Security Threats: Face the Danger

Thursday, January 13, 2011

Roman Zeltser

E66d48d7b227e7845b73d43eb1a06fcb

There is no reason to explain again that today’s computing is not possible without adequate protection against viruses, malware, botnets, and all other cyber “weapons”.

You probably are overwhelmed with a number of articles, experts’ advice, webinars, and various tutorials about user awareness the same way as I am.

What I want to add to this is to describe the face of real danger, the danger that the majority of computer users are not aware about. The new hacking technique and tools will make your security protection tools like a toy for kids.

In my March 2010 article I have suggested a set of software tools to protect your computers (perhaps from all known malware).

What I have learned that after Stuxnet cyberattack became known and was described in more-less details, many security professionals have revised the entire approach to security protection.

The common denominator for all opinions is the fact that our commonly accepted approach to IT security is not working anymore due to the new and highly sophisticated penetration tools that were developed recently.

No, I am not going to discuss Stuxnet and similar, highly sophisticated software that was discussed on the Internet widely but rater down-to-earth penetration tools that is available today.

The goal of this article is to make more people aware that our poor antivirus programs may protect you from only 20% to 30% of today’s penetration software. Disagree?

Just today, I got an e-mail from “Hakin9 Mewsletter newsletteren@hakin9.org” with the following content. As is (no spell correction):

Russia Hackers are pleased to announce RH2.5 KIT ver 2011
that people can use to hack & secure computer systems by
knowing exactly how a hacker would break into it.

Collection of Advanced Hacking Guides & Tools.

PDF Guide:

1. Advanced Hacking Guide with MEtasploit
2. Malware Development (RATS, botnets, Rootkits)
3. Convert exe into PDF, XLS, DOC, JPG
4. Exploit development guide
5. Tech Tricks (Spoofing-Sms,email,call)
6. Download any Apple Apps Free of cost

7. Credit Card HAcking
8. Netbanking Hacking-bypass Virtual KEyboard
9. Spreading guide to Infect 100K/Victims per day
10. Advanced Email Hacking Tricks
11. SET(Social Engineering Toolkit) module
12. Links for other russian hacking sites

Hacking Marketplace

Tools/Services:
{Value more than 1500 USD}

1. Polomorphic Crypter's (to make Files undetectable- bypass all AV Scantime,runtime)
2. Java Driveby FUD (deploy your exe by URL on target)
3. Immunity Canvas (Hack remote pc with IP address)
4. Paid Botnets (Spyeye,etc)
5. IRC Bots(Ganga, niger,etc)
6. Yahoo messenger zeroday exploit (run exe on target)
7. Ice pack Enterprise (execute exe using php script)
8. Bleeding_Life_V2_pack /Other Packs

Service's:
1. One Linux Based VPS with Root access for Lab Setup (Safe & Secure)
2. VPN Double + Triple Encrypted (Hide your real Ip Address)
3. Fake Emailer with attachment
4. Email Bomber (Send 1 million emails into Inbox)
5. DDOS Attacks Shells

Hire a Hacker
for Offensive and Defensive services, Internal on-site penetration testing gives
the business the assurance it needs to conduct safely in the Internet and with business partners.

Email at: root@russiahackers.ru or russiahackers@mail.ru

Visit Site


First of all, I am a subscriber of Hackin9 IT Security Magazine, and I am getting the news about new development in the world of IT Security. Normally, the e-mail address field “FROM” looks like this:

Hakin9 Magazine: newsletteren@hakin9.org

This time, it was slightly different:

Hakin9 Mewsletter newsletteren@hakin9.org

As you see above (and I have no doubts considering miss-spells and ignorance of normal technical English) , the content of e-mail was pure advertisement with a link to the live web site (http://russiahackers.ru/) that offers the both sets of tools correspondingly for $100 and $250USD.

My guess is that my e-mail account was hacked along with many others, and the Russian hackers e-mailed the information about their “products”.

Let me be honest, I am not so worrying about hacking of my e-mail account but about the “products” offered on the web site.

Let’s review some.

Convert exe into PDF, XLS, DOC, JPG

This one is the most troubling “products”. Just imagine that you are getting the file attached to your e-mail with one of the named above extensions and are trying to open it. The file immediately executes the built-in code, and voila! Your PC is infected. Cab anti-virus or firewall prevent it? I honestly doubt it…

Polymorphic Crypters (to make Files undetectable- bypass all AV Scantime, runtime)

No need to give an explanation – this code will bypass all Antimalware programs.

Spreading guide to Infect 100K/Victims per day

Tutorial on how to infect hundreds of thousands of PC users per day!

SET(Social Engineering Toolkit) module

Welcome to infected Facebook and Twitter!

Netbanking Hacking-bypass Virtual Keyboard

Do you use online banking? I do, and most of my friends do, and most of their friends do, too! Now, imagine you have opened one of the infected e-mails (or e-mails with infected attachment), and you will be faced with a nasty surprise: your account has zero balance! It also could happen on-the-fly, while you are logging into your banking account.

Immunity Canvas (Hack remote PC with IP address)

If the hacker knows the IP address of your PC, it can be hacked with this tool. You are no longer a single Administrator of your computer. You will share it with “nasty boys” who can speak not only English but also Russian or Chinese! A simple IP scanner (like free LanSpy) will help to identify your computer’s hardware, operating system, many installed programs, computer domain and NetBios names, MAC address, remote control, time, discs, transports, users, global and local users groups, policy settings, shared resources, sessions, open files, services, registry and event log information. Nothing on the remote computer is hidden from them now…

Welcome to the hacking world!

Should I continue?

You may want to ask “what should I do?” I’d be very much glad and happy if I could give you a definite answer but I don’t have one. The minimum of what you can do is to EDUCATE – yourself, your family and friends, friends of your friends, and, of course, corporate users if you are responsible for secure computing at your organization.

So, instead of reading stupid chain e-mails that try to scare you if you don’t resend them immediately to another 10 people (nice way to spread the malware!) your fellow citizens will read and forward the information about how to conduct the secure computing and not to become the victims of cyber-gangsters.

As for the tools that I have suggested in my previous article, they are still vital. It’s better to have some basic protection + knowledge of secure computing than to ignore it completely because those tools do not provide 100% security.

Happy and secure computing in 2011!

Possibly Related Articles:
13638
Network->General
virus malware Botnets Security Threats hackers
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.