ads

Sunday, December 30, 2012

TwitPic malware


Suddenly today Google Chrome start detecting Twitpic.com as malware threat. Twitpic is one of the most popular website for Sharing photos and videos on Twitter. Twitpic denies and said that there is no malware on the website and is trying to contact Google.

Google Chrome block access to twitpic for Malware risk
We also notice that, Twitter profiles and pages with Twitpic URL in tweets are also blocked curretly by Chrome. Many people also complaining about this on Google Help forum.

An official statement from Twitpic via tweet,"Working to fix the google chrome malware notice when visiting Twitpic.com as this is not true or the case, trying to contact google".

Google's Safe Browsing Diagnostic page for twitpic.com saying, "Site is listed as suspicious - visiting this web site may harm your computer. Of the 12029 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-30, and suspicious content was never found on this site within the past 90 days."

Also Google report said,"No, this site has not hosted malicious software over the past 90 days. In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message."

There are no further information yet available, we will update you soon !

Source: thehackernews.com

Saturday, December 29, 2012

Durka Durka Anal-Qaida DDOS



U.S. intelligence sources confirmed that, Official websites of Al-Qaida were knocked offline two weeks back and still down due to DDoS attack. According to source, "This is one of the longest disruptions the organization has experienced since it set up its online distribution system in 2006. Al-Qaida also was hit by a massive cyber attack in late 2008, from which the online network never recovered."

The websites are forced to offline, just before the release of a film titled as "Salil al-Sawarim 3", which is actually the propaganda video of Iraqi soldiers with dead insurgents by Al-Qaida.
Al Qaida sites knocked offline

From last few months, online jihadists are discussing the release and had been sharing images and footage from the production. The cyber attack comes as the U.S. State Department, according to a senior official.

The cyber attack on Al-Qaida network delayed the release of movie. According to another source, the last version "Salil As-Sawarim 2” movie was downloaded by more than half million people around the world,

Last release of video covered the operations of the Mujahideen special forces of the Daulah Islam of Iraq against the high-ranking officers of the Anti Terror special forces (SWAT) of the Shi'ah regime of Iraq.

"Al-Qaida has been using the websites to post propaganda that experts say is successfully radicalizing youth all over the world, including in Syria where the organization is believed to be active."

source: thehackernews.com

Stuxnet is back!!



Stuxnet is Back

Iran claims to have repelled a fresh cyber attack on its industrial units in a southern province. In the last few years, various Iranian industrial, nuclear and government bodies have recently come under growing cyber attacks, widely believed to be designed and staged by the US and Israel.

A power plant and other industries in southern Iran have been targeted by the Stuxnet computer worm, an Iranian civil defense official says. Iran's news agency reported that the worm attacked the Culture Ministry's Headquarters for Supporting and Protecting Works of Art and Culture and was reportedly sent from Dallas via switches in Malaysia and Vietnam.

This recent Stuxnet attack was successfully defeated, according to local Iranian civil defense chief Ali Akbar Akhavan. "We were able to prevent its expansion owing to our timely measures and the cooperation of skilled hackers," Akhavan said. The sophisticated worm spreads via USB drives and through four previously unknown holes, known as zero-day vulnerabilities, in Windows.

Iranian officials have said, Cyber attackers also slowed Iran's Internet and attacked its offshore oil and gas platforms this year. ran is a little sensitive about malware attacks after Stuxnet, knocked out a big chunk of Iran's uranium enrichment operation.

When Stuxnet's source code was leaked online and the virus has infected computers in Indonesia, India, the United States. Stuxnet is the first discovered worm that spies on and reprograms industrial systems. It is specifically written to attack SCADA systems which are used to control and monitor industrial processes.

Admins comment: durka durka muhammad jihad

Sources: thehackernews.com

Android Malware can DDOS from your phone



Android MalwareThis malware works in the background without your knowledge. Once it is activated it searches for its command and control center and sends out information regarding your device there. One piece of information that will be sent is your phone number. The criminals will be using this number to send text messages to your phone to control the malware.

Dubbed TheAndroid.DDoS.1.origin, creates an application icon, similar to that of Google Play. If the user decides to use the fake icon to access Google Play, the application will be launched.

When it receives a DDoS attack command, the malware starts to send data packets to the specified address. "Activities of the Trojan can lower performance of the infected handset and affect the well-being of its owner, as access to the Internet and SMS are chargeable services. Should the device send messages to premium numbers, malicious activities will cost the user even more." they said.

Android Malware that can DDoS Attacks from your smartphone
I would like to advise readers to only download Android apps from official Android app stores like Google Play or the Amazon Appstore for Android, Always check the number of downloads, app rating and user reviews, Carefully review permissions before downloading and/or installing an app.

Sources: Thehackernews.com

Hackers Abusing online Nmap Port scanning Service





Most of you knows the power of Nmap, When used properly, Nmap helps protect your network from invaders. One of the best tool for hackers, penetration testers and Security researchers. Officially Nmap a desktop tool, can be used as web version but should be under some limitations.

When someone does Nmap scan against a target to find out the open ports, enumerating system details and installed services versions, most obvious if used improperly, Nmap can get you sued, fired, expelled, jailed, or banned by your ISP for scanning a target under hacking attempt.

Hacker can be tracked back via the IP address from where one perform the scanning, but what if a web version of Nmap available on a website, where one just need to enter the target IP/website address and that website will do a free scan against your target ? Seems easy and one can use Proxy to access that website and which will do a simple and fast scan for you !

Yes, a service called "ScanPlanner" (http://scanplanner.com/) is such website, that allow anyone to scan any website for free and according to our recent analysis many hackers have start using this website for initial information gathering tool as "safe planner" << Yes I really mean it!

Is Unauthorized Port Scanning a Crime? Actually it depends upon what you target. If target is your own website or you are authorized to scan that, then it is considered to be legal process. But if one is scanning someone else server without authorization and it would be considered as an attempt to hack or find loopholes, in that case Yes, Its a Crime!

How hackers are abusing "ScanPlanner" service ? Officially ScanPlanner is a service for webmaster to scan their server to find out loop holes in security. There are two plans - Free and paid. Under paid scan, scanplanner will scan your website regularly. Whereas the Free scanning option is available on website as a demo for new users. 

But Free scanning process, is not verifying that one who requesting a scan against website.com , either he actually own this website.com or not ! So anyone can scan any server/website without authentication.

You just need to open scanplanner website, Enter the URL of your target and Scan ! On the very next page you will get Results like this:

In case you are receiving message "Scan has not started yet.", that means , your scan in Queue and other hackers are currently using the free service for hacks. There is no information available on the website, that who own this service.


We has a word with Mikko Hypponen (CRO at F-Secure) about legality of this service two weeks before via a tweet and hisreply was, "@TheHackersNews Oh boy. This service will be abused heavily. You can expect scanplanner․com to go offline in a day or two.".

Such types of services should first verify that either the user really own target website or not. For this purpose they can use Meta-Tag verification process or some other way. For now many Cyber criminals are misusing this service because my "Scan has not started yet."

Source: thehackernews.com

THC-Hydra New Release



One of the biggest security holes are passwords, as every password security study shows. A very fast network logon cracker which support many different services, THC-Hydra is now updated to 7.4 version.
Hydra available for Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, Currently supports AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Change Log
  • New module: SSHKEY - for testing for ssh private keys (thanks to deadbyte(at)toucan-system(dot)com!)
  • Added support for win8 and win2012 server to the RDP module
  • Better target distribution if -M is used
  • Added colored output (needs libcurses)
  • Better library detection for current Cygwin and OS X
  • Fixed the -W option
  • Fixed a bug when the -e option was used without -u, -l, -L or -C, only half of the logins were tested
  • Fixed HTTP Form module false positive when no answer was received from the server
  • Fixed SMB module return code for invalid hours logon and LM auth disabled
  • Fixed http-{get|post-form} from xhydra
  • Added OS/390 mainframe 64bit support (thanks to dan(at)danny(dot)cz)
  • Added limits to input files for -L, -P, -C and -M - people were using unhealthy large files! ;-)
  • Added debug mode option to usage (thanks to Anold Black)
Source: thehackernews.com