Archive

Archive for the ‘Vulnerability’ Category

Recover your Gmail and Orkut accounts from Bom Sabado attack

September 26th, 2010 3 comments

orkut Exploiting cross-site scripting flaw on Orkut, “Bom Sabado” worm is spreading like a plague on Orkut. Bom Sabado means ““Good Saturday” in Portuguese. It sends “Bom Sabado ” scraps to your friends and automatically joins your profile on some adult communities. It’s a cookie stealing script in action.

Am I infected?

If you have seen “ Bom Sabado! “ scrap on orkut, on your scrapbook or your friends scrapbook, or seen this scrap on Gmail’s web interface, you are infected.

Don’t panic !

What should you do?

  • Clear your cookies and cache.
  • Change your Google account password immediately by visiting the following link and don’t login to Orkut till Google engineers fix this issue.

https://www.google.com/accounts/EditPasswd?hl=en

changepasswd

  • Change the security question too

securityqn

  • Keep your Mobile phone no. updated for getting password reset code.
  • Don’t try to open Orkut or messages from Orkut by e-mail. (SMTP & POP users may view the message in plain text)
  • Stop visiting the scrapbooks of others till they fix this issue.
    How can you help to avoid its spreading?
  • Login to mobile version of Orkut http://m.orkut.com from Opera Mobile and delete all “ Bom Sabado! “ scraps

Alternatively,

Pass this information to your friends. Stay tuned for further updates.

Install and maintain an updated Anti-virus and Anti-Malware like, Malwarebytes Anti-Malware to keep your system free from Key loggers and backdoor trojans.

UPDATE from Google:

Hi all,

This is to inform you all that we’ve contained the “Bom Sabado” virus and have identified the bug that allowed this and have fixed it.

We’re currently working on restoring the affected profiles.

Thanks a ton to each of you who’s made an effort to alert everyone else about this.

Possibly Related Posts:


How to bypass Windows passwords? aka Linux, the easy way

June 23rd, 2010 2 comments

If you want to access a system badly and don’t have any authentication credentials here is a trick to bypass it.

Requirements:

  1. ISO image of any live Linux distribution (Ubuntu, Fedora, DSL etc.)
  2. Thumb drive aka Pen drive
  3. UNetbootin for Linux/ Windows
  4. More information at my previous post here

btw, don’t violate any rules. Enter at your own risk.

Possibly Related Posts:


Conficker worm on its pursuit updates itself !

March 19th, 2009 3 comments

Conficker B++, evil twin of Conficker, also known as W32/Conficker.worm, Downup, W32.Downadup and Kido, is a worm that takes advantage of Windows security vulnerability called MS08-067 in order to spread itself across networks. Once infected, Conficker may disable Windows system services such as Windows Defender, Automatic Backup, Windows Error Reporting, and Windows Automatic Update. Conficker could block certain security websites and may install further malware on your computer.

top-level-control-flow-overview

Conficker A (left) /B (right): Top-level control flow

Source : http://mtc.sri.com

Conficker B uses a different set of sites to query its external-facing IP address www.getmyip.org, www.whatsmyipaddress.com, www.whatismyip.org, checkip.dyndns.org.  It does not download the fraudware Antivirus XP software that version A attempts to download.   Conficker’s propagation methods vary among A and B.
Like Conficker A, after a relatively short initialization phase  followed by a scan and infect stage,  Conficker B proceeds to generate a daily list of domains to probe for the download of an additional payload.

A New Backdoor Service
Conficker B++ has added a new method for remote Win32 binary retrieval and execution.  This new method entails the use a named pipe to receiving URLs from remote systems, retrieval of Win32 binaries using this URL, validation that the downloaded executable is properly signed by the Conficker authors, and immediate execution of the binary.

The new Conficker variant adds an extra function to the main thread if the OS is Windows XP, Windows 2000, or Windows 2003 Server

Conficker is known to block access to over 100 anti-virus and security websites.

OpenDNS, the free DNS service, plans to start blocking the Conficker worm’s attempts to connect to potential control servers using a predicted address list provided by Kaspersky. According to The Register, the new free service will also be able to alert administrators to the presence of the Conficker worm and assist them in locating infected machines.

Microsoft offers $250,000 reward for information leading to the arrest and conviction for the cybercriminals responsible for the fast spreading Conficker/Downadup worm.

Computer users who already have their Automatic Update feature turned on for Microsoft Windows Update may not be vulnerable to the Conficker worm. Upon detection of the Conficker worm, it is recommended that you configure your computer to receive critical updates and patches from Microsoft and run a full scan with an up-to-date version of your anti-virus or anti-malware program. Conficker may attempt to recreate itself on reboot.

Download Free Conficker Removal Tool
Download Free Conficker Removal Tool

 

Joe Stewart from the Conficker Working Group has created an eye chart that allows for online identification of Conficker B and C infections. The idea is to load content from sites that are blocked by Conficker.

Check now http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

If you can see all six images in both rows of the top table, you are either not infected by Conficker, or you may be using a proxy server, in which case you will not be able to use this test to make an accurate determination, since Conficker will be unable to block you from viewing the AV/security sites.

Possibly Related Posts: