Archive | Underground RSS feed for this section

Microsoft Collaborates With Industry to Disrupt Conficker Worm

17 Feb

Microsoft mengumumkan hadiah Rp. 3 milyar (USD 250.000) “…untuk informasi yang mengarah terhadap ditangkap dan diadilinya mereka yang bertanggung jawab atas penyebaran CONFICKER a.k.a KIDO a.k.a Downadup di internet. Warga dari negara manapun berhak atas hadiah ini, berdasarkan undang-undang yang berlaku di negara tersebut karena virus internet mempengaruhi komunitas internet global. Individu yang memiliki informasi tentang worm conficker harus menghubungi dinas kejahatan internasional setempat”

Sebagai tambahan, Microsoft sudah mengimplemantasikan sebuah Antivirus Reward Hotline +1-425-706-1111 dan Antivirus Reward Mailbox avreward@microsoft. com

Sumber : http://www.microsof t.com/Presspass/ press/2009/ feb09/02- 12ConfickerPR. mspx

Informasi mengenai conficker : http://www.microsof t.com/conficker

Advertisements

Norman telah mengenali dan dapat membasmi Conficker

29 Jan

Virus conficker atau down_ad yang telah menyerang jaringan dan pc akan membuat kinerja jaringan dan pc menjadi sangat lambat. Karena dikategorikan High maka banyak anti virus melalukan update untuk dapat mengatasi virus ini. Diantaranya adalah McAfee dan Norman. Berikut ini informasi yang saya peroleh dari situs Norman :

W32/Conficker Destructivity: Medium Spreading: Medium Overall risk: High
Detected by virus detection files published: Nov 27 2008
Virus characteristics first published: 08 Jan. 2009
Virus characteristics latest update: 26 Jan. 2009
Type: Worm
Alias: W32.Downadup, W32/Conficker.worm, Net-Worm.Win32.Kido
Spreading mechanism: Network, Other
Overall risk: High
Payload: Downloads additional trojan components.

Tipe :

W32/Conficker is a network-propagating worm family. There are several variants. The worm’s most interesting feature is that it spreads to other machines via a security vulnerability in the Windows Server Service. This vulnerability allows it to trigger a download of itself to the remote computer without the user’s knowledge.

When executed, the worm will copy itself as a randomly named DLL to the Windows System folder. It also copies itself to network shares and attempt to execute itself on the remote machines.

Cara penyebaran :

File system changes

The worm copies itself to:
[System]\randomname (preferred location) or

[Program Files]\Internet Explorer\randomname or
[Program Files]\Movie Maker\randomname (50% chance of each), or

[Application Data]\randomname, or

[Temp]\randomname

It will attemp to install as a service, but if it can’t it will install as a regular application from bootup.
The worm also copies itself to removable and remote drives as mentioned below.

Exploit spread

The worm generates random IP addresses, using the rand function, which it attempts to infect. These are heavily filtered – f.ex. the IP address ranges below are not attempted infected:

11.*.*.* (US Department of Defense)
127.*.*.* (Loopback)
169.254.*.* (Link Local)
172.16.*.* – 172.32.*.* (Private use networks)
192.*.*.* (Reserved, and private use networks)
198.18.*.* – 198.19.*.* (Network Interconnect Device Benchmark Testing)
224.*.*.* – 255.*.*.* (Multicast, and reserved address space)

In addition, the worm contains an address list of no less than 396 additional IP address ranges it does not attempt to infect, and does not allow an infected machine to spread to. These IP address ranges typically belong to antivirus companies.

It opens a HTTP server on a random port on the local machine, and then attacks the remote computer by sending a specially crafted packet to it. This causes vulnerable machines to connect back and download and execute a copy of the worm. If the download request does not match what the worm expects (f.ex. if the download client is wget, or reported operating system is Linux, or downloading IP is in one of the blocked address ranges), the data sent will not be the worm but randomly generated text.

It randomly connects to the following web sites in order to get its own IP address:

http://checkip.dyndns.org
http://www.whatismyip.org
http://www.whatsmyipaddress.com
http://www.getmyip.org

It randomly connects to the following web sites in order to calculate the network speed before infection attempts:

aol.com
cnn.com
ebay.com
msn.com
myspace.com

Network spread

The virus spreads over the local area network. It sets up a thread which every 5 minutes enumerates the network using NetServerEnum, and attempts to create a connection to the IPC share on visible servers using

– default user and password (with impersonation)
– remote (alternatively local) list of users, where password equals %username%
– remote (alternatively local) list of users, where password equals %username%username%
– remote (alternatively local) list of users, where password equals %emanresu%
– remote (alternatively local) list of users, where password is any one in the list below:

123
1234
12345
123456
1234567
12345678
123456789
1234567890
123123
12321
123321
123abc
123qwe
123asd
1234abcd
1234qwer
1q2w3e
a1b2c3
admin
Admin
administrator
nimda
qwewq
qweewq
qwerty
qweasd
asdsa
asddsa
asdzxc
asdfgh
qweasdzxc
q1w2e3
qazwsx
qazwsxedc
zxcxz
zxccxz
zxcvb
zxcvbn
passwd
password
Password
login
Login
pass
mypass
mypassword
adminadmin
root
rootroot
test
testtest
temp
temptemp
foofoo
foobar
default
password1
password12
password123
admin1
admin12
admin123
pass1
pass12
pass123
root123
pw123
abc123
qwe123
test123
temp123
mypc123
home123
work123
boss123
love123
sample
example
internet
Internet
nopass
nopassword
nothing
ihavenopass
temporary
manager
business
oracle
lotus
database
backup
owner
computer
server
secret
super
share
superuser
supervisor
office
shadow
system
public
secure
security
desktop
changeme
codename
codeword
nobody
cluster
customer
exchange
explorer
campus
money
access
domain
letmein
letitbe
anything
unknown
monitor
windows
files
academia
account
student
freedom
forever
cookie
coffee
market
private
games
killer
controller
intranet
work
home
job
foo
web
file
sql
aaa
aaaa
aaaaa
qqq
qqqq
qqqqq
xxx
xxxx
xxxxx
zzz
zzzz
zzzzz
fuck
12
21
321
4321
54321
654321
7654321
87654321
987654321
0987654321
0
00
000
0000
00000
00000
0000000
00000000
1
11
111
1111
11111
111111
1111111
11111111
2
22
222
2222
22222
222222
2222222
22222222
3
33
333
3333
33333
333333
3333333
33333333
4
44
444
4444
44444
444444
4444444
44444444
5
55
555
5555
55555
555555
5555555
55555555
6
66
666
6666
66666
666666
6666666
66666666
7
77
777
7777
77777
777777
7777777
77777777
8
88
888
8888
88888
888888
8888888
88888888
9
99
999
9999
99999
999999
9999999
99999999

If successful, the worm copies itself into the [\\[servername]\ADMIN$\System32] folder of the remote computer using a random name. It then attempts to create a remote daily scheduled task, setting the worm up to be executed on the next whole hour.The task is defined as RUNDLL32.EXE [randomwormname],[randomchars]

Spreading to removable and remote drives

The worm scans logical drives and copies itself to writable remote and removable drives (ex. USB sticks). It creates new folders on the drive(s) on the form

[drive]:\RECYCLER\S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXX-XXXX\[filename].[ext] where X means a random digit (number of digits may also vary). This variation is selected 15 out of 16 times.
or
[drive]:\[random]\[random]\[filename].[ext]. This variation is used one out of 16 times.

A file named autorun.inf is created on the root folder of the drive in order to autoload the worm in many circumstances, typically when an infected removable drive is inserted and browsed to.

Registry changes

Adds the keys
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets “dl”
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets “ds”

Installation of service:
HKLM\System\CurrentControlSet\Services\[randomname]
“DisplayName”=[composite name]
“Type”= 0x20
“Start”= 0x2
“ErrorControl”= 0
“ImagePath”=”%SystemRoot%\system32\svchost.exe -k netsvcs”
“ObjectName”=”LocalSystem”
“Description”=[random service name]

[composite name] is a name composed of two words picked from the list of names below separated by [space], f.ex. “Time Task”. Identical words can not be picked:
Windows
Updated
Universal
Time
Task
System
Support
Shell
Server
Security
Network
Monitor
Microsoft
Manager
Installer
Image
Helper
Driver
Config
Center
Boot

HKLM\System\CurrentControlSet\Services\[randomname]\Parameters “ServiceDll”= Path to worm executable.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost” “netsvcs”= list of installed services + [randomname]

If unable to install as service, it installs in run keys:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run = rundll32.exe malwarepath randomchars
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
= rundll32.exe malwarepath randomchars

Perusakannya :

The worm attempts to contact remote machines and download more components. In adddition it hooks the API’s sendto (from ws2_32.dll) and DnsQuery_A, DnsQuery_UTF8, DnsQuery_W and Query_Main (from dnsapi.dll) in order to stop connections to sites containing the following strings:

virus
spyware
malware
rootkit
defender
microsoft
symantec
norton
mcafee
trendmicro
sophos
panda
etrust
networkassociates
computerassociates
f-secure
kaspersky
jotti
f-prot
nod32
eset
grisoft
drweb
centralcommand
ahnlab
esafe
avast
avira
quickheal
comodo
clamav
ewido
fortinet
gdata
hacksoft
hauri
ikarus
k7computing
norman
pctools
prevx
rising
securecomputing
sunbelt
emsisoft
arcabit
cpsecure
spamhaus
castlecops
threatexpert
wilderssecurity
windowsupdate
nai.
ca.
avp.
avg.
vet.
bit9.
sans.
cert.

Informasi lainnya :

If on Windows Vista, the worm executes “netsh interface tcp set global autotuning=disabled” to turn off the Vista TCP/IP receive window autotuning, a feature that has been known to cause problems with many routers and firewalls.

It is important that users make sure that they have installed all the latest security patches from Microsoft.

More details will be coming as analysis proceeds.

Deteksi dan cara penanganannya :

This worm was first detected by Norman antivirus products Nov 27th 2008. Later variants have been continuously added.

To remove the worm and its malicious components completely, it it recommended to use Norman Conficker Cleaner.

Kesimpulan :

Norman telah menyediakan sebuah tool yang dapat didownload gratis dari situs mereka untuk mengatasi Conficker.

Alamat downloadnya : Norman Conficker Cleaner

Virus w32.agnesmonica@k4mpr3t, patah hati bersama agnes monica dan F4

12 Jan

Makin banyak programmer yang patah hati, makin banyak juga yang membuat virus untuk menyatakan cinta, perasaan yang tertekan … hiks hiks hiks … yah lebih baik cinta ditolak virus bertindak lah…dibanding dukunnn!!!!bisa – bisa ruepot maen santet ke sana ke mari , betul kan :

Virus : w32.agnesmonica@k4mpr3t
Nilai Crc32 : 7A273944
Ukuran : 39 kb

Sama ajah sih kalau ditinjau secara naluri kelaki – lakian, sapa she yang gak pengentau kalo ada file – file berjudul:

Agnes vs F4
Foto Panas Agnes
Foto Mesra F4 vs agnes monica

Padahal ekstensi filenya .exe bukan jpg atau bmp, emh emh emh, apalagi rata2 orang indonesia ini lebih suka dengan cewek yang putih n sedikit imut, cocoklah hahahahah…sayah aja suka…manusiawi lah…so jangan menyalahkan orang – orang yang membuka gambar itu. Salahkan ketidak tahuan aja…kenapa tidak tau???karena males baca n belajar jadi kena virus … tul gak … okeh okeh lanjut dah …

Ciri – ciri yang terkena virus ini:

1. Menu shutdown hilang
2. Registry di blok
3. Folder Options di windows explorer menghilang
4. msconfig diblok
5. Kompie (komputer maksudnyahhhh)… jadi lelet let let!

FILE PEMICU VIRUS

– Agnes vs F4.exe yang ada di drive anda C: D: atau E:
– Foto Panas Agnes.exe ada di drive anda C: D: atau E:
– Foto Mesra F4 vs agnes monica.exe ada di drive anda C: D: atau E:
– Svchost.exe di c:\windows\system32 atau di c:\windows
– Dllhost.exe c:\windows\system32 atau di c:\windows
– Windos.exe c:\windows\system32 atau di c:\windows

PESAN – PESAN YANG DIMUNCULKAN

Seperti biasa… pasti dunk ada pemunculan pesan virus disini… umh umh umh … lets check it out the message … so tusye (sangat menyentuh gituh!!!)

BUAT MEME TERSAYANG
YANG ADA DIPONTIANAK
KU TAK TAHU APA SALAHKU YANG SEBENARNYA. KU TELAH YANG TERBAIK BAGIMU. SEMUA YANG BELUM KAU PIKIRKAN TELAH AKU PIKIRKAN. AKU MEMPERSIAPKAN SEMUANYA. TETAPI APA YANG KAU PERBUAT PADAKU??? TEGA SEKALI KAU KEPADAKU. ADA APA DENGANMU??? MENGAPA KAU TEGA BERSELINGKUH DENGAN COWOK LAIN? ADA DENGANMU ME??? KUBERIKAN SETENGAH DARI NYAWAKU UNTUKMU. KURELAKAN AKU SAKIT DEMI ENGKAU DAPAT TERSEN BUAT SIAPA AKU MELAKUKAN SEMUA INI JIKA BUKAN BUAT KITA? BUAT APA AKU MAU KELUAR DARI ZONA NYAMANKU
BUAT KITA AKU MELAKUKAN SEMUANYA. MESKIPUN AKU HARUS TURUN KELEMBAH AKU RELA MELAKUKANNYA DEMI PUNCA
YANG LEBIH TINGGI. TAPI APA YANG KAU LAKUKAN? BAHKAN KAU PUN TAK PERNAH TAU BAHWA AKU PERNAH HANYA MEMILIKI 5000 PERAK DIDOMPET DAN HARUS BERTAHAN HINGGA 7 HARI KEDEPAN. TAHUKAH KAU AKAN HAL IN MENGAPA KAU MENINGGALKAN AKU SAAT AKU MEMBUTUHKAN TEAM UNTUK MENGEJAR TUJUAN BERSAMA? KU TAK TAHU APA YANG ADA DALAM HATIMU. KU TAK TAHU APA YANG ADA DALAM PIKIRANMU. AKU HANYA BISA BERHARAP AGAR KAU TELAH MENGAMBIL KEPUTUSAN YANG TEPAT, YANG TERBAIK BAGIMU, MESKIPUN DALAM HAL INI KAU TELAH MENYAKITI AKU. SETIDAKNYA AKU TAHU BAHWA SEMUA YANG KAU TUNJUKKAN PADAKU TERNYATA HANYA SEBUAH SETIDAKNYA AKU TAHU BAHWA KAU SEORANG YANG KEKANAK KANAKAN, YANG HANYA BISA MINTA PERMEN KEPADA ORTU TANPA PERNAH BISA MEMBANGUN SEBUAH PABRIK PERMEN. SEMUANYA KARENA KAU TIDAK BERANI MEMBAYAR HARGANYA AKU BERHARAP SEMOGA KAMU DAPAT DAMAI SEJAHTERA DENGAN COWOKMU YANG BARU, DENGAN MIMPI DAN VISI YANG DENGAN KEBIASAAN YANG BAIK. DAN DENGAN ROHANI YANG BAIK SATU HAL YANG KUTAHU PASTI UNTUK DAPAT KUBAGIKAN KEPADA TEMAN2KU, BAHWA BUDAYA KITA MEMANG BERBEDA. KEBIASAAN KITA BERBEDA. BAHKAN PEMIKIRAN KITA BERBEDA. NASEHATKU BAGIMU ADALAH, JANGANLAH KERAS KEPA RELAKAN DIRIMU UNTUK DIBENTUK, DAN JANGAN MENJADI SERUPA DENGAN DUNIA INI, DENGAN DUNIAMU, DENGAN APA YANG DIAJARKAN LINGKUNGANMU KEPADAMU. TINGGALKAN TEMAN2MU YANG JUSTRU MERUNTUHKANMU, KARETIDAK ADA GUNANYA BERGAUL DENGAN ORANG YANG HANYA BISA MENYEDOT ENERGI POSITIFMU KELUAR.

Oh iyah ada lagi pesen yang laen neh ….

SELAMAT ULANG TAHUN ME! WISHING U THE BEST… SEMOGA SUKSES SENANTIASA. BAHAGIA BERSAMA COWOK KAMU SEKARANG…MAAFKAN AKU SUDAH MEMBUATMU JADI SIBUK…

Ada di file happyday.htm

BUAT MEME TERSAYANG YANG ADA DIPONTIANAK KU TAK TAHU APA SALAHKU YANG SEBENARNYA. KU TELAH MELAKUKAN YANG TERBAIK BAGIMU. SEMUA YANG BELUM KAU PIKIRKAN TELAH AKU PIKIRKAN. AKU TELAH MEMPERSIAPKAN SEMUANYA. TETAPI APA YANG KAU PERBUAT PADAKU??? TEGA SEKALI KAU BERKHIANAT KEPADAKU. ADA APA DENGANMU??? MENGAPA KAU TEGA BERSELINGKUH DENGAN COWOK LAIN? ADA DENGANMU ME???

Ada di file putuscinta.htm

MANIPULASI REGISTRI

Registry yang telah dimanipulasi oleh virus ini:

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\DefaultValue

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\DefaultValue

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\sysshell\dllhost.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dllhost\svchost.exe

PENYEBARAN LEWAT EMAIL

Hmmm… seperti brontok, virus ini menyebar lewat email, so hati – hati kalo dapet imel yang punya judul:

FWD: Foto mesra agnes vs f4
Sst…kumpulan mesra f4 dengan agnes monica
Ssst.. foto – foto panas agnes dengan f4
Apakah anda sedang jatuh cinta? Apakah anda cinta sejati? Check This Out ..

Hati – hati yah … apalagi ada attachment filenya….wuaaaaaaa udah deh kalo dibukak berarti kena dehhhhhhh..

SERANGAN DOS

Serangan DOS juga dilakukan oleh virus ini ke http://www.telkom.net , mengirim data dengan text ‘memesayang’. Semoga saja telkompret instant tidak semakin melambat … halah…apa syiiiiiiiiiiiiiiiiii …..

PENANGGULANGAN

1. Seperti biasa donlot pengontrol virus di http://www.virologi.info/download/ , yaitu showkillprocess, acep.scr atau acep.exe dan WAV 2005
2. Kemudian matikan proses dengan nama berikut ini:

– Agnes vs F4.exe
– Foto Panas Agnes.exe
– Foto Mesra F4 vs agnes monica.exe
– Svchost.exe
– Dllhost.exe
– Windos.exe

3. Scan Hardisk anda dengan WAV 2005 update terbaru
4. Jika belum puas cari file berekstensi .exe dengan ukuran 39kb dan mempunyai icon folder kuning yang ditengah2 folder tersbut ada gambar foto, kemudian hapus.
5. Cari dan hapus file dengan nama:

– Agnes vs F4.exe yang ada di drive anda C: D: atau E:
– Foto Panas Agnes.exe ada di drive anda C: D: atau E:
– Foto Mesra F4 vs agnes monica.exe ada di drive anda C: D: atau E:
– Svchost.exe di c:\windows\system32 atau di c:\windows
– Dllhost.exe c:\windows\system32 atau di c:\windows
– Windos.exe c:\windows\system32 atau di c:\windows

6. Hapus registry yang ada di alamat berikut:

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\DefaultValue

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\DefaultValue

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\sysshell\dllhost.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dllhost\svchost.exe
7. Kemudian restart komputer anda …
8. Jika masi ada ulangi langkah tadi …

Semoga bermanfaat

Sumber : Internet

Hackers Rig Google to Deliver Malware

4 Feb

The latest malware trend should prompt you to think twice about the links you click next time you search.

more information please visit :

Hackers Rig Google to Deliver Malware

Eleven Questions for a Warez Site Owner

14 Dec

The operator of a software-piracy site takes us behind the scenes of the warez business.

<!–

Part 1 of a special five-part series.

–>

Steve Bass

Wednesday, November 28, 2007 10:00 PM PST

You need a copy of Adobe’s Photoshop or maybe the latest version of CorelDraw? Or how about downloading Beowulf or a DVD rip of American Gangster? If you know where to go, they’re all available for free, at rogue sites that link to pirated software and other content–also known as “warez.”

I recently interviewed a warez site operator to find out how he started the site, how he makes money, and how he justifies passing out illegal copies of practically everything under the sun.

Oh, right–you want to know how to get to this site. That was my editor’s only restriction: the guy’s name and his site’s name need to be kept secret.

Bass: Okay, first, the obvious question: What’s your payoff for running the site?

Warez: Now it’s not a lot, and I mostly keep it for the community. It makes about $20/day. But before Google’s AdSense banned the site, it was making $150 to $200 per day. Those were the good times.

Bass: What was the inspiration for starting your site? And has the site done what you expected it to do?

Warez: I didn’t start it. I bought it from a friend for $3000. It was making about $10 per day. After I optimized the ads, it jumped to $150, so I got my investment back in one month. It was a good deal.

Bass: In your Terms of Service, you say people coming to your site cannot, “upload, post or otherwise transmit any Content that infringes any patent, trademark, trade secret, copyright, rights of privacy or publicity, or other proprietary rights of any person or entity.” Kind of ironic, no?

Warez: This is the standard TOS I guess. Anyway, we don’t host any of the files on our servers. The files are hosted on sites like [free Web-hosting service sites].

Bass: Granted you’re not hosting the files; but what would you do if someone hacked into your warez site or legitimate Web-based business and was able to drain off half your income–something that hundreds of software vendors might feel like you’re doing to them?

Warez: Of course, no one would like that. However, the visitors have the choice of buying software–or getting it for free from warez sites. If they don’t get it from my site they could easily get it elsewhere.

Bass: Is there any software you won’t distribute via the site? If so, what’s your criteria?

Warez: I don’t write the posts from the site. Our members (more than 20,000) write the posts. I have a moderator that selects the best ones which appear on the front page. Since our site is visited by lots of teenagers we don’t display anything that is adult related.

source :

The Evolution of Online Fraud

20 Jul
Most of us are familiar with the term ‘phishing’. ‘Pharming’ is self explanatory. One can assume what ‘phaxing’ is. ‘Vishing’, however, is a new one for me. Is it my imagination or has the world of technology developed a language of its’ own?

As much as I poke fun at these terms, they are not funny. They define the many ways cybercriminals are taking advantage of the conveniences available on the ‘Net. In the whitepaper ‘The Evolution of Online Fraud‘ Sophos explains how cybercriminals are using both technology and user ignorance to make profitable schemes.

Taken from this whitepaper, “‘The APWG’s (Anti-Phishing Working Group) January 2007 report revealed an increase of 67.4 percent in phishing attacks over the same month in 2006“. Seeing increases like this make it essential we do not turn our backs on cybercrime but rather put security measures in place to prevent them.

The Evolution of Online Fraud‘ examines several techniques used by cybercriminals, what we should be watching for and suggestions how to prevent these invasions.

For me, this paper confirms what I hear and read in the news, forums and blogs everyday but never think could happen to me. This is a must read for everyone.

One final comment on the terms ‘phishing’, ‘pharming’, phaxing’ and ‘vishing’. Only one can be found in the Merriam-Webster online dictionary. Yet another confirmation that technology is in a world of its’ own.

National Hacking Competition (PANHAC) 2007

25 Jun

REGISTRASI KOMPETISI PANHAC ONLINE DI BUKA!!!!!!!!!!!

Untuk registrasi klik disini!

PANHAC2 segera ke kota Anda !

Pazia – Acer National Hacking Competition 2 akan segera diselenggarakan

di sepuluh  kota Indonesia dengan hadiah utama Notebook Acer Ferrari 1005, piala bergilir PANHAC, voucher training dan ujian bersertifikasi FORTINET, untuk pemenang kedua Acer LCD Monitor 17″ dan pemenang ketiga Samsung MFP Laser Printer SCX-4521.

Untuk disetiap kota, akan ada satu pemenang dengan hadiah Notebook Acer Aspire 5052.

Selain kompetisi di sepuluh kota, juga diselenggarakan kompetisi PANHAC2 Online yang diselenggarakan sebelum kompetisi di kota yang bersangkutan berjalan, pukul 14.30 – 15.00 WIB pada jadwal PANHAC2. Kecuali wilayah Sumatera, kompetisi Panhac Online akan di buka dari jam 14.30 WIB hingga selesai (3 jam).

Kompetisi PANHAC2 Online dapat diikuti dengan cuma-cuma, tetapi berhadiah Acer LCD monitor 19”, Samsung Laser Printer ML-2010 dan Samsung Laser Printer ML-1610.

Seperti tahun lalu, PANHAC2 juga menggelar pertandingan untuk merebut file yang disimpan di dalam server lokal.

Selain PANHAC2 offline dan online, PANHAC2 ini juga menyelenggarakan Kompetisi Penulisan Artikel Hacking dan Teknologi Informasi untuk para
wartawan, editor dan penulis lepas yang juga berhadiah satu Notebook Acer Aspire 5052.

Informasi selengkapnya :

 http://panhac.marveltechnology.com/

Trik Pembobol untuk SIM CARD Anda

1 May

Jika anda menerima panggilan telepon dari seseorang dengan no.telp yang tidak dikenal atau terdaftar, berkata bahwa dia (pria/wanita) berasal dari divisi engineering/ teknisi perusahaan salah satu vendor/operator cellphone yang ingin memeriksa sambungan telepon atau sinyal atau dengan alasan apapun, dan selanjutnya dia berkata bahwa kita harus menekan tombol # 90 atau #09 atau nomor apapun (bisa juga dengan kode huruf), secepatnya matikan/putuskan sambungan telepon tersebut tanpa menekan tombol yang mereka minta. karena saat ini ada penipu-penipu yang menggunakan peralatan dimana jika anda menekan tombol #90 atau #09 maka penipu-penipu tersebut dapat mengakses SIM card telepon kita dan mereka dapat menggunakan line anda dengan dan atas biaya anda. Mohon forward email ini kepada seluruh teman anda untuk mencegah tindak kriminal ini. dan juga ada beberapa issue lainnya.

Jika anda menerima telepon di telepon genggam/cellphone dan layer cellphone anda menampilkan display seperti ini : (XALAN).
JANGAN MENERIMA SAMBUNGAN TELEPON TERSEBUT, HARAP LANGSUNG MATIKAN TELEPON ANDA DENGAN MENEKAN TOMBOL POWER(ON/OFF) CELLPHONE ANDA.
Karena jika anda menerima sambungan telepon tersebut maka cellphone anda akan terkena virus. Virus ini akan menghapus seluruh IMEI dan Informasi IMSI dari cellphone dan SIM card anda, dimana selanjutnya anda akan terputus hubungan sama sekali dari vendor/operator manapun. (dimana anda harus mengganti cellphone dan SIM card anda dengan yang baru). Informasi ini telah dikonfirmasi dengan Motorola and Nokia.
Saat ini terdapat lebih dari 3 juta telepon genggam/cellphone yang terkena Virus ini. Anda pun dapat membaca berita ataupun informasi mengenai hal ini di situs web CNN.

Sumber : clgmandiri@yahoogroups.com

TELAH BEREDAR CD CYBERPHREAKING SERI 01

9 Mar

From:    “jiddigaul” <jiddigaul@yahoo.com>
Date:    Mon, 26 Feb 2007 04:10:04 -0000

Salam Cyberphreakerz,

Akhirnya CD Cyberphreaking telah beredar dan bisa didapatkan di agen
– agen Cyberphreaking di Seluruh Indonesia. CD Cyberphreaking yang
asli di tandai dengan cover warna hitam berlogo Cyberphreaking dan CD
dicetak dengan CD Portabel (bukan cap tapi print), jadi pastikan anda
membeli CD Cyberphreaking yang asli. CD Cyberphreaking ini berisi
berbagai software dan tutorial lengkap yang pasti sangat berguna bagi
anda.
CD Cyberphreaking bisa di dapatkan di agen – agen berikut:

PUSAT PEMBELIAN CD CYBERPHREAKING
cd@cyberphreaking.com
Transferkan uang Rp.25.000,- + ongkos kirim Rp. 10.000,-
Pengiriman ke seluruh Indonesia bagi daerah yg belum ada agen.
transfer ke rekening BCA KCP Bangil ac. 2250456398 an. Rifqi Ali
Kirim email ke alamat di atas bersubject “PESAN CD”
isi email tuliskan Nama Lengkap & Alamat Pengiriman serta Jumlah
Transfer.

AGEN BEKASI:
INDRA ZUDIN
Jl.raya bosih rt 002/002 no 15 Kel. Wanasari Kec. Cibitung Bekasi –
Jabar
Telp : 081382138782
Email : agen.bekasi@cyberphreaking.com

AGEN TANGERANG:
RIO ARIESTIA
puri beta pinus 1 no 18 ciledug Tangerang – Jabar
Telp : 0811951057
Email : agen.tangerang@cyberphreaking.com

AGEN KARAWANG:
GUNAWAN NUGROHO
Jl. Cempaka No. 13 Guro II Karawang – Jabar
Telp : 08157799096
Email : agen.karawang@cyberphreaking.com

AGEN MALANG:
WAHYU DEWANTO
Jalan Cidurian 14 Malang – Jawa Timur
Telp : 08121778629
Email : agen.malang@cyberphreaking.com

AGEN BANGKA BELITUNG:
Yusuf Ericson
jl. yos sudarso no. 15 Mentok – Bangka Belitung
Telp : 081933387003
Email : agen.bangka@cyberphreaking.com

Terbuka bagi anda untuk menjadi agen CD Cyberphreaking di seluruh
wilayah yang belum ada agen, silahkan menghubungi kami di
webmaster@cyberphreaking.com Bagi agen yang telah mendaftar tetapi
belum tercantum namanya di sini,harap memberikan konfirmasi ke kami
untuk pembayarannya, selengkapnya bisa hubungi email di atas.

ISI CD CYBERPHREAKING SERI 01:

A. Software Phreaking:

1. Aplikasi Sms PC
2. Wrapper sms Indosat
3. Smsc Explorer 2.0
4. Koleksi Virus Hp
– Cabir
– Caribe
– Comwarrior
– Extended
– Skull
– Comwarrior C
– Doombot
– Inbox
– Trojanmos
– Cabir Source Code
5. Koleksi Antivirus Hp
– Anti Cabir
– Antivi Symbian
– WD2 BB5 Antivirus
– Anti Comwarrior
– Jamanda Cabirfix
6. Phone Script
– CruxCal
– DCT3Pv3
– FGraphic
– FlashEd
– Flasher478b6
– Flasher479
– Flasher
– FlashIMEI
– FLSEdir04
– FontEditorv02
– Gen0lite0.91
– Gen0lite1.7b
– Gen0liteV2.0
– GeoFlasher
– GSM Jammer
– KnokPhoenix
– LogoManager V1.40
– nasNFCon
– NokTool18
– NokTool19
– NokZone
– Poodriver
– PPMEdit V1.0a
– PPMMaker
– Rttl Ro Te
– Scripts
– SecTonePro
– ToneIDChanger
– Userport
– V3
– V3 Large
– Winarm
7. Smsc Seekerz
8. Sms Bomber
9. Bluejacking Tools
– Affix
– Bloover 01
– Bloover 02
– Bloover 21
– Bloover Breezer Edition
– Blue Final Pro
– BlueAlert
– Blue Bacteria
– Blue Diving
– BluejackX
– BluejackX9
– Blueprinting
– BlueSnarfer
– Bluesnif
– Bluespam
– Bluesweep
– Bluetest
– Bluetooth Browser
– Bluetoothdart
– Bluetooth Enhancher
– Bluetooth Hacking
– Bluezutils
– Brute
– BTBrowser20
– BTchat
– Easyjack10
– Easyjack20
– Freejack
– Greenplague
– Hackpack
– Hellomotto
– Location Tracker
– Sman13eng
– Smartjacking 20
– Togglebth
– Tulp2eng
10.Phone Privacy
– Easy Lock
– Handyphotosafe
– Image Spy
– Media Save
– Powerlock
– Smart Crypto
11.Phreaking Tools
– Cordless phreak
– Cphreak
– Cpp
– Demon
– DTMF
– Febroton
– Keyhole
– Little Op
– Mjammer
– Modem hack
– Motorola Hack
– No carrier
– Omega
– Omnibox
– P80Box
– Pager Phreak
– Payphone Phreak
– Phmas10
– T110
– Tmaster
– UltraD
– Win phreak
– X Dialer
– Zhack321
– 30 Boxes
– A Dial
– Blue Beep
– Bluebox
– CanBox
12.GPRS Counter
13.Unlock 2007
– Unlock Ericsson
– Unlock Sony
– Unlock WinDCT4
– Unlock DCT3
– Unlock DCT4
– Unlock Nokia
– Unlock Ultimate
– 7110 Exp
– Unlock Phonix
– Rde-nu
14.Software Nokia
Berisi Lebih dari 500 Software Terbaik Nokia

B. Software Pendukung:

1. IE 7 ORIGINAL
2. IE 7 SS TEAM
3. OPERA 9.02
4. MOZILLA 2.1
5. ACDSEE 9
6. ADOBE READER 8
7. WINZIP 11
8. WINRAR 3.62
9. NERO 7.5.0.9A
10.DEEPFREEZE 9X IBNU QUDAIH
11.DEEPFREEZE XP IBNU QUDAIH
12.DEEP UNFREEZER AUTO
13.DEEP UNFREEZER MANUAL
14.WMP 11
15.YM MULTI USER
16.EXPLORER VISTA
17.IE LIKE VISTA
18.MCAFEE 2007 POWER
19.NOD32
20.PROXY FINDER
21.RAPIDSHARE GRABBER
22.RAPIDSHARE TIME RESETTER
– Version 1.0
– Version 2.0
– Version 3.0
– Version 4.0
23.RAPIDSHARE TOOLS COLLECTION
– Rapidshare and Megaupload Seach Plugin Maker
– Rapidshare Anti Leech Decypter 4.0
– Rapidmule Rapidshare Downloader
– BrutalDown Rapidshare Tips and Hint
– Rapidshare and Megaupload Speeder
– Rapishare The Way You Like It
– Rapidshare Account Generator
– Rapidshare Leeching Script
– Unlimited Rapidshare With IE
– Premium Account Checker
– Rapidshare Link Decoder
– Renew IP Gigaset SE105
– Rapidshare Time Resetter Epidem Version
– Rapid Leecher Version 4.5 Beta
– MaC Rapid 1.6a Beta II
– Premium Account 115
– Rapid Leecher Version 4.4.8.7
– RapidShare Checker
– Briefcase Leecha 1.83
– Rapidshare Decoder
– USDownloader 1.33
– Get Rapidshare 6.0
– RapGet 0.96 Beta
– The Grabber version 1.4.1
– Link Grabber 3.1.4
– Mega Leecher 1.0.4
– Rapid Get Version 1.0
– Rapid Up Version 1.1
24.JRE 6
25.CRACK VISTA FULL

C. Tutorial Phreaking:

1. Banned Tutorial
– Bug Telkomsel
– MMS Gratis IM3
– Phreaking PSTN
– Phreaking TUC
– Telpon TUC ke Hp
– Telpon Hemat CDMA
– Smsc Mentari
2. Phreak Utilities
Kumpulan Tutorial membuat Boxing Phone
3. Tutorial Sim Cloning
– Complete Sim Cloning
– Cloning Sim by Cyberphreaking Team
4. Tutorial Komunitas
Kumpulan tutorial phreaking yang sudah dirangkum dari berbagai
sumber
Berisi lebih dari 750 Tutorial penting
– Forum Cyberphreaking
– Bugs Telepon XL
– Bugs NSP
– GPRS Gratis
– Hasil Smsc Seekerz
– Koneksi Mobile8
– Membobol Pulsa Kartu
– Menampilkan Private Number
– Bugs Excelcom
– Gartisan Telkomsel
– SMS Unlimited
– Trik Gratis GPRS
– Tips Menghadapi Kebocoran XL
– VIP Member
– Website sms Gratis
– Totse Community
– Jasakom Perjuangan
– Hacking Site Community
– Phreak Community
– Textfile Archieves
5. Ebook Phreaking 5.0
– GPRS Gratis SImpati
– Rahasia Menirim Fake SMS
– PHP SMS Klub Mentari
– Perl SMS Klub Mentari
– Wrapping Akses SMS Indosat
– Mencurangi WAP Detik
– Aplikasi SMS PC
– PHP SMS ke Email
– Telepon Gratis Internasional
– Teknik Mengintai SMS & Telpon di Ponsel
– Teknik Baru Isi Ulang XL
– Teknik SMS Bomber

D. Bonus Cyberphreaking:

1. Video Hacking
– Linux DNS Server
– Brilian Hacker Defender
– Linux Network Monitor
– Windows Webserver
– Windows 2003 IIS dan DNS
– SQL Injection
2. Game Hp
– Kumpulan Game S40
– Kumpulan Game S60
– Kumpulan Emulator Game

About computer crime

27 Feb

—————————————————————————–
+  Date   : 24. April 2000                                                                                       +
+  Title  : About computer crime                                                                          +
+  Author : Ahmed Ijaz(ija)                                                                                   +
—————————————————————————–

Artificial intelligence, laptops, PCs, vaxclusters, local area networks,
cobol, bits, bytes, viruses, and worms.  Most people recognize these words
as computer terms.  As computers have become a vital part of the American way of life, computer terminology has crept into the vernacular.  There is no doubt that computers touch every aspect of our lives.  Well over 80
percent of daily financial transactions nationwide take place via
electronic funds transfers.  However, many computer systems are highly
vulnerable to criminal attack.  In fact, computer-
related crime costs American companies as much as $5 billion per year.

When Bill Gates described computer crime, he likened computer networks to
neighborhoods and small communities. He said cities and towns are tied
together by streets, roads, highways, and interstates.  Likewise,
communities of computers are linked through local, regional, and national
networks. Rather than transport food and equipment like highways do,
computer networks move ideas and information.

Unfortunately, just as American communities are threatened with drugs and
violent crime, the Nation’s computer networks are threatened as well.  They
are threatened by thieves robbing
banks electronically; they are threatened by vandals spreading computer
viruses; and they are even threatened by spies breaking into U.S. military
systems.

White-collar crimes in general–and computer crime in particular–are often
difficult to detect and even more difficult to prosecute because many times
they leave no witnesses to question and no physical evidence to analyze.
And, because computer technology is such a rapidly evolving field, law
enforcement has not yet developed a clear-cut definition of
computer crime.  Nevertheless, two manifestations of computer crime are
obvious:  The first is crime in which the computer is the vehicle or tool
of the criminal, and second, crime in which
the computer and the information stored in it are the targets of the criminal.