Great Facebook communication!  Are you simply too huge, too cool, and too awesome to share GUI changes with our community?

Ermmm, Happy 6th Anniversary!

You are well aware of the challenges we as a CyberSecurity community face from rapid changes in the technology landscape. FOSE 2010 is the place to discover opportunities and solutions along with changing expectations for government IT professionals.

Register today for the FOSE 2010 experience http://www.fose.com.

You can expect:

• 3 days of IT resources helping you navigate today’s shifting tech landscape
• 2 full conference days packed with education on emerging technologies, trends, and new improvements to existing solutions
• Thousands of products on the FREE* EXPO floor allowing you to gain one-on-one insight into the capabilities of our exhibitors through demos, theater presentations and FREE Education.
• Attend the Accenture CyberSecurity Pavilion or Focus on Digital Forensics.

*FOSE is a must-attend free show for government, military, and government contractors.

It’s time to register and reserve your place at FOSE http://www.fose.com

Connect with FOSE
Twitter |  Facebook |  LinkedIn |  GovLoop

It wasn’t long before I began to notice discrepancies in the hacktivist’s focused cyber attacks. While conversing with this particular hacktivist I also drew some curious head shakes from security experts who allegedly had connections with the US government (AC).

In a nutshell, I managed to upset both the hacktivist and the AC’s! All of this online drama came about because I unintentionally set myself up for such a situation to occur.  Some of you may be wondering why I even bothered to pursue following and questioning such a controversial profile.

For as long as I can remember I’ve always been inherently curious. I was one of those kids who would find Santa’s hidden stash and secretly unwrap everyone’s Christmas gifts, then re-wrap all of the gifts back to perfection. Perhaps I was checking gift equality or I was just a nosy kid. Whatever the reason behind such invasive curiosity, this curiosity beast is one that I have to fend off and suppress on a consistent basis!

This type of curiosity could have easily become a Teksquisite reputation downfall. I could have been targeted both by the hacktivist and by government investigations. Though I did receive some direct communications via messaging and phone regarding statements I made about the hacktivist on twitter, I was not aware until much later in the game (by other concerned security
professionals) that this was a situation that I should graciously remove myself from.

“Harassment comes in many different forms and is not limited to physical or verbal abuse. Harassment can occur in any media or forum in which individuals interact.” –The Free Library

3 important steps to extricate yourself from situational cyberharassment

1. NEVER respond to flames.
2. NEVER confront the individual(s) with evidence or accusations
3. Remove yourself immediately from all hostile situations

The above steps should sever any type of online harassment situation almost immediately.  Although there may be some negative fallout from my particular situation, I anticipate that the steps I have taken above will successfully eliminate the possibility that cyberharassment will continue to exist.

If the above steps do not resolve a cyberharassment situation, you may be looking at the more serious case of cyberstalking.

“Cyberstalking and cyberharassment are very similar. Most people use them interchangeably, but there is a subtle distinction, typically relating to the perpetrator’s intent and the original motivation for their behavior.”

“While the two situations usually involve many of the same online tactics, cyberstalking is almost always characterized by the stalker relentlessly pursuing his\her victim online and is much more likely to include some form of offline attack, as well. This offline aspect makes it a more serious situation as it can easily lead to dangerous physical contact, if the victim’s location is known.” –Wiredsafety

In the past I have voluntarily worked with both Wiredsafety.org as an Internet Security Specialist and HaltAbuse.org as an Internet Security Advocate. Both organizations offer extensive help to victims of cyberstalking. If you are involved in an online situation that has escalated beyond the status of cyberharassment, be sure to contact one of the organizations listed above for further information on how to protect yourself online.

Until next time – stay safe online!

Facebook Is Going To Start Charging Money!

This scam first appeared on Facebook during December 2009. Users who joined this group were tricked into clicking a malicious link that took them off-site while secretly dumping malware on their computer.

“The ongoing thread that Facebook will soon begin charging for their site doesn’t appear to be slowing. The other night I was having dinner with a family friend who told me about a scoop he had that Facebook would soon begin charging for the site and proceeded to explain why he would pay. While it’s great that Facebook has provided value to his life and millions of others, the company will not charge users to access the site.” –All Facebook

Researching current 14,99 groups/pages appears to be harmless with no suspicious links found.   You can read more about this group at All Facebook.

Get A Free Pair Of UGGS!

You have to first verify that you can give out some private information, via taking one of the offered quizzes:

Does this IQ Challenge seem a little too familiar to you?  In July 2009 WBZ-TV 4 in Boston reported on the “I.Q. Test” scam occurring on Facebook.  Six months later, this scam is still connected to Facebook.  Check out the details at WBZ-TV video.

Pay Attention To Possible Scams And Scammers!

Become a fan of  *** Project NOSCAM *** and follow the weekly updated lists of:

SCAMS

SCAMMERS

** Notable Facebook Scams to be aware of **

If you find a scam or scammer on Facebook, do the site a favor and report it within the Group/Page  and also report the scam Group/Page to Project NOSCAM.

“If you allow an application or website to connect with your Facebook account, that application or website can access information on Facebook related to you and your friends and generate and publish stories about actions you take on that application or website without any additional permission.”   –Facebook

Help take a Byte out of Facebook Scams!

“Increasingly YouTube has been scorned for its move away from its foundation of “free speech video” to being seen as part of the establishment it tried to redefine when it was first established.” –PrisonPlanet TV

Censorship?

YouTube, emulates a meritocracy where highest user ratings and most views will land you on the front page. A vote-bot is a piece of software that can be used to systematically downgrade or upgrade vote popularity. Vote-botting can also  be used to deflate vote ratings to such low levels that this forces the video out of search results.

Over the past two years certain YouTube communities such as Atheist YouTubers have suffered greatly under the deluge of YouTube vote-bots. Atheist video popularity ratings have been frequently sabotaged by strategically planned and maliciously orchestrated bands of malicious vote-bots. It is not unusual for video popularity to be reduced from a 5-star to a 1-star rating within a few minutes of these attacks.

“The bot armies are particularly onerous, automating the process of creating accounts, searching for any video by a particular user, then down-rating them all — resulting in such unlikely scenarios as a few thousand 1-star ratings on a video that’s only been up for a few minutes, thus pushing the video so far down the listings that nobody’s likely to ever see it to begin with.” –How to cheat at Youtube

Another method utilized to censor information on YouTube is defined as false flagging. This can be an automated process that flags videos as inappropriate when content is actually innocuous. The most vile flagging campaigns that I am aware of on YouTube, has been via fundamentalist and religious zealot groups. In their attempt to bully the YouTube fringe groups of Atheists, Wiccan’s, and Pagens, they have managed to destroy the advocacy of free speech at YouTube.

In an article titled You Tube Needs Fixin,’ Professor PZ Myers, biologist and associate professor at the University of Minnesota, Morris stated: “One of the big problems with YouTube is that science channels that criticize creationists are often shut down — they are targeted by votebots that lower their ratings, and there are plenty of people who file frivolous notifications of DMCA violations that lead to whole channels being shut down until the case is fought out. This is not good — the system is hair-trigger sensitive to complaints, but does nothing to filter out the noise of unwarranted claims made solely to silence people.”

The most powerful tool that fundamentalist and religious zealot groups have used against fringe groups at YouTube is the filing of False DMCA (Digital Millennium Copyright Act) claims. This forces YouTube to legally remove the video — effective immediately.

If they are still unable to restrict fringe group information with the three methods I listed above, eventually they often pull a  full monty by filing multiple false DCMA claims.  They know if they file multiple DCMA claims within a short period of time, that the victims channel will be suspended.

“There is a fight going on at Youtube, a fight for free speech, rationality and reason.” –rozeboosje

Please sign the Google/YouTube Censorship Reform Petition

Until Next time – don’t allow yourself to be bullied and stay safe online!

]]> http://tekblog.teksquisite.com/2010/01/05/gaspyoutube-false-flagging-false-dcma-and-vote-botting-shenanigans/feed/ 7 http://tekblog.teksquisite.com/2009/12/27/tech-highlights-from-december-2009/ http://tekblog.teksquisite.com/2009/12/27/tech-highlights-from-december-2009/#comments Mon, 28 Dec 2009 00:44:04 +0000 Teksquisite http://tekblog.teksquisite.com/?p=2040

Twitter hack claimed by Iranian group

The hack that occurred on Twitter itself is significant beyond any wider political motives. It shows that what is the world’s fastest growing communication network is rather insecure.

Being able to change the DNS records of a website means that rather than simply redirecting users to a vanity page identifying the hack, hackers could actually have redirected people to a site that looked rather like Twitter itself.

In a similar way to phishing attacks that mimic online bank accounts, the hackers could have encouraged users to login, thus revealing usernames and passwords.

Expert Rik Ferguson of Trend Micro told me: “One has to wonder how quickly the attack would be noted if the dummy site was an exact replica of the victim and was simply there to harvest credentials and redirect the user then into the real site.  The hack that occurred on Twitter itself is significant beyond any wider political motives. It shows that what is the world’s fastest growing communication network is rather insecure.   –channel4news

Twitter: @channel4news |  @rik_ferguson

Web-Based Worms: How XSS Is Paving the Way for Future Malware

I first became aware of cross-site scripting (XSS) nearly a decade ago. At the time, despite being an all too prevalent bug in Web applications, the risk posed by the flaw was of limited value. It was the go-to vulnerability for any pen tester that was having trouble digging up a meaningful vulnerability to add to his audit report.

That has all changed now. Today, XSS represents a meaningful threat — a threat that is not only leveraged by attackers to harvest authentication credentials, but also is enabling a new generation of malware in the form of Web-based worms.

Depending upon whom you listen to, the statistics may be different, but virtually all agree that XSS remains the most prevalent Web application vulnerability that we face today.  –TechNewsWorld

@technewsworld on Twitter

Cisco gives Zeus, Koobface and Conficker awards

Zeus is the most audacious criminal operation of the year and Koobface the most notable criminal innovation, according to Cisco’s Annual 2009 Security Report. On a positive note, the cybercrime sign of hope award goes to the Conficker Working Group.

Cisco Systems Inc. presented its first-ever Cybercrime Showcase awards as part of its 2009 Annual Security Report, released Tuesday.

Zeus: the most audacious criminal operation – Designed for information stealing and specializing in online banking fraud, Zeus is a shrink-wrapped piece of malware that any criminal is able to buy, explained Henry Stern, senior security researcher at Cisco. Some vendors are selling it as service for about $700 a month, he said.

Koobface: the most notable criminal innovation – Koobface is a piece of malware that takes over a user’s social networking account, explained Stern. “As soon as you get infected, it will send messages to all of your friends and it will try to lure them into becoming infected as well,” he said. –ITWorldCanada

@itworldca on Twitter

New Facebook Privacy Settings Under Fire

Facebook is making major changes to its privacy settings, giving you the opportunity to share your personal information with “everyone” on the Internet. But is that wise?

Facebook’s huge user base is signing onto their favorite social network today, and viewing an important message.

They’re being encouraged to review their privacy settings, as Facebook effectively encourages its 350 million users to share more information with everybody on the Internet.

The worry is, of course, that Facebook’s recommendations may be in the best interests of Facebook — but they may not necessarily be in the best interests of all of its users.     –DarkReading

Twitter: @DarkReading |  @Gcluley

Until next time — Stay safe Online!

]]> http://tekblog.teksquisite.com/2009/12/24/greetings-from-the-tekblog/feed/ 0 http://tekblog.teksquisite.com/2009/12/15/tweeterfast-tweeterfollow-twtkingz-the-never-ending-twitter-scam/ http://tekblog.teksquisite.com/2009/12/15/tweeterfast-tweeterfollow-twtkingz-the-never-ending-twitter-scam/#comments Tue, 15 Dec 2009 23:32:33 +0000 Teksquisite http://tekblog.teksquisite.com/?p=1915 I’ve been following the Tweeterfollow musical domain saga since late September 2009.  The theme never changes.  I’ve also written about their scam/phishing/twitter account hijackings here.

Yesterday the Tweeterfollow (AKA: TF) domain push on Twitter was via Twtxtreme.info (currently disabled) using short url services tinyURL and retwt.me.  Today it looks like TF is promoting twtkingz.info via retwt.me and kiwi.url.  TF consistently uses IP: 124.217.246.188 but because TF switches domains frequently, they have not been blacklisted.

The web login page is always the same:

Description: A place to add more followers for your twitter page. This is a twitter adder site

Keywords: get more twitter followers, tweet, twitter network,twitter train, get more followers on twitter, twitter, tweeter, tweeteradder, tweeterfollow, deadlyx, rawhood, hoodzone, followers, train, vip, tweet

Logged in to the TF Web GUI

Once you are logged in to their website you will automatically follow all VIP members. Then you click  on Twitter profile random images [graphics from a3.twimg.com] to follow regular users [SIC].

Once you have clicked on all 20 default regular users profiles, the pop-up below appears:

Click on the OK button and 20 new profiles will reappear.  You can click all day long and into the night and you will still get the congratulatory pop-up each time you click the 20th profile.

You are also encouraged to purchase a VIP membership using PayPal or a credit card. The account that TF is currently using at PayPal is registered to ryann.johnson2009@gmail.com.

Ability to view protected tweets

Using http://isfollow.com/ I wanted to see if the locked accounts that I randomly followed through the TF API were following me.  The accounts listed below were not following me but I was able to view their PROTECTED TWEETS!

afrheyy
aliamutia
ibaddbxtch
IamHoodBarbie
ohannaweb

Since the above account is not following my test account I should not have been able to view IamHoodBarbies protected twitter stream. Obviously these Twitter profiles are all compromised accounts. A simple change of password is probably not the band-aid that should be used.

The Twitter filter managed to nab the “100 followers” string and filtered these tweets from the test account Twitter stream.  The test account is also not currently accruing a steady stream of profiles from Twtkingz[TOX]info API like it was yesterday.  During the past six hours the test account has only followed one protected account via the TF API.  The test account is still able to view protected tweets of accounts that are not following the test account.

Who is behind all this?

With all the emphasis on botnets, security breaches, and malware; In comparison, Tweeterfollow appears harmless.  Is it?

Domain ID:D30737265-LRMS
Domain Name: TWTKINGZ.INFO
Created On:10-Dec-2009 15:10:50 UTC

Last Updated On:10-Dec-2009 15:10:59 UT

There is something big going down on Twitter

Any website hosted at Piradius.net in Kuala Lumpur, Malaysia should immediately raise  a red flag.

Update:  12-15-09  8:13 pm EDT

Update:  12-16-09

Update:  12-17-09

Update:  12-22-09

Test account data:

December 18:
5 tweets Total

Timing:
2 tweets @8:08  pm from API
1 tweet  @9:54  pm from API
1 tweet  @9:55  pm from API
1 tweet  @10:25 pm from API

URL Breakdown:
3 tweets to twtfollow[TOX] info via ohurl.com
1 tweet to twtfollow[TOX] info via retwt.me
1 tweet = “This site just gave me 100 followers using” no URL

December 19:
9 tweets Total

Timing:
1 tweet   @6:09  am from API
1 tweet   @8:33  am from API
1 tweet   @2:10  pm from API
1 tweet   @4:34  pm from API
4 tweets  @7:09  pm from API
1 tweet   @10:10 pm from API

URL Breakdown:
1 tweet to youtube.com [generic]
1 tweet to twtspeedy[TOX] info [via retwt.me]
2 tweets to twtfollow[TOX] info [via Safe.mn = flagged as a "Dangerous website: Phishing/Malicious Content"]
2 tweets to twtspeedy[TOX] info [via TinyUrl]
1 tweet to twtfollow[TOX] info [kiwiurl.com]
1 tweet to twtfollow[TOX] info [via shorten.ws]
1 tweet to twtfollow[TOX] info [via snipr.com]

December 20:
15 tweets Total

Timing:
1 tweet   @12:34 am from API
1 tweet   @1:10  am from API
1 tweet   @6:11  am from API
1 tweet   @7:12  am from API
1 tweet   @8:34  am from API
2 tweets  @1:31  pm from API
2 tweets  @1:32  pm from API
1 tweet   @1:33  pm from API
1 tweet   @2:11  pm from API
1 tweet   @6:36  pm from API
1 tweet   @7:29  pm from API
1 tweet   @7:33  pm from API
1 tweet   @10:12 pm from API

URL Breakdown is getting spammy, so for the sake of brevity – here goes:
The shorl you requested has been disabled due to abuse. We’re sorry for the inconvenience.
lu.mu disabled
kiwiurl.com disabled
nvg8.it disabled
twtfollows {TOX] Info still online
twtlimit {TOX] Inf still online
retwt.me = .twtspeedy[TOX] info

December 21:
26 tweets Total

Currently pushing the following Toxic URLs:

twtfollows[TOX] info
twtlimit[TOX] info
twtspeedy[TOX] info

Stay Safe Online!

Facebookagent.com website provides this Disclamer:

“Facebook Agent is an automated help manual that guides you through the process of gaining a legal view of the desired profile. This process is completely legal and is achieved through the other party’s aproval and acknowledgement. This software and/or methods should not be used in any other case that is not mentioned above. All facebook trademarks are copyrighted to facebook.com. All actions taken through and in this application are on full responsibility of the user. Facebook Agent is in no condition responsible of any harm, damage or violations done while using this application. If at any stage of the process any party will find violation of law against them, the process should immidiately be terminated and reported to the administration team of the application. By clicking the Start button you agree to take full responsibility of the actions done by this application. All rights are copyrighted to facebook Agent 2009 – 2010. All trademarks found in this application belong to facebook Agent apart from facebook trademarks which are copyrighted to facebook.com. By clicking on the Start button you accept this terms and conditions.”

Most of the links at the FacebookAgent website result in saving or downloading setup.msi. The msi installer loads Facebook Agent.exe and a database file in the Program Files directory. The installer also loads Perflib_Perfdata640.dat into the local user profile temp directory and runs the database file under svchost.

When you first run Facebook Agent there is no exit from the program. Bad code and even worse downloads and toxic URLs await you. Since I did not choose to install the IWON toolbar featuring the MyWebSearch default search provider I had to participate in the Green Card Scam that is listed below.

According to the flimsy interface above you have to click to claim what you have won! Your prize is located at: hXXp://html.usagc[DOT]org/step1landing_eng[DOT]html?afk=ranygnewcplcmp0309eng. Then you have to fill out a form that includes your full name, email address, country of birth, marital status, and telephone number. You also have to answer this dropdown menu question:

After I filled out the online form with false information, I received this response:

Canada, Mexico, and the United States are ineligible. On the same page I was also given the option to select another country if I were a native of a qualifying country or if my parents were born in a qualifying country. I opted for Australia and was quickly promoted to step 2 in the process!

I had a good smirk over the warning “using a stolen or fraud credit card number will automatically disqualify you from participating forever!! USAGC will immediately cancel your application and pursue legal remedies.”

USAGC is a scam! Don’t fall victim to this Green Card lottery scam! The DV-2011 Diversity Visa Lottery( run by The U.S. Department of State) online entry registration period ended on November 30, 2009

I was soon bored with the Green card lottery scam so proceeded to install the IWON Toolbar and failed.

After finishing the installation of IWON, I had to go to iwon.com to register for a free account. Overall, you can only get to step 1 in Facebook Agent because you can’t get to step 2 without filling out credit card information.

Finally I ran Malwarebytes again to see what nasties Facebook Agent had installed.

Proper use of English could get a virus past security

Hackers could evade most existing antivirus protection by hiding malicious code within ordinary text, according to security researchers.

One of the most common ways of hijacking other people’s computers is to use “code-injection” attacks, in which malicious computer code is delivered to and then run on victims’ machines. Current security measures work on the assumption that the code used has a different structure to plain text such as English prose.

Now a team of researchers has highlighted a potential future theatre in the virus-security arms race by working out how to hide malware within English-language sentences.

Hackers call the part of a code-injection attack that is used to gain control of a vulnerable computer “shell code”. Because this is usually written in machine code, Mason and colleagues dubbed their technique “English shell code”.

They presented their research (PDF) at the ACM Conference on Computer and Communications Security in Chicago earlier this month, being careful to leave out some of their methodology to avoid helping malicious hackers. –New Scientist

@Newscientist on Twitter

Hacker to be sent to face trial in US despite relatives’ suicide fear

LONDON: A British computer hacker who has Asperger’s syndrome is at serious risk of suicide, relatives say, after a last-ditch attempt to prevent his extradition to the US was rejected.

In a letter the Home Secretary, Alan Johnson, ordered Gary McKinnon’s removal to the US on charges of breaching American military and NASA computers, despite claims by his lawyers that extradition would make the 43-year-old’s death ”virtually certain”.

The decision, described by lawyers as callous, has prompted fresh fears about Mr McKinnon’s wellbeing. Thursday’s letter rejected new expert medical evidence that Mr McKinnon’s health had deteriorated dramatically since he lost his case in the High Court in July, and meant that extradition would
violate his right to life.  –Guardian News & Media

@GuardianNews on Twitter

Please follow computer engineer @Brian_Howes on Twitter who fights illegal extradtion for All to the DEATH.

Vendor rages after iPhone hacker given job
The code was rubbish too, says Sophos.

A security firm has expressed incredulity at the news that the Australian prank hacker who wrote a program targeting Apple iPhone users has been given a job by an application developer.

The writer of the Ikee worm, Ashley Towns, sprang to prominence only two weeks ago after his creation was found to be changing the desktop wallpaper on some ‘jailbroken’ or unlocked iPhones to display a picture of 1980’s British pop-star Rick Astley. Now, fellow-Australian software company mogeneration is reported to have offered Towns a paid job after hearing of his efforts.

“Yey, I got the job. I’m now an iPhone application developer,” says the 21-year old’s Twitter feed, adopting a nonchalant attitude that has seriously annoyed more than one security company. Currently, only one is willing to go on the record.

“What disheartens me is that Towns has shown no regret for what he did. He admitted specifically infecting 100 iPhones himself, letting his worm loose in the process. Now his utterly irresponsible behaviour appears to have been rewarded,” said Graham Cluley of software outfit Sophos, in an emailed press statement. –Techworld

John E. Dunn/@dourscot on Twitter

Shadowserver to Take Over as Mega-D Botnet Herder

An effort is underway to clean up tens of thousands of computers infected with malicious software known for churning out thousands of spam messages per hour.  The infected computers are part of a botnet called Ozdok or Mega-D, which at one time was sending out around 4 percent of the world’s spam messages.

Last week, security vendor FireEye launched a drive to dismantle the botnet. The infected computers receive instructions and information for new spam campaigns through command-and-control servers. FireEye contacted network providers which hosted those servers, and most were shut down.

That meant that the people controlling the hacked PCs, known as botnet herders, couldn’t contact most of their bots anymore. Spam from Mega-D almost stopped entirely. FireEye also cut off a second redundancy mechanism the herders programmed into Mega-D…FireEye has now handed control of those bots over to Shadowserver, a volunteer-run organization that tracks botnets.

Shadowserver has taken over the administration of a “sinkhole,” or a computer running custom software that acts as a command-and-control server that the Mega-D bots will call on, said Andre’ M. DiMino, Shadowserver’s co-founder.– Networkworld

@networkworld on Twitter

Until next time — Stay safe Online!

I am currently reading a read me from a recent .rar that I downloaded and extracted over at Tubnut (that is a pet name for  my virtual station that analyzes files.)  The one question in the read me that consistently catches my attention is —How can I get somebody to login to my phisher— The answer: “That’s for you to find out, use your mind. Probably the simplest way is Social Engineering and some phishing skill. Here is an example : hXXp://imgdevil.com/pfiles/11140/munged”

The one commonality between affiliate marketers and cyber-criminals is that they are both highly adept in the art of social engineering. Michigan.gov defines social engineering as “an approach to gain access to information, primarily through misrepresentation, and often relies on the trusting nature of most individuals.”

Most affiliate marketers remain in the gray area of social engineering.  They also hold a strong emphasis on scam-type marketing campaigns in order to promote traffic to their website, specifically for the purpose of financial gain.  In comparison, Cyber-criminals fully embark in blackhat social engineering techniques, developing fake “phishing” sites in order to gain access to financial accounts.

Today I found an affiliate marketer on Twitter who participates in both forms of social engineering.  Though his account is not listed in Twitter search, I assume that he is from Pakistan and that he only uses anonymous accounts/sites to post content.  I am not posting his information here at the Tekblog.  For the purpose of this post I will refer to the affiliate marketer/phisher as P-man. So lets now move on to disclose some of the findings from P-mans phishing .rar.

I was 100% amazed to not find a Twitter Phisher here!

The major points that P-man promotes is that a phisher must:

1- Find a web host that supports php
2- Have a plan in place to send victims to the Index page
3- Learn how to hide links in forums
4- Seek free hosting/free domains (all anonymous)
5- What email spamming service to use
6- The use of URL shortening services to hide the phish
7- Proxies

There are also text files in many of the phishing folders that direct you to other underground technology websites.  You will be instructed to register at these sites before you are allowed access.  I believe that these underground sites will also be looking at your IP, OS vulnerabilities, etc in order to asses your intentions in registering.  You can anticipate that there will be many sites that will also redirect you to set up a meeting in mIRC, regarding more complex phishing site configurations.

Paypal

While perusing the Paypal directory I noticed that there was a possible paypal phishing tutorial located at  the free domain of DaveDaDon.  His motto: Touch ME? Neva. His domain is now suspended…

Ironically Touch ME? Neva guy who goes by the online name of DAVEDADON,  had the balls last year to post at the Microsoft Fóruns do Visual Studio.  Perhaps ego rides a wild donkey too?

Freewebs

DAVEDADON also allegedly provided a Freewebs phishing tutorial at his now defunct site. This was the one and only folder in the .rar that included a WARNING.

This warning, apparently intended to pose as a disclaimer against holding DaveDaDon liable for anything that smacked of criminal intent:

DaveDaDon is not playing nice with his phishing students either!

P-man is anonymous…He uses Twitter and Facebook to push traffic back to an anonymous website.  P-man has myriad Pakistani friends.  P-man affiliates with phishers, may be phishing,  and emulates  viral marketing.

Online age: 13-21

Country: Pakistan

Twitter: 1007 followers (affiliate marketer, filtered from Twitter search)

Facebook: Fan page, 104 followers (most download links lead back to P-mans blog)

Until Next time — Stay safe online!

]]> http://tekblog.teksquisite.com/2009/11/26/an-affiliate-marketer-shows-you-how-to-go-phishing/feed/ 0 http://tekblog.teksquisite.com/2009/11/25/my-usb-flash-stick-is-broken/ http://tekblog.teksquisite.com/2009/11/25/my-usb-flash-stick-is-broken/#comments Wed, 25 Nov 2009 23:17:53 +0000 ITTekTips http://www.teksquisite.com/blog/?p=1717 Maybe not! I have an 8 GB USB stick that is only showing 950 mbs of available disk space.  After doing a bit of Google research I decided to visit http://files.extremeoverclocking.com/file.php?f=197 and download HP USB Disk Storage Format Tool – v2.1.8, a nifty little USB format utility that is free to use.

Note: Be sure to download from the Primary Download Site

As you can see from the screen capture above, I did not use the quick format option.  Formatting took almost an hour to complete, and this fabulous utility was able to retrieve all lost disk space.

If you have a USB stick that is missing disk space, give this HP USB Disk Storage Format Tool a shot.

Until next time – Stay safe online!

Last month Brian Krebs wrote an interesting and informative article about E-Banking on a Locked Down (Non-Microsoft) PC for business owners, and outlined a tutorial on how to accomplish security online.

“In past Live Online chats and blog posts, I’ve mentioned any [sic] easy way to temporarily convert a Windows PC into a Linux-based computer in order to ensure that your online banking credentials positively can’t be swiped by password-stealing malicious software. What follows is a brief tutorial on how to do that with Ubuntu, one of the more popular bootable Linux installations.” – Washington Post, Security Fix blog

Receiving strong reactions from his readers, Krebs posted a rebuttal titled E-Banking on a Locked Down PC, Part II.  He further demonstrated that the initial article was not directed at consumers, but at “small to mid-sized companies that may not have a full-time IT/security staff, and who rely on one or two people to handle their bank accounts and payroll online.”

Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit (NSW Police) uses two rules to protect himself from cybercriminals when banking online:   Never click on URLs to the banking site and  avoid Microsoft Windows.   — ITNews Great advice during the onslaught of  Zeus and the the Clampi Trojan…

Adrian Kingsley of ZDNet upped the malware  alert a few notches when he stated  “It’s time to ditch Windows for online banking and shopping. There, I’ve said it.”

You can have all the security preventatives lined up in a row and quacking, but you can’t protect ducklings that choose to cross the freeway during rush hour traffic.  Windows is currently the primary target of global malware authors.  Tomorrow it could be Linux.  Next week it could be Mac.  Any operating system that connects to the Internet and conducts financial transactions is fair game.  Since a larger % of Internet users employ the windows platform to do online banking, it is obvious that windows would be the operating system of choice for cyber-criminals to pursue today.

Recently I restricted online financial transaction access to one workstation and to specific websites on a standalone Ubuntu computer.

Read Part I: Intruder Defense – Become part of a Solid Internet Security Solution (SISS)

Until next time — Stay safe online!

Dinner_Guest

Twitter Bio: I can’t help myself and i need to tell someone. Love the kill
Joined: Tue 10 Nov 2009 21:41

Following: 1  |  Followers: 100  |  Updates: 41

Being an avid Techcrunch fan, I was intrigued with Mike Butchers article “Is @Dinner Guest a sick joke or a real murderer on Twitter?” Who is this Dinner_Guest tweeter who has gone from 4 followers to over 100 followers as of this writing?

I’m watching this account now via Tweetdeck as Dinner_Guest plays a dumbed down version of a Twitter newbie.

Why did Dinner_Guest choose to follow RACarter?

• Bio CFO for hire by the day to StartUps. Now myself a StartUp. I work a lot with the London tech scene.

And what are the the social implications of such shockingly dark tweets?

Is this a PR stunt or ?

I honestly think that this is a PR stunt.  I added this person to one of my lists so that I can keep a close eye on tweets without having to follow the profile.

Stay tuned for future revelations as the plot thickens…

Twitter ’serial killer’ comes to Brighton Brighton and Hove News

Why @Dinner_Guest is probably a fake

The mystery has ended.            Update 11/18/09

New Bio: “A fictional character born out of an artists mind. A meme experiment. & analysis.”

Until next time — Stay safe online!

]]> http://tekblog.teksquisite.com/2009/11/17/dinner_guest-viral-pr-or-the-real-thing/feed/ 1 http://tekblog.teksquisite.com/2009/11/17/the-butterfly-effect-are-you-smart-enough-to-run-a-website/ http://tekblog.teksquisite.com/2009/11/17/the-butterfly-effect-are-you-smart-enough-to-run-a-website/#comments Tue, 17 Nov 2009 06:55:04 +0000 Teksquisite http://www.teksquisite.com/blog/?p=1530

The butterfly effect: “Small variations of the initial condition of a dynamical system may produce large variations in the long term behavior of the system.”

In the realm of Internet security, webmasters (hosting service providers) are pivotal in reducing the impact of compromised/malware-laden websites.  Once a compromised site becomes known to a webmaster (or hosting service provider) it should immediately be disconnected from the Internet.

As a webmaster (hosting services provider) you play an integral role in guarding the integrity of site code and maintaining upgrade compliance. One neglectful action on your part – such as failure to acknowledge a website vulnerability can seriously effect all site visitors.  An iframe exploit may seem small and insignificant at first, until a payload is dumped and eventually herds hundreds, or even thousands of innocent victims into the bowels of a stealthy botnet.

As a webmaster (hosting service provider) when using social networking sites such as Twitter and Facebook, you are also responsible for the health of your profile URL that links back to your website. If a social networking site filters your profile link, you should take the warning seriously.

Recently, I was astonished and alarmed by a website owner on Twitter.  She disguised her profile link with another domain that redirected visitors back to the initial infected domain.  She was able to trick Twitter filtering, but at what cost to website visitors?  Her reasoning for switching the URL was “yeah i thought maybe i could trick it but i guess not. i’ll have to remove the links for now.”  The new link was never removed from her profile, though her site was eventually cleaned up. How many people became infected during the interim trick?  Irresponsible actions, as noted above, are all too prevalent when it comes to taking social responsibility for compromised websites.

Are you smart enough to run a website?

Taking responsibility for Internet security is something that we all should be taking seriously. From home user levels to corporate user levels – there is no room for feigning technological stupidity.  If you are a small business owner and operating a company website, you need to become educated on how to properly secure and maintain your website.  If you are unable to take Internet security seriously, you will need to hire a professional.

Cyber-crooks are relentless in their pursuit of your money and “It’s all about the money,” according to Graham Cluley, senior technical consultant at Internet security firm Sophos. In the worst case scenario, your identity and your financial security can be severely compromised. –Source: Bill Mullins

Running a website is a huge responsibility and should not be taken lightly. Today, cybercrime rules the Internet highways. If you don’t know how to drive, park the car and get out now!

Being involved in computer security, I am amazed and frankly frustrated, at the lack of personal responsibly [SIC] exhibited by most typical computer users, and most importantly, the lack of commitment to acquiring the knowledge necessary to ensure personal safety on the Internet. In a word, becoming “educated”. –Source: Bill Mullins

The butterfly effect is here to stay.  Even the smallest of actions can severely impact all of us.  One malware link to a .cn domain could compromise one computer.  One computer then joins a botnet.  Next on the agenda — ten housand computers join a botnet.  Why?  Because the computers already house severe vulnerabilities.  As webmasters (hosting service providers) do not downplay your Internet security role as insignificant.

Steps that you can take to secure your website:

Kevin Roderick suggests Seven essential resources to help protect your website from technical attack:

1. Google’s Webmaster Tools
2. Google’s Safe Browsing Diagnostic Tool
3. Google’s Online Security Blog
4. Stop Badware’s Link Clearinghouse
5. Webmaster World
6. Matt Cutts’ Blog
7. Search Engine Land

Until next time — stay safe online!

Analysis at ThreatExpert exposed some pretty serious threats:

There were five .js links on the Facebook landing page <REMOVED>

Canonical name: gateway02.websitewelcome.com -all IP’s consistent with that of a Mail Server.
Addresses:
69.41.248.84
69.56.142.20
69.56.159.20
69.56.170.20
69.56.176.20
69.56.184.20
69.56.212.20
69.56.216.20
69.56.224.20
69.56.236.20
69.93.106.20
69.93.115.20
69.93.126.20
69.93.136.20
69.93.139.20
74.52.222.226
67.18.36.20
67.18.53.20
67.18.62.20
67.18.65.20
67.18.66.20
67.18.80.20
67.18.81.20
69.41.242.20
69.41.247.20
69.41.248.20

That is about all I know for today!  If any security expert needs more info – just ask!

Update:  10-22-2009 7:05 PM

Until Next time — one-off, security terrior here, and I never let go of a bad guy (wink)

Jeff Hexter is an Independent Computer Consultant based in Cleveland, Ohio,
and daddy to a couple of very busy little girls. Since 1997, his company:
Always Keep Computing Inc. has provided Macintosh, PC, and
Internet technical support for small businesses and individuals who lack
their own dedicated tech support staff.  Jeff specializes in teaching these
groups to support themselves.

Lately, his work has consisted of: fixing the weird problems that no one else
seems to know how to fix, cleaning malware infected PCs, implementing disaster
recovery systems (backup!), and training people how not to be phished. Oh, and
chauffeuring the two girls to their various activities…

Malware Hunting:

Cain and Abel for simple password recovery

Spacemonger for looking for files on drives taking up weird amounts of space

Adaware by Lavasoft (Free) an anti-spyware proactive malware removal tool with advanced Genotype detection.

AVG Free Edition (now testing Microsoft Security Essentials to replace it)

a-squared Free 4.5 –> 2 Cleaning Scanners in 1: Anti-Virus + Anti-Spyware

Belarc advisor Free personal PC audit!

Malwarebytes Anti-Malware – Identifies and removes malicious software from your computer

Spybot Search and Destroy – searches entire computer for badware missed by anti-virus programs.

SuperAntispyware – detects and removes all malware

Whats Running - gives you an inside look into your windows system

Data Backup:

EMC Retrospect (commercial software)

CrashPlan — (I use the free software, not the off-site service)

Gladinet — I’m experimenting with this as well Microsoft SyncToy (good, quick data transfer from a damaged drive to a working one, NOT RELIABLE ACROSS A NETWORK)

2BrightSparks SyncBack – (similar to SyncToy, but more features)

Acronis True Image Home 2010 –  (I use the demo, testing for disk backup)

Microsoft LiveSync — (this is an amazing lifesaver… I use it as part of my software tools collection routine. More on that later)

Troubleshooting Tools:

CPU-Z – freeware that gathers information on some of the main devices of your system.

Daemon Tools Lite — (for mounting CD and DVD ISO image files, often easier to carry with my than a bunch of CDs and DVDs)

GPU-Z 0.3.6 – information about your video card and GPU.

Inssider – see all RF activity affecting your network

IPscan — IP and port scanner

LScan –fingerprint an application or file to verify its integrity

Networx bandwidth monitor — Measure bandwidth and track down suspicious network activity

Prio — This is REALLY neat if you like to tweak your processes

Vistumbler — find wireless access points

WireShark — Network protocol analyzer

General Software Updates (for those things many people seem to have):

Secunia Personal Software Inspector - secure your computer against vulnerabilities is the operating system and in applications

FileHippo Update checker sort of like Windows Update, but for lots of applications.

I also keep a large list of the actual installers for things like Adobe Reader, Adobe Flash, and other freeware applications that clients always tend to need updated. I used to download the updater every few weeks, but I was always looking for a better way and found one!

More technical advice:

Filehippo.com is a GREAT repository for most of this stuff. But that was not the end of my looking. I found it, in a program called Ketarin (pronounced Caterin’, like “Catering”). It can be downloaded at http://ketarin.canneverbe.com/ and it keeps your setup packages up-to-date. Ketarin is a little difficult to configure, but once it is properly configured, you can just run the program and it updates the installers for most of the programs on the list above. It is also configurable to remove the old version number and update the new version number of the file name.

I use Windows Live Sync to share the directory of installers and updaters across several of my own machines and a couple of my client’s computers. I also copy these directories to an 8GB USB drive to carry on site (beats carrying the large CD case I used to have). Plug in, copy updaters to computer (or upload to a server), install updates. Saves tons of time and bandwidth (and client money, since I typically charge by the hour).

In conclusion, I backup multiple computers to a server with lots of hard drives running EMC Retrospect. I also backup certain other data using Crashplan software (free), just for testing purposes so far, but it seems to work as advertised. I’m always looking for free or inexpensive solutions to common problems for myself and my clients (small businesses and individuals). I’ve experimented with freenas and other NAS solutions too.

I am considering off-siting my data with http://www.onlinestoragesolution.com/ (but they seem too good to be true   – $20/year, unlimited storage). Have you heard of them? I’m trying to live by the adage “A file does not really exist until it exists in at least two places”

Oh, and my first line of network defense is an old Pentium III 933Mhz running the linux IPCop firewall distribution… Though as of last night I am considering moving to Astaro Security Gateway (since their free license just increased from 10 to 50 computers).

-Jeff Hexter
Always Keep Computing Inc.
jeffhex@gmail.com
Follow @jeffhex on Twitter!

Another scam site with a very bad T.O.S. (Terms of Service) – “THROUGH THE SITE” means TWITTERVIDEOS<>COM and they are absolutely NOT TAKING ANY RESPONSIBILITY for files that you may DOWNLOAD from their site!  

Be sure to read this section of their T.O.S. closely:

Not even a FAQ exists, and a Whois look-up reveals that they have masked their domain via a shield of anonymity with Domains by Proxy, Inc.

This is just one example of the many scam affiliate operatives that promote this type of rubbish on Twitter.

Until Next time — one-off, security terrior here, and I never let go of a bad guy (wink)

The use of  Microsoft’s operating system leaves you vulnerable to possible infections and reinfections if your system is not patched.  Security software can’t update definitions if the threat is under-reported and still in-the-wild.If you use a security suite that includes an anti-virus, anti-spyware, firewall, privacy/parental/phishing controls, — you are not protected against ALL Internet threats.

“Few will have the greatness to bend history itself; but each of us can work to change a small portion of events, and in the total of all those acts will be written the history of this generation.”  — Robert F. Kennedy

Before connecting to the Internet you should make sure that your computer is safe to surf  the Internet via a layered approach.  Aside from using a good anti-virus suite you should also use browser security add-ons such as Finjan Secure Browsing, McAfee SiteAdvisor 2.9, and W.O.T. If you frequent social networking sites, you should become familiar with current security threats and take precautions seriously in order to avoid becoming infected.  If you constantly connect to sites via shortened URLs, download and install AVG free LinkScanner, ( a free security tool that can detect malicious pages.)

If you use Twitter, download and install Immunet Protect:  “The solution is clever. It leverages the idea of safety in numbers. Every time someone in the Immunet Protect network encounters a virus, the threat is identified, logged, and blocked on a centralized server platform. Instantaneously, because of the way Immunet works, everyone in the network can be protected from that identified virus.”   –venturebeat.com

More recommended security tools to add to your arsenal

Secunia Software Inspector

Be sure to check your computer system and application software with Secunia Software Inspector as part of your regular security maintenance routine.

Secunia Software Inspector will detect vulnerable applications and provide you with the link to the update site.  After you update your operating system or  application software, be sure to re-scan to validate that the vulnerabilities have been corrected.

The Adobe Reader 9.x example screenshot listed below includes the application that is vulnerable, current version, and the version that you should update to in order to correct the problem.

If you want even better security update advice for your computer system(s) then you should use:

Home User,  Personal Desktop:

Business User:

If you don’t have a regular security maintenance routine,  be sure to stay tuned to this blog and I should have one available for download by the end of this month. If I forget about it, please tweet me up @teksquisite.

Trend Micro: RUBotted

The next uber cool security tool that I highly recommend is RUBotted: an anti-botnet detection tool from Trend Micro that sits silently in your desktop tray, while watching for incoming botnet activity.  RUBotted co-exists comfortably with current AV software.

Update [10-18-2009]: This tool could use a bit of tweaking to give more information than “Detected DNS query of malicious domain.”  (It would be nice to get the domain name and IP number too.)  RUBotted only has one solution available, and that is to go toTrend Micro’s Housecall site to get it cleaned. The solution may become part of the problem for this particular tool, as more Internet security sites become blocked by malware.

“RUBotted monitors your computer for suspicious activities and regularly checks with an online service to identify behavior associated with Bots. Upon discovering a potential infection, RUBotted prompts you to scan and clean your computer.” –Trend Micro

This tool is a worthwhile tool to include in your security toolbox…

Using a “layered approach” is the suggested method to better secure your system(s).  It is a dog-eat-dog Internet when we are dealing with the $$$ bad boys from the dark side over yonder.  Being part of a “Solid Internet Security Solution” or SISS,  is the ability to take responsibility for policing your own Internet security FIRST.

On a holistic level, what goes around comes around — don’t share your viruses or botnet connections with other Internet users.  Stay tuned for Part II of Intruder Defense SISS in November!  Comments are welcome at this blog

I will close with my new Twitter #FF recommendation signature gratis Rik Ferguson, Senior Security Advisor at Trend Micro:

Until Next time — one-off, security terrior here, and I never let go of a bad guy (wink)