Typhoon victims in Philippines are in need of you help. Please visit www.redcross.org to help.
You tube video
Wednesday, September 30, 2009
Friday, September 18, 2009
Zeus is the #1 botnet ?
Zeus is a financial malware. It infects consumer PCs, waits for them to
log onto a list of targeted banks and financial institutions, and then steals
their credentials and sends them to a remote server in real time.
Additionally, it may inject HTML into the pages rendered by the browser,
so that its own content is displayed together (or instead of) the genuine
pages from the bank’s web server. Thus, it is able to ask the user to
divulge more personal information, such as payment card number and
PIN, one time passwords and TANs, etc.
Zeus uses some rootkit techniques to evade detection and removal.
Zeus is the #1 botnet, with 3.6 million PCs infected in the US alone (i.e.
approximately 1% of the PCs in the US)
Read More...
log onto a list of targeted banks and financial institutions, and then steals
their credentials and sends them to a remote server in real time.
Additionally, it may inject HTML into the pages rendered by the browser,
so that its own content is displayed together (or instead of) the genuine
pages from the bank’s web server. Thus, it is able to ask the user to
divulge more personal information, such as payment card number and
PIN, one time passwords and TANs, etc.
Zeus uses some rootkit techniques to evade detection and removal.
Zeus is the #1 botnet, with 3.6 million PCs infected in the US alone (i.e.
approximately 1% of the PCs in the US)
Read More...
Friday, September 4, 2009
eBay reaches deal to sell Skype
Skype is to be majority-owned by a group of private investors, including Netscape co-founder Marc Andreessen and private equity firms.
EBay will keep a 35% stake in the firm, which it has been trying to sell for some time. It has said that Skype had "limited synergies" with it.
Read more...
EBay will keep a 35% stake in the firm, which it has been trying to sell for some time. It has said that Skype had "limited synergies" with it.
Read more...
Wednesday, September 2, 2009
Trojan Targets Skype Users
TrendLabs researchers were alerted of a newly released Proof-of-Concept (PoC) that listens and records voice calls carried out via Skype. Trend Micro detects this as TROJ_SPAYKE.C. Skype is a popular application used for making voice over IP (VoIP) calls.
Read more
Read more
Magic numbers in files
Examples
Some examples:
* Compiled Java class files (bytecode) start with hex CAFEBABE. When compressed with Pack200 the bytes are changed to CAFED00D.
* GIF image files have the ASCII code for "GIF89a" (47 49 46 38 39 61) or "GIF87a" (47 49 46 38 37 61)
* JPEG image files begin with FF D8 and end with FF D9. JPEG/JFIF files contain the ASCII code for "JFIF" (4A 46 49 46) as a null terminated string. JPEG/Exif files contain the ASCII code for "Exif" (45 78 69 66) also as a null terminated string, followed by more metadata about the file.
* PNG image files begin with an 8-byte signature which identifies the file as a PNG file and allows detection of common file transfer problems: \211 P N G \r \n \032 \n (89 50 4E 47 0D 0A 1A 0A). That signature contains various newline characters to permit detecting unwarranted automated newline conversions, such as transferring the file using FTP with the ASCII transfer mode instead of the binary mode.
* Standard MIDI music files have the ASCII code for "MThd" (4D 54 68 64) followed by more metadata.
* Unix script files usually start with a shebang, "#!" (23 21) followed by the path to an interpreter.
* PostScript files and programs start with "%!" (25 21).
* PDF files start with "%PDF" (25 50 44 46).
* Old MS-DOS .exe files and the newer Microsoft Windows PE (Portable Executable) .exe files start with the ASCII string "MZ" (4D 5A), the initials of the designer of the file format, Mark Zbikowski. The definition allows "ZM" (5A 4D) as well but this is quite uncommon.
* The Berkeley Fast File System superblock format is identified as either 19 54 01 19 or 01 19 54 depending on version; both represent the birthday of the author, Marshall Kirk McKusick.
* The Master Boot Record of bootable storage devices on almost all IA-32 IBM PC Compatibles has a code of AA 55 as its last two bytes.
* Executables for the Game Boy and Game Boy Advance handheld video game systems have a 48-byte or 156-byte magic number, respectively, at a fixed spot in the header. This magic number encodes a bitmap of the Nintendo logo.
* Zip files begin with "PK" (50 4B), the initials of Phil Katz, author of DOS compression utility PKZIP.
Some examples:
* Compiled Java class files (bytecode) start with hex CAFEBABE. When compressed with Pack200 the bytes are changed to CAFED00D.
* GIF image files have the ASCII code for "GIF89a" (47 49 46 38 39 61) or "GIF87a" (47 49 46 38 37 61)
* JPEG image files begin with FF D8 and end with FF D9. JPEG/JFIF files contain the ASCII code for "JFIF" (4A 46 49 46) as a null terminated string. JPEG/Exif files contain the ASCII code for "Exif" (45 78 69 66) also as a null terminated string, followed by more metadata about the file.
* PNG image files begin with an 8-byte signature which identifies the file as a PNG file and allows detection of common file transfer problems: \211 P N G \r \n \032 \n (89 50 4E 47 0D 0A 1A 0A). That signature contains various newline characters to permit detecting unwarranted automated newline conversions, such as transferring the file using FTP with the ASCII transfer mode instead of the binary mode.
* Standard MIDI music files have the ASCII code for "MThd" (4D 54 68 64) followed by more metadata.
* Unix script files usually start with a shebang, "#!" (23 21) followed by the path to an interpreter.
* PostScript files and programs start with "%!" (25 21).
* PDF files start with "%PDF" (25 50 44 46).
* Old MS-DOS .exe files and the newer Microsoft Windows PE (Portable Executable) .exe files start with the ASCII string "MZ" (4D 5A), the initials of the designer of the file format, Mark Zbikowski. The definition allows "ZM" (5A 4D) as well but this is quite uncommon.
* The Berkeley Fast File System superblock format is identified as either 19 54 01 19 or 01 19 54 depending on version; both represent the birthday of the author, Marshall Kirk McKusick.
* The Master Boot Record of bootable storage devices on almost all IA-32 IBM PC Compatibles has a code of AA 55 as its last two bytes.
* Executables for the Game Boy and Game Boy Advance handheld video game systems have a 48-byte or 156-byte magic number, respectively, at a fixed spot in the header. This magic number encodes a bitmap of the Nintendo logo.
* Zip files begin with "PK" (50 4B), the initials of Phil Katz, author of DOS compression utility PKZIP.
Subscribe to:
Posts (Atom)
