What is Wireshark Antivirus?
Wireshark Antivirus can be personal in to antagonistic software, that can taint your complement unknowingly. It is unequivocally tough to acknowledge Wireshark Antivirus given it doesn’t uncover in the Manager Task though logs all the keys that we type. Once your mechanism gets putrescent with it, it will guard the Titles of stream Windows, together with ICQ, MSN, BANK, STOCK, ONLINE BUSINESS as well as so on.
While monitoring, it will jot down the report that we sort automatically as well as afterwards send your report to the censor controller who has putrescent your Personal Computer with Wireshark Antiviruss. Although it is intensely dangerous as well as tough to detect, we should try the many appropriate to mislay it from the PC! How to mislay Wireshark Antivirus? It might be the small tough for people who have been miss of enough mechanism knowledge. But we can ask assistance from veteran tools-security module that contains the duty of stealing Wireshark Antivirus.
How to Remove Wireshark Antivirus Completely 1) Firstly we need to go to Start, as well as afterwards to your Control Panel.
2) Once there, find, name as well as click the Add/ mislay Programs button.
3) Once you’ve did that you’ll right away see the outrageous list with all kind of programs that have been commissioned upon your computer. Scroll down the list until you’ve stumbled upon Wireshark Antivirus Messenger as well as name it.
4) Once comparison we usually have to strike the mislay symbol as well as the dismissal routine begins.
Remove Wireshark Antivirus completely!Generally speaking, there have been dual methods to forestall the attacks of Wireshark Antivirus. One is your self-protection awareness. Sometimes, if we have been some-more careful, studious as well as prudent, we can simply get absolved of the irritating of neglected software. So greatfully do not omit suggestions from your friends or online experts. Think about it prior to we lead. The alternative is to operate veteran apparatus to mislay Wireshark Antivirus. Admittedly, it is additionally the many in effect as well as secure approach available. With the assistance of veteran program, we can be during palliate with the Personal Computer security.
Information Security Forum
Sunday, November 7, 2010
Saturday, November 6, 2010
Information Security Forum: Microsoft's Ballmer sells 12 percent of his stake ...
Information Security Forum: Microsoft's Ballmer sells 12 percent of his stake ...: "Microsoft Corp Chief Executive Steve Ballmer sold $1.3 billion worth of shares in the company, cutting his stake by about 12 percent, but sa..."
Microsoft's Ballmer sells 12 percent of his stake in company
Microsoft Corp Chief Executive Steve Ballmer sold $1.3 billion worth of shares in the company, cutting his stake by about 12 percent, but said his first stock sale in seven years should not be taken as a lack of confidence in the world's largest software firm.
Ballmer said he will sell more shares by the end of the year, in a move to diversify his investments and plan for taxes, but the company sought to allay talk that the 54-year old executive, who has been CEO since 2000, may be preparing an exit from the company.
"Even though this is a personal financial matter, I want to be clear about this to avoid any confusion," Ballmer said in a statement on the company's Website. "I am excited about our new products and the potential for our technology to change people's lives, and I remain fully committed to Microsoft and its success."
Ballmer, who was the first business manager at Microsoft when he joined in 1980, has not shown any interest in stepping down or leaving the company, despite some criticism from Wall Street over the company's lagging shares, which are trading at the same level as 2002.
According to a filing to the U.S. Securities and Exchange Commission on Friday, Ballmer sold 49.3 million Microsoft shares in the last three days, at prices just above and below $27 per share.
Ballmer said he plans to sell up to 75 million shares by the end of this year. If he does sell that many shares, that would mean a 18 percent cut in Ballmer's stake, based on the 408 million shares he held before the sales in the last few days.
As of Friday, Ballmer still holds about 359 million Microsoft shares, or 4.2 percent of the company, worth about $9.6 billion. That makes him the second largest shareholder behind Chairman and co-founder Bill Gates, according to Thomson Reuters data.
Gates, who holds about 621 million shares, or about 7.2 percent of the company, regularly sells shares in batches of 1 million or 2 million to fund his philanthropic foundation.
Microsoft shares were unchanged in after-hours trading on Friday, after closing down 1 percent at $26.85 on Nasdaq.
Source:http://www.reuters.com/article/idUSTRE6A501K20101106
Ballmer said he will sell more shares by the end of the year, in a move to diversify his investments and plan for taxes, but the company sought to allay talk that the 54-year old executive, who has been CEO since 2000, may be preparing an exit from the company.
"Even though this is a personal financial matter, I want to be clear about this to avoid any confusion," Ballmer said in a statement on the company's Website. "I am excited about our new products and the potential for our technology to change people's lives, and I remain fully committed to Microsoft and its success."
Ballmer, who was the first business manager at Microsoft when he joined in 1980, has not shown any interest in stepping down or leaving the company, despite some criticism from Wall Street over the company's lagging shares, which are trading at the same level as 2002.
According to a filing to the U.S. Securities and Exchange Commission on Friday, Ballmer sold 49.3 million Microsoft shares in the last three days, at prices just above and below $27 per share.
Ballmer said he plans to sell up to 75 million shares by the end of this year. If he does sell that many shares, that would mean a 18 percent cut in Ballmer's stake, based on the 408 million shares he held before the sales in the last few days.
As of Friday, Ballmer still holds about 359 million Microsoft shares, or 4.2 percent of the company, worth about $9.6 billion. That makes him the second largest shareholder behind Chairman and co-founder Bill Gates, according to Thomson Reuters data.
Gates, who holds about 621 million shares, or about 7.2 percent of the company, regularly sells shares in batches of 1 million or 2 million to fund his philanthropic foundation.
Microsoft shares were unchanged in after-hours trading on Friday, after closing down 1 percent at $26.85 on Nasdaq.
Source:http://www.reuters.com/article/idUSTRE6A501K20101106
Friday, November 5, 2010
Introduction to Trojans and Backdoors
Introduction
Trojans and Backdoors are sorts of Bad-wares which their main purpose is to send and receive data and especially commands through a port to another system. This port can be even a well-known port such as 80 or an out of regular ports like 7777. The Trojans are most of the time defaced and shown as a legitimate and harmless application to encourage the user to execute them. The main characteristic of a Trojan is that first it should be executed by the user, second sends or receive data with another system which is the attacker’s system.
Sometimes the Trojan is combined with another application. This application can be a flash card, flash game, a patch for OS, or even an antivirus. But actually the file is built of two applications which one of them is the harmless application, and the other one is the Trojan file.
Technically defined, a Trojan horse is “a malicious and security-breaking program which is designed as something benign”. Such a program is designed to cause damage, data leakage, or make the victim a medium to attack another system.
A Trojan will be executed with the same privilege level as the user who executes it; nevertheless the Trojan may exploit vulnerabilities and increase the privilege.
An important point is that not only the connection can be online (so that the commands or data are transmitted immediately between the hacker and victim), but also the communication can be offline and performed using emails, HTTP URL transmits or as the like.
Auto Start Methods
One of the actions usually Trojans perform is to make themselves Auto-Start to be executed each time the system reboots. Below are some registry keys Trojan Horses modify for this purpose:
HKLM\Software\Microsoft\Windows\Current Version\Run
HKLM\Software\Microsoft\Windows\Current Version\Runonce
HKLM\Software\Microsoft\Windows\Current Version\RunServices
HKLM\Software\Microsoft\Windows\Current Version\RunServicesOnce
HKLU\Software\Microsoft\Windows\Current Version\Run
HKLU\Software\Microsoft\Windows\Current Version\RunOnce
Types of Trojans
Remote Access TrojansThis sort of Trojans provides full or partial access and control over the victim system. The server application will be sent to the victim and a client listens on the hacker’s system. After the server is started, it establishes the connection with the client through a predefined port. Most of the Trojans are of this kind.
Data Sending TrojansUsing email or a backdoor, this type of Trojan send data such as password, cookies or key strokes to the hacker’s system.
Destructive TrojansThese Trojans are to make destructions such as deleting files, corrupting OS, or make the system crash. If the Trojan is not for fun, usually the purpose of such Trojans is to inactivate a security system like an antivirus or firewall.
DDos Attack TrojansThis Trojans make the victim a Zombie to listen for commands sent from a DDos Server in the internet. There will be numerous infected systems standby for a command from the server and when the server sends the command to all or a group of infected systems, since all the systems perform the command simultaneously, a huge amount of legitimate request flood to a target and make the service stop responding.
Proxy TrojansIn order to avoid leaving tracks on the target, a hacker may send the commands or access the resources via another system so that all the records will show the other system and not the hacker’s identities. This sort of Trojans are to make a system works as a medium for attacking another system and therefore the Trojan transfers all the commands sent to it to the primary target and does not harm the proxy victim.
Security Software Disabler TrojanThis kind of Trojan disables the security system for further attacks. For instance they inactivate the antivirus or make it malfunction or make the firewall stop functioning.
How to find the Trojan activity
The best method to find the Trojan is by monitoring the ports transmitting data on the network adapter. Note that as mentioned above there are Trojans which can transmit the commands and data via standard ports such as 80 or SMPT (email) which this method of inspection is not effective on them.
The command nbtstat is a very powerful tool to check which ports are used to send and receive data. You can use this command with switch –an for a proper result:
netstat –an
If you want to check if a particular port is being used by any application, you can add the findstr to the command:
netstat –an findstr 8080
Wireshark is another application which can show all the data transferred on the Network Interface Card and using it you can see what data are being transmitted out the system, and what is the listener of the port.
Some Trojan Samples
Tini:
This Trojan listens to port 7777 and provides shell access to the victim’s system for the hacker.
ICMD: This application provides shell access, but can accept password and preferred port.
NetBuss: This Trojan has a GUI for controlling the victim’s system. Rather than a serious attack it’s mostly used for fun.
Netcat (Known as NC): A very famous Trojan with many options for different methods of command and data transfer.
Proxy Server Trojan: This Trojan makes the victim a proxy for attacking another system.
VNCAlthough VNC is not a malicious application however since it is not detected by the Antivirus systems it can be used as a means of Trojan horse attack.
Remote By Mail: This Trojan can send and receive commands and data using series of emails. Although compared to a shell session the commands are very limited, however due to the protocol it uses (SMTP) it can bypass and evade most of the firewall systems.
HTTP Rat: This Trojan sends and receives commands by exchanging series of URLs with a server. Since it uses the HTTP protocol, it is a very dangerous Trojan and can evade almost all the firewall systems.
Shttp Trojan: Same as HTTP Rat
Wrappers
Wrapper is an application which can concatenate two executable files and produce an application containing both. Most of the times, the Wrapper is used to attach a Trojan file to a small harmless application such as a flash card to deceive the targeted user and encourage him to execute it.
Some Wrappers are able to make modifications on the Trojan horse such as compressing it or adding blanks to the end of it and hide it to be detected by the Antivirus’.
Some Wrappers Samples
Wrapper Convert Program
One File EXE Maker
Yet Another Builder (Known as YAB and is a very powerful and dangerous application)
Defacing Applications
Defacing application is a very simple and almost harmless application which can be used to change the icon of an executable file.
Whereas the icon of the Trojan is usually the default icon of the executable files, the hacker maybe change the Trojan’s icon and fake it as a harmless application or even another application such as a Microsoft Word document or a text file.
Trojans and Backdoors are sorts of Bad-wares which their main purpose is to send and receive data and especially commands through a port to another system. This port can be even a well-known port such as 80 or an out of regular ports like 7777. The Trojans are most of the time defaced and shown as a legitimate and harmless application to encourage the user to execute them. The main characteristic of a Trojan is that first it should be executed by the user, second sends or receive data with another system which is the attacker’s system.
Sometimes the Trojan is combined with another application. This application can be a flash card, flash game, a patch for OS, or even an antivirus. But actually the file is built of two applications which one of them is the harmless application, and the other one is the Trojan file.
Technically defined, a Trojan horse is “a malicious and security-breaking program which is designed as something benign”. Such a program is designed to cause damage, data leakage, or make the victim a medium to attack another system.
A Trojan will be executed with the same privilege level as the user who executes it; nevertheless the Trojan may exploit vulnerabilities and increase the privilege.
An important point is that not only the connection can be online (so that the commands or data are transmitted immediately between the hacker and victim), but also the communication can be offline and performed using emails, HTTP URL transmits or as the like.
Auto Start Methods
One of the actions usually Trojans perform is to make themselves Auto-Start to be executed each time the system reboots. Below are some registry keys Trojan Horses modify for this purpose:
HKLM\Software\Microsoft\Windows\Current Version\Run
HKLM\Software\Microsoft\Windows\Current Version\Runonce
HKLM\Software\Microsoft\Windows\Current Version\RunServices
HKLM\Software\Microsoft\Windows\Current Version\RunServicesOnce
HKLU\Software\Microsoft\Windows\Current Version\Run
HKLU\Software\Microsoft\Windows\Current Version\RunOnce
Types of Trojans
Remote Access TrojansThis sort of Trojans provides full or partial access and control over the victim system. The server application will be sent to the victim and a client listens on the hacker’s system. After the server is started, it establishes the connection with the client through a predefined port. Most of the Trojans are of this kind.
Data Sending TrojansUsing email or a backdoor, this type of Trojan send data such as password, cookies or key strokes to the hacker’s system.
Destructive TrojansThese Trojans are to make destructions such as deleting files, corrupting OS, or make the system crash. If the Trojan is not for fun, usually the purpose of such Trojans is to inactivate a security system like an antivirus or firewall.
DDos Attack TrojansThis Trojans make the victim a Zombie to listen for commands sent from a DDos Server in the internet. There will be numerous infected systems standby for a command from the server and when the server sends the command to all or a group of infected systems, since all the systems perform the command simultaneously, a huge amount of legitimate request flood to a target and make the service stop responding.
Proxy TrojansIn order to avoid leaving tracks on the target, a hacker may send the commands or access the resources via another system so that all the records will show the other system and not the hacker’s identities. This sort of Trojans are to make a system works as a medium for attacking another system and therefore the Trojan transfers all the commands sent to it to the primary target and does not harm the proxy victim.
Security Software Disabler TrojanThis kind of Trojan disables the security system for further attacks. For instance they inactivate the antivirus or make it malfunction or make the firewall stop functioning.
How to find the Trojan activity
The best method to find the Trojan is by monitoring the ports transmitting data on the network adapter. Note that as mentioned above there are Trojans which can transmit the commands and data via standard ports such as 80 or SMPT (email) which this method of inspection is not effective on them.
The command nbtstat is a very powerful tool to check which ports are used to send and receive data. You can use this command with switch –an for a proper result:
netstat –an
If you want to check if a particular port is being used by any application, you can add the findstr to the command:
netstat –an findstr 8080
Wireshark is another application which can show all the data transferred on the Network Interface Card and using it you can see what data are being transmitted out the system, and what is the listener of the port.
Some Trojan Samples
Tini:
This Trojan listens to port 7777 and provides shell access to the victim’s system for the hacker.
ICMD: This application provides shell access, but can accept password and preferred port.
NetBuss: This Trojan has a GUI for controlling the victim’s system. Rather than a serious attack it’s mostly used for fun.
Netcat (Known as NC): A very famous Trojan with many options for different methods of command and data transfer.
Proxy Server Trojan: This Trojan makes the victim a proxy for attacking another system.
VNCAlthough VNC is not a malicious application however since it is not detected by the Antivirus systems it can be used as a means of Trojan horse attack.
Remote By Mail: This Trojan can send and receive commands and data using series of emails. Although compared to a shell session the commands are very limited, however due to the protocol it uses (SMTP) it can bypass and evade most of the firewall systems.
HTTP Rat: This Trojan sends and receives commands by exchanging series of URLs with a server. Since it uses the HTTP protocol, it is a very dangerous Trojan and can evade almost all the firewall systems.
Shttp Trojan: Same as HTTP Rat
Wrappers
Wrapper is an application which can concatenate two executable files and produce an application containing both. Most of the times, the Wrapper is used to attach a Trojan file to a small harmless application such as a flash card to deceive the targeted user and encourage him to execute it.
Some Wrappers are able to make modifications on the Trojan horse such as compressing it or adding blanks to the end of it and hide it to be detected by the Antivirus’.
Some Wrappers Samples
Wrapper Convert Program
One File EXE Maker
Yet Another Builder (Known as YAB and is a very powerful and dangerous application)
Defacing Applications
Defacing application is a very simple and almost harmless application which can be used to change the icon of an executable file.
Whereas the icon of the Trojan is usually the default icon of the executable files, the hacker maybe change the Trojan’s icon and fake it as a harmless application or even another application such as a Microsoft Word document or a text file.
Sunday, October 31, 2010
CIA of Information Security
Confidentiality: Confidentiality ensures that only authorized personnel are able access the data. Breaches of Confidentiality can occur when data is not handled in a secure mannerFor example, consider a confidential document of an organization lying on a xerox machine. Such disclosure can take place by word of mouth, by printing, copying, e-mailing or creating documents and other data etc. The classification of the information should determine is confidentiality and hence the appropriate safeguards. Encryption is used for maintaining the confidentiality of information. So that sender will encrypt the information and only the intended receiver will be able to decrypt it.
Integrity. It is an assuarance that the information is not tampered with. Assurance that the information is authentic and complete. Ensuring that information can be relied upon to be sufficiently accurate for its purpose. For example, making copies (say by e-mailing a file) of a sensitive document, threatens both confidentiality and the integrity of the information. Checksums are used for providing integrity of the data. Checksum is output of an algorithm applied to a data. If the data has been tampered with, the output will never be the same.
Availability. Assurance that the systems responsible for delivering, storing and processing information are accessible when needed, by those who need them. Backup mechanisms provide the facilitty of availability. RAID mechanisms can also be used for the same.
There are 2 more basic factors of security:
Authorization: This ensures that whoever is accessing the data has appropriate permissions to do so. A user may be authenticated in a computer. But he may not be authorized to access some data. File and folder level permissions, access control lists facilitate the authorization of the data.
Non-Repudiation: This is to ensure that a party or a person can not deny that he had sent a message. Digital signatures can be used for maintaining non-repudiation.
Integrity. It is an assuarance that the information is not tampered with. Assurance that the information is authentic and complete. Ensuring that information can be relied upon to be sufficiently accurate for its purpose. For example, making copies (say by e-mailing a file) of a sensitive document, threatens both confidentiality and the integrity of the information. Checksums are used for providing integrity of the data. Checksum is output of an algorithm applied to a data. If the data has been tampered with, the output will never be the same.
Availability. Assurance that the systems responsible for delivering, storing and processing information are accessible when needed, by those who need them. Backup mechanisms provide the facilitty of availability. RAID mechanisms can also be used for the same.
There are 2 more basic factors of security:
Authorization: This ensures that whoever is accessing the data has appropriate permissions to do so. A user may be authenticated in a computer. But he may not be authorized to access some data. File and folder level permissions, access control lists facilitate the authorization of the data.
Non-Repudiation: This is to ensure that a party or a person can not deny that he had sent a message. Digital signatures can be used for maintaining non-repudiation.
My first blog - About myself and my interests
Hay Guys,
This is my very first blog. I had registered in this website in 2007. Its the end of 2010 and Here I AM... starting with my blogs finally. I like to learn new things and do research on the same. Information gathering and web crawling are my hobbies.
I have been working in the Security domain for the past 3 and a half years. I have worked on products like SonicWALL Firewalls, Symantec Endpoint Protection, QualysGuard Vulnerability scanner, RSA Envision, IBM ISS. I have profound interest in malwares and network attacks. I am fond of packet captures and packet crafting. Security has been my passion in my entire career and I look forward to gaining as much knowledge as I can and apply it to the real world environment in order to make Internet a more secure space.
This blog being dedicated to information security, I will be discussing various concepts and aspects of security. I would like to cover some of the basic concepts which act as fundamentals of the security world.
This is my very first blog. I had registered in this website in 2007. Its the end of 2010 and Here I AM... starting with my blogs finally. I like to learn new things and do research on the same. Information gathering and web crawling are my hobbies.
I have been working in the Security domain for the past 3 and a half years. I have worked on products like SonicWALL Firewalls, Symantec Endpoint Protection, QualysGuard Vulnerability scanner, RSA Envision, IBM ISS. I have profound interest in malwares and network attacks. I am fond of packet captures and packet crafting. Security has been my passion in my entire career and I look forward to gaining as much knowledge as I can and apply it to the real world environment in order to make Internet a more secure space.
This blog being dedicated to information security, I will be discussing various concepts and aspects of security. I would like to cover some of the basic concepts which act as fundamentals of the security world.
Subscribe to:
Posts (Atom)