27-07-07

Are your DNS server already patched ? Pharming danger.

It seems that very important DNS servers in Belgium are not being patched and that some of these very important structural DNS server are running on versions that can be remotely hijacked and even can't guarantee any protection against the new techniques of pharming and cache poisioning.

 

It is well enough to be independent and to have no overview than yourself and a silent committee without any representatives of the consumers or domain owners, but the least you could do if you are making millions and you are a war chest big enough to do somethings professionally is to be sure that your corebusiness is in order.

 

For the other firms it is important to update your dns server is you are working with money online because what is the sense of investing millions in antiphishing and antifraud if you let important DNS servers open so that your users will be redirected en masse before you can do anything. Pharming is industrial phishing , no more or less.

14:54 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

Do you know they were hacked

Hundreds of sites are sometimes hosted on the same server. With new exploit and others tools it is not so hard anymore to deface-hack them all once you get past one. The question in Belgium is if these owners and admins are alsways informed that theit site has been hacked  even if it was corrected minutes afterwards. Maybe they should be obliged to be inform their customers.

 

len3_001

 

and the list goes on and on and on

14:07 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

List of more or less active hacking-security forums inscription needed

http://shadows.ipbfree.com
http://d4rk-h4ck.com
http://7thc.s4.bizhat.com
http://www.w4ck1ng.com
http://www.elitehackers.info
http://www.leetupload.com
http://www.zeroidentity.org/register
http://www.chekmate.org  enorm
http://c0ntent.org/index.php
http://www.g00ns-forum.net
http://www.enigmagroup.org/forums/index.php?action=regist...
http://www.suck-o.com
http://www.hackerscenter.com
http://k0h.org/
http://www.undergroundsystems.org
http://www.wtalk.org/index.php
http://forum.security-shell.com
http://www.securibox.net
http://www.firewall.cx/

13:57 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

26-07-07

You have ads on your blog and infect your readers with spyware

If they are that stupid to click on anything else than the few we know that are really good free antispywaretools, but most of the time people do, so the most stupid of your readers (computerstupid that is) could be clicking on that kind of ads and be installing rogue antispyware that is deceptive or in the worst case taking the computer hostage.

 

len2_001

 

So blogads.com represents advertising for spyhunter that is being sold-distributed by a firm that does everything to hide itself of public view and has released similar software in the past. Adsense is starting to try to make its ads less prone to such situations so others in the business should follow suit.

http://www.furl.net/forward.jsp?id=23174977

http://www.furl.net/forward.jsp?id=23174952

12:13 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

Update Firefox and DNS servers - URGENT

Once people find a hole they continue to digg, just as gold-diggers never stop after the first inch of gold in the believe that there maybe lots more. And sometimes this gives new exploits that are far more interesting, dangerous and exploitable than the first one that seemed more difficult and theoretical. Firefox seems now prone to an exploit by which any program on your computer (and if you surf under administrator privileges that means telnet - so anything on the computer) can be started externally to download whatever code necessary to make a zombie of your computer simply by visiting a website with some code on it (that you won't see.  So update your firefox as fast as possible.

http://www.furl.net/item.jsp?id=23170875

http://www.furl.net/item.jsp?id=23170784

 

some freeware

http://www.furl.net/item.jsp?id=23170875  find the URI's on your system

http://www.furl.net/item.jsp?id=23170953  control all scripting while surfing with Firefox

 

The DNS servers are the most critical parts of our internet infrastructure. They translate the domainnames you put into your browser into the IP adresses of the servers that host them. Since a good year there has been much talk about cache poisioning and pharming but except from some attacks it wasn't that easy to do. Pharming means that a user will type the domainname in his browser for example www.TRAVEL.com  after which his computer will contact a DNS server to get the right IP address of the server where that site is hosted. The DNS server will first look into his cache but if it isn't he will try to get it on the internet. Pharming means that with a now launched simple trick the DNS server will find in its cache another IP address for the server www.travel.com than the legal one and will redirect the user (who will see all the time www.travel.com in his browser) to a perfect copy of the site on a russian site. So any transaction he does will be intercepted or the computer can be scanned for vulnerabilities and infected and put into a botnet. Luckily the security researcher has contacted the organisation responsable for the DNS BIND software and there is a very important upgrade available. Because untill now it hasn't been so simple to do pharming and pharming is the industralisation of phishing because imagine what it would do to banking, egov and ecommerce ?

http://www.furl.net/forward.jsp?id=23171208

http://www.furl.net/forward.jsp?id=23171041

 

You can subscribe to the RSS feed of my furld information

http://www.furl.net/members/mailforlen/rss.xml

10:26 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

25-07-07

belgian forums-guestbooks that link to winantivirus rogue tool

PETITES ANNONCES GRATUITES :: Voir le sujet - Great softwares !- [ Translate this page [url=http://go.winantivirus.com/MTQxNzA=/2/5382/ax=1/ed=1/ex=1/xru/]Great Anti-Virus Software ![/url] ...www.fournisseurs-voirie.be/forum/viewtopic.php?p=64&s... -

 

Backpacken.com, backpack de wereld rond, hostels online boeken, de ...[url=http-//go.winantivirus.com/MTQxNzA=/2/5382/ax=1/ed=1/ex=1/xru/]Great Anti-Virus Software ![/url] ...
backpacking.be/index.php?page=phorum&option=readpost&postid=1379 - 20k - Supplemental Result - Cached - Similar pages

.: USA 2006 :.Website: , hi, id like to say thankyou for your detailed website. ...
www.whoop.be/USA/Gastenboek.htm -

 

ABC-FORUMGSM: http://go.winantivirus.com/MTQ4OTY=/2/5549// E-mail your@antivirus.com, hi, id like to say thankyou for your detailed website. Visit to my homepage ...
www.aarselebc.be/gbook/gbook.php?page=2 -

 

Guestbook<a href=" htxp://go.winantivirus.com/MTQ4OTY=/2/5549// ">This is right! Click here! WinAntiVirusPRO 2007 FREE!!!</a> ...
www.zurlinde.be/gastneu.php?page=19 - 12k - Supplemental Result - Cached - Similar pages

 

Behealth.tv : Forum de discussion, questions -> Citation d'un ...I don't want to write more:), just try [URL=http://go.winantivirus.com/NTgzNw==/2/3386/ax=1/ed=1/ex=1//]Windows Anti Virus[/URL] for FREE right now! ...
pibc.igretec.be/site_anthony/forum/index.php?s=81c2734c411c751dfe4923a628fda6a4&act=Post&CODE=06... - 33k - Supplemental Result - Cached - Similar pages

 

stop de superboetes :: Viewing profile[0.01% of total / 0.00 posts per day] Find all posts by PeeDee2005. Location:, USA. Website:, hxtp://go.winantivirus.com/MzYwNg==/2/2291/ax=1/ed=2/ex=1// ...
www.stopdesuperboetes.be/phpBB2/profile.php?mode=viewprof..... . - 21k - Supplemental Result - Cached - Similar pages

16:42 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

rogue securitytools use bogus downloadsites (blacklist) in a ring

The spyware - rogue securitytool (untrustable) TrojanGuarder is a perfect example.

Many of the pages have the same text and I presume that many of the domains are being served by the same masters. They use known techniques as putting pages as subdomains or individual pages with attract traffic keywords.  Also warez sites and chinese downloadsites link to this hard to remove tool.

 

This is the blacklist of sites that propose to download such tools.

 

2-spyware.com
100down.com/
artdownload.net
authorsden.com
audiocdripper.com
bestdvdtools.com/
batchconverter.com/
bestmobiletools.com
bestvideoconverter.net
bestvideotools.com
buydownload.net/
buysoftware.org
buysoftware.info
Buy-Software-Online.NET
christmasdownload.net/
com-download.biz
computer-software.org
digidownload.net
download-by.net
download-me-now.com
downloadmonster.com
downloadsuite.org
Download-soft.com
feeding-frenzy.us
find-software.com
free--download.com
free-downloadsoftware.com
freetrialsoft.com
giftdownload.net
goldsofts.com
greatdownload.org
hotdvdtools.com
mostshareware.org
mostsoft.net
mysoftsearch.com
onedownload.org
populardownload.net
shareware4u.com
softmegacity.com/
software-central.org
softwaredirectory.org
software-downloads.net
softwaremall.org
softwaresearch.org
softwareworld.org/
spystudios.com
unlimitedwarez.com
vdownload.org
vista-download.net
warezseeker.com
worldslargestnetwork.com
xoftspy.org.uk
xmasdownload.net

 

Maybe downloadsites should be certified by antivirus and antimalware firms on a permanent basis and shouldn't accept any software.

15:51 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |