a random name and
placed in the system32 directory, and no longer has an imagefile icon.
The names/MD5 values of ...
Posted in Coding, Internet, Privacy, Security | No Comments
Tuesday, April 15th, 2008
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to ...
Posted in Internet, Privacy, Security, Software | No Comments
Saturday, April 12th, 2008
At first glance, the Windows Vista firewall is disappointing to say the least. On the surface, it looks like a Windows XP leftover. In fact, the firewall's user interface in Windows Vista is nearly identical to the interface found in Windows XP. There aren't even any new configuration options available.
The ...
Posted in Internet, Networking, Privacy, Security, Windows | No Comments
Monday, April 7th, 2008
A new botnet twice the size of Storm has ballooned to an army of over 400,000 bots, including machines in the Fortune 500, according to botnet researchers at Damballa.
The so-called Kraken botnet has been spotted in at least 50 Fortune 500 companies and is undetectable in over 80 percent of ...
Posted in Networking, Privacy, Security | No Comments
Sunday, March 30th, 2008
"I'm proud to announce the release of Wireshark 1.0. This is the culmination of nearly ten years of hard work by a team of brilliant and talented developers. It is an honor to be able to work with these people.
On behalf of the development team, I would like to thank ...
Posted in Internet, Networking, Privacy, Security, Software | No Comments
Saturday, March 8th, 2008
A new worm has been discovered exploiting the ISS/PAM ICQ module vulnerability. The worm payload is contained in a single 1025-byte UDP packet with a fixed source port of 4000 and a random destination port. Only the first 470 bytes of the payload are the working code of the worm; ...
Posted in Security | No Comments
