Since a month, I’ve been advising the use of the F-Secure Rescue CD to readers and friends. That makes it time for a little video, showing you how to use it.
YouTube, Vimeo (better quality) and XviD hires (even better quality).
Thursday 21 August 2008
Tuesday 19 August 2008
A Third SpiderMonkey Trick
This escaped my attention, but SpiderMonkey 1.7 has been released for some time now.
I patched this new version (download on my SpiderMonkey page), and decided to add another small trick: implement the window object with the navigate method:
Wednesday 13 August 2008
Fake MSNBC Breaking News or Fake CNN Custom Alert? Make Up Your Mind!
I appreciate a good joke:
Monday 11 August 2008
Gmail Warns Against Fake CNN Alerts
Gmail identified the Fake CNN Alerts as SPAM from the beginning, but now warns against phishing too:
Sunday 10 August 2008
Sampling a Malicious Site
Fake CNN alerts galore!
I seize the opportunity to publish a new video (warning: 8 minutes of command-line staring) (hires XviD version here) showing you how to use my tools to retrieve malware samples hosted on a website. If you just visit an infected website with Internet Explorer, you run the risk of infecting your machine. The safe way to retrieve samples is to work in a low-risk environment (e.g. non-root account on a Linux VM) and use tools that are unlikely to be the target of exploits hosted on said website.
The following tools are featured in the video:
- wget -U ‘Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)’
- extractscripts.py
- a modified SpiderMonkey
- pecheck.py (just some glue for pefile)
- Virustotal
The file numbering trick (01., 02., 03., …) allows me to document exactly how I obtained the sample.
Since I recorded the video, the malware seems to have been removed from the site. But be careful, it’s not uncommon that compromised websites get reinfected.
Friday 8 August 2008
Fake CNN Custom Alert
Here’s a new social engineering trick I hadn’t seen in my spam mail before:
The Shia link actually points to a real CNN article about the olympics & terrorism. So you might be inclined to click on the full story link.
Like the CNN Top 10 malware, it has a fake Flash update:
Which happens to be malware.
Thursday 7 August 2008
Update: USBVirusScan 1.7.2
I release USBVirusScan version 1.7.2.
Two new features:
-s scan available removable drives when USBVirusScan is started
-r also start the command at drive removal, parameter %e indicates drive arrival ‘A’ or drive removal ‘R’
Download:
USBVirusScan_V1_7_2.zip (https)
MD5: BDEF7BAE13C10B2B6CD650A89FD910ED
SHA256: 0090C73D6A3725E75C3388387A7A9E869C5D6BEA83E0D4D612E1CB25458163F3
Tuesday 5 August 2008
How Is My Hacking? (.com)
My new stickers arrived today:
From now on, winners of my little puzzles can expect a little prize (I’ll contact winners of past puzzles)…
Monday 4 August 2008
Update: wsrtool
Ryan Goodings suggested I modify the header (starting_frequency and readings_per_sweep) of a band-pass filtered wsr file, to have Chanalyzer scale the filtered section. Here is the new version (use option –reduce), and this is the result:
Friday 1 August 2008
wsrtool
Another WiFi program: wsrtool.py This Python program allows you to process wsr files (capture files of the ISM spectrum, created by Chanalyzer with a Wi-Spy adapter).
The tool filters out selected frequencies or amplitudes (band-pass and band-stop filter).
You need to install the Python module Construct.
Here’s an unfiltered capture:
And here I used a band-pass filter with cutoff frequencies 2420 MHz and 2445 MHz:
Didier Stevens 