Researchers Pwned the Koobface Botnet

After recording a  win over the complicated admin panel in the Zeus botnet a week ago, security researchers have made another major and successful strike over the Koobface botnet. The Koobface botnet was responsible for spreading a worm on Twitter last year that directed users to a video download and then, to a fake codec download to play that video. As obvious, the codec was nothing but a malware.

The Koobface botnet has finally been brought down by security researchers who worked with law enforcement and have  intimidated  Facebook and Google about many fake accounts used for the botnet.

Nart Villeneuve the chief research officer with SecDev Group said,

Those are all on the same network, and they’re all inaccessible right now.

when talking about one of the Koobface server admin control panel.

Koobface has the same operating structure even now. A video download link takes you to a codec download page, the codec being Koobface. Video links were posted on Facebook and then, users were redirected to these codec downloads through Google BlogSpot.

The botnet communicated with four Russian cellphone numbers sending those details of earnings. However, something interesting was communicated from the Koobface group to the researches. The researchers claim,

The Koobface gang had a certain charm and ethical restraint.  They communicated with security researchers about their intents and their desire not to do major harm. They limited their crimes to petty fraud, albeit massive in scale and scope. But the scary part is that they could have easily done otherwise.


Indians Are Most Paranoid About Smartphone Security: Survey

Juniper Networks conducted a global consumer study in association with KRC Research and Synovate with more than 6,000 smartphone and tablet users across 16 countries. It was found that upto four out of five people feel “level of security” is high priority when buying or using smartphones and tablet computers. The study also reveals that more than half of them are anxious about losing their mobile devices, protecting their identities and protecting their families with parental controls.

According to the study Indian smartphone users have shown highest level of concern towards mobile security issues. The figure stood at 90 per cent among the 16 countries which were considered for conducting this study. Other countries that followed India are Brazil and Russia (88 per cent each), Germany (86 per cent) and China and Italy (both at 85 per cent) where users have a high level of security concerns towards using Smartphones.

Image Courtesy

Zeus Botnet Server Fakes an Arrest to Learn How Security Researchers Work

Security Researchers claimed a major hit when they stumbled on the control server of the Zeus botnet. However, the lesser-known fact for them was that, the control panel of the server they discovered was a reverse learning process for botnet masters to learn the methods of security researchers!

The admin interface used by the Zeus botnet server has two distinct levels of access and visibility. For those trying weak password guesses and SQL injections on the database, the database allows a fake access and takes you to a fake control panel that works pretty much like a real one. However, in reality, the only thing that happens in this admin panel is that your activities are recorded.  Another feature in the fake admin panel is that you can also upload your own bots. This fake admin panel works as a considerable amount of security for a botnet.

This botnet security is the first of its kind. It has taught me a very good lesson. Sometimes security is not all to be implemented in a single layer. The user interface is itself considerably important for security. If a seemingly secure UI (user interface) can lure researchers into believing in security, by reverse psychology, we can create user interfaces that have some level of security integrated into them.


iPhone Security Busted With Secret Button Sequence

The iPhone is the hottest cellphone around and given its price, one important aspect to take care of is its security. Recently, a hack has been discovered that can allow people to bypass the security on an iPhone using a specific button sequence which, then leads to an unrestricted access to address book, voicemail and call history apart from other personal data. A similar hack was discovered on rival Android a few months ago.

Apple has already faced the heat for a similar security flaw in the iPhone back in 2008 and the recent flaw in FaceTime makes one thing clear. Apple does not test its software enough for bugs and flaws before releasing them.

Apple has responded to the Wired Magazine and has said that it will patch the bug in the software update of the iOS, i.e. in iOS 4.2. However, that update is coming in November and till then, hold on to your iPhone tightly.

The hack can be seen in operation in this video.

Bug no iOS 4.1 from Salomão Filho on Vimeo.

The magic sequence is given as:

hit emergency call.Push the pound key three times. Hold down the green key, and the moment you let it go, you push the lock button. And that’s it. Now you can access all the contacts and call them.

Installing Zone Alarm Free Firewall

Do you understand what a firewall really does? Most people would tell you that a firewall protects you from hackers out there on the internet. They’re right, but there’s a little more to it.

Every modern operating system has a firewall. Windows PCs are a special case, because they are specifically targeted by the dark forces out there. That’s mainly true because of the huge user base of Windows computers around the world.

Your firewall is meant to protect you from evil computers trying to access your computer without your knowledge (inbound protection). However, good firewalls also prevent your PC from broadcasting your private information or spreading worms, viruses and spam to other computers (outbound protection).

Many years ago, Windows shipped XP without any firewall protection turned on by default. That was a huge mistake and millions of people paid the price for it. The mistake was fixed by XP Service Pack 1, but many of us have never forgotten what happens when you don’t use a firewall.

zone-alarm-icon Back in the days of Windows 95 and 98, I used a firewall called ZoneAlarm, because Microsoft didn’t even offer one at the time. These days, the Windows firewall for XP, Vista and 7 is adequate, but it doesn’t offer very good outbound protection. That’s why it may be a good idea to try out the newest ZoneAlarm Free. Here’s what the folks at ZA say about their product.


Monitors inbound and outbound traffic flowing through your computer
Requests from an unknown or unsolicited source are identified and blocked
Hides your computer from hackers

Leverages real-time threat data from community of millions of ZoneAlarm users to detect and block the latest attacks
All programs launched on your computer are compared against a database of known programs; malicious program are blocked and safe programs allowed, rare unknown programs result in a warning
Delivers stronger, quieter security

Warns you of phishing sites and spyware distribution sites
Uses signatures and heuristics to identify more fraudulent websites than standard protection

Online Backup
Securely upload/download files with User-defined encryption keys.
Retrieve data from any location – login via any web browser to your account and access backed up data.
Automated backup schedules the backup of data per your convenience.

Below, I’ll run through a typical install of ZoneAlarm Free, with screenshots and tips to help you get through it.

Kaspersky: Opera’s Community Website Is Being Used to Distribute Malware

MyOpera – Opera’s official community website, is being misused to distribute malwares, according to a researcher at Kaspersky Labs.

My-OperaThe Norwegian browser maker allows anyone to sign up and host photos, upload files, publish blogs, participate in discussions and more at myOpera. Unfortunately, the ease of creating an account is being exploited by malware developers to host PHP based IRC botnets on myOpera.

In the recent past, malwares were discovered on Mozilla and Google Code’s servers also. Although I am still awaiting an official response from Opera regarding the security measures they currently have in place, by Kaspersky’s own admission, the problem isn’t very widespread. Dmitry Bestuzhev, the expert from Kaspersky who made the discovery, has so far found less than hundred malwares hosted on myOpera, which has more than 5 million registered members.

Incidents like this goes on to prove that staying careful alone can’t always protect you. XSS vulnerabilities in popular websites like Twitter and YouTube, HTML injection attacks in popular blogs and untrusted files on community websites like myOpera are just some of the techniques being used by malware creators to fool even savvy internet users.

What is the Deal with Stuxnet Anyway?

Really, what is the deal with Stuxnet anyway?  When it was detected back in June and Pallab at Techie-Buzz  covered it back in July, we hardly knew it would end up in so much of badassery. Throwing some light on the issue,

The  Shell Shortcut Parsing vulnerability is a particularly worrisome bug because there are not a lot of things a user can do to  protect himself. Even if autorun and autoplay is disabled, users can still get infected. All that the user is required to do is to open the compromised device, network share or WebDav.

From that time on and today, Stuxnet has grown to be the most sophisticated piece of attack and for the first time in the history of worms, is posing serious threat to a specific infrastructure type.

As reported at BBC, the worm attacks power plants, water plants and industrial units, proof being a high concentration of attacks in Iran and a possible attack on its nuclear power plant. Stuxnet is like one of those dark programs we see in sci-fi movies that eat into your infrastructure. It is rightfully termed as a weapon. It does not steal information but cripples the system as a whole. The vulnerability is so serious and put simply, hardwired that a simple software patch will not help at all.

The Stuxnet worm spreads by USB drives and has the ability of reprogramming the programmable logic controller or PLC. The PLC, essentially a digital computer is the main interface between the electrical signals from the computer and the mechanical actions from say, the assembly line and other actuators. It is used extensively for the automation of these mechanical tasks.

Currently, Stuxnet is being reverse engineered and  Langner Communications seems to be  the only expert on it. From their analysis, it is clear that this attack is too well engineered to be the work of hackers who do it for fun. Anyone who worked on this was serious about getting back at some industries.


Hack is Wack, y’all! Snoop Dogg + Symantec = Rap Contest On Anti-Cybercrime

Fo’ shizzle under my nizzle, yo yo! Alright, alright my rapping skills are subpar in that I believe even Shakespeare with his iambic pentameter can give me a run for his money with rapping skills. But this is not about my rapping skills it’s about yours dear wannabe rapper! (Not you, Hopesh)

Snoop Dogg, the West Coast hip hop MC and protégé of Dr. Dre has teamed up with security software specialists Norton (Symantec corporation) to announce Hack is Wack! a rap video contest where users can upload their best 2 minute rap video against cybercrime. Winners get to meet SNOOP DOGG’S MANAGEMENT TEAM Y’ALL! (Also probably a Toshiba laptop).

Fo’ real mah homies!!


No, really. The internet is filled with lame attempts to capture the essence of rap in a nerdy blogpost, so you can’t really blame me for trying (and failing).

According to the SecurityWeek, the contest which runs till the 30th of this month will be quite a ball:-

“If you have the skills and bust out the phattest rap, you’ll receive round-trip airfare for two to Los Angeles along with two days and two nights hotel stay to meet with Snoop’s management and learn more about his business. You’ll also get two tickets to a Snoop Dogg concert and a new laptop pimped out with Norton Internet Security 2011.”

So… get started right away with this friendly wikihow page that tells you how to write a rap song, promote yourself, develop your own style, and more.

Ancient Kernel Hole in Linux fixed after Two Months of reporting

An ancient kernel hole in Linux, which has been present from 2003, was recently closed after constant nagging and bug reports. The problem was with the X server using a huge stack that has a good chance of running into an adjacent heap memory.

The same vulnerability was cited earlier and was brought to the notice of the Linux security team a number of times but they turned a deaf ear to it each time. Only recently, they have taken this seriously and Torvalds has finally fixed this bug. However, the bugfix itself requires a further fix and the complete change will appear in the next stable update of the Linux kernel. As for those running a development version, it is available for download  here.

Torvalds has implemented a guard between the stack and the heap so that the stack does not overrun the heap memory in any case. However, people everywhere are frowning upon the time of two months this problem took to be fixed, after the first citation and the first formal reporting. Linux has been held in high esteem for its security and this matter has earned Linux some bad name already.

Keith Packard, an hacker was also working on a fix for this but his code was rejected by Torvalds as it violated some internal VM rules. The vulnerability was of an extremely serious nature.  As Rutkowska puts it,

While it isn’t a direct remote exploit, it only takes one vulnerable X client (web browser, PDF viewer, etc.) to turn it into something that is remotely exploitable.


A Review of Emsisoft Free Emergency Kit


[Windows Only]  Emsisoft isn’t a big name in the anti-virus, anti-malware industry, but they are well respected and they’ve been offering great products since 2003. When I first ran into them, they were offering one of the best anti-trojan scanners, named A-Squared. Recently, they’ve come out with a new bundle of anti-malware called Emsisoft Emergency Kit, and it’s completely free.

The first feature of this software kit that I liked, was the fact that it’s also portable. This means that the files making up this bundle can be copied to a CD or a USB flash drive, so that it can be used easily on any PC. All you have to do is download the Zip file and extract it to any drive you want. Below is a screen shot of the files included in this package.


To start up Emergency Kit, simply double click the start.exefile.   This launches a selection screen and you can choose one of the four main programs included in the kit.


Below is a list of the programs in the kit and a brief description for each.

• Emsisoft Emergency Kit Scanner

Search the infected PC for Viruses, Trojans, Spyware, Adware, Worms, Dialers, Keyloggers and other malign programs.


• Emsisoft Commandline Scanner

This scanner contains the same functionality as the Emergency Kit Scanner but without a graphical user interface. The commandline tool is made for professional users and can be used perfectly for batch jobs.

• Emsisoft HiJackFree

HiJackFree helps advanced users to detect and remove Malware manually. With HiJackFree you can manage all active processes, services, drivers, autoruns, open ports, hosts file entries and many more. It’s a tool very similar to the old and much revered HiJackThis, except that it offers more information and the ability to consult an online analysis tool for advice.

hj-free-processes_220 hj-free-ports_220 hj-free-autoruns_220 hj-free-services_220 hj-free-addons_220 hj-free-hosts_220 hj-free-quarantine_220

• Emsisoft BlitzBlank

BlitzBlank is a tool for experienced users. BlitzBlank deletes files, Registry entries and drivers at boot time before Windows and all other programs are loaded.

Here’s the Emergency Kit home page for more details and the download:

Note: Another great tool from Emsisoft is the well known Online Armor firewall (free version).

. . . . . .

Techie Buzz Verdict:

I tried out Emsisoft Emergency Kit briefly and I was not disappointed. Even though most of the tools in this kit are for experienced users, the Scanner alone can help almost anyone. It’s not a small download, but it’s portable and most importantly, it’s free. I give it a big thumbs up.


Techie Buzz Rating: 4/5 (Excellent)