Wiretapping

Telephone tapping (also wire tapping or wiretapping in American English) is the monitoring of telephone and Internet conversations by a third party, often by covert means. The wire tap received its name because, historically, the monitoring connection was an actual electrical tap on the telephone line. Legal wiretapping by a government agency is also called lawful interception. Passive wiretapping monitors or records the traffic, while active wiretapping alters or otherwise affects it.

 

Internet

In 1995, Peter Garza, a Special Agent with the Naval Criminal Investigative Service, conducted the first court-ordered Internet wiretap in the United States while investigating Julio Cesar Ardita (“El Griton“).

As technologies emerge, including VoIP, new questions are raised about law enforcement access to communications (see VoIP recording). In 2004, the Federal Communications Commission was asked to clarify how the Communications Assistance for Law Enforcement Act (CALEA) related to Internet service providers. The FCC stated that “providers of broadband Internet access and voice over Internet protocol (“VoIP”) services are regulable as “telecommunications carriers” under the Act.”[10] Those affected by the Act will have to provide access to law enforcement officers who need to monitor or intercept communications transmitted through their networks. As of 2009, warrantless surveillance of internet activity has consistently been upheld in FISA court.[11]

The Internet Engineering Task Force has decided not to consider requirements for wiretapping as part of the process for creating and maintaining IETF standards.[12]

Typically, illegal Internet wiretapping will be conducted via Wi-Fi connection to someone’s internet by cracking the WEP or WPA key, using a tool such as Aircrack-ng or Kismet. Once in, the intruder will rely on a number of potential tactics, for example an ARP spoofing attack which will allow the intruder to view packets in a tool such as Wireshark or Ettercap.

One issue that Internet wiretapping is yet to overcome is that of steganography, whereby a user encodes, or “hides”, one file inside another (usually a larger, dense file like a MP3 or JPEG image). With modern advancements in encoding technologies, the resulting combined file is essentially indistinguishable to anyone attempting to view it, unless they have the necessary protocol to extract the hidden file.[13][14] US News reported that this technique was commonly used by Osama bin Laden as a way to communicate with his terrorist cells.

 

Source: wikipedia.org

Worm

 

A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

Payloads

Many worms that have been created are only designed to spread, and don’t attempt to alter the systems they pass through. However, as the Morris worm and Mydoom showed, even these “payload free” worms can cause major disruption by increasing network traffic and other unintended effects. A “payload” is code in the worm designed to do more than spread the worm–it might delete files on a host system (e.g., the ExploreZip worm), encrypt files in a cryptoviral extortion attack, or send documents via e-mail. A very common payload for worms is to install a backdoor in the infected computer to allow the creation of a “zombie” computer under control of the worm author. Networks of such machines are often referred to as botnets and are very commonly used by spam senders for sending junk email or to cloak their website’s address.[1] Spammers are therefore thought to be a source of funding for the creation of such worms,[2][3] and the worm writers have been caught selling lists of IP addresses of infected machines.[4] Others try to blackmail companies with threatened DoS attacks.[5]

Backdoors can be exploited by other malware, including worms. Examples include Doomjuice, which spreads better using the backdoor opened by Mydoom, and at least one instance of malware taking advantage of the rootkit and backdoor installed by the Sony/BMG DRM software utilized by millions of music CDs prior to late 2005.[dubiousdiscuss]

Protecting against dangerous computer worms

Worms spread by exploiting vulnerabilities in operating systems. Vendors with security problems supply regular security updates[7] (see “Patch Tuesday“), and if these are installed to a machine then the majority of worms are unable to spread to it. If a vulnerability is disclosed before the security patch released by the vendor, a Zero-day attack is possible.

Users need to be wary of opening unexpected email,[8] and should not run attached files or programs, or visit web sites that are linked to such emails. However, as with the ILOVEYOU worm, and with the increased growth and efficiency of phishing attacks, it remains possible to trick the end-user into running a malicious code.

Anti-virus and anti-spyware software are helpful, but must be kept up-to-date with new pattern files at least every few days. The use of a firewall is also recommended.

In the April–June, 2008, issue of IEEE Transactions on Dependable and Secure Computing, computer scientists describe a potential new way to combat internet worms. The researchers discovered how to contain the kind of worm that scans the Internet randomly, looking for vulnerable hosts to infect. They found that the key is for software to monitor the number of scans that machines on a network sends out. When a machine starts sending out too many scans, it is a sign that it has been infected, allowing administrators to take it off line and check it for viruses.

Source: Wikipedia.org

HTTP Flood Denial of Service (DoS) Testing Tool for Windows

For testing purposes only

  • DoSHTTP is an easy to use and powerful HTTP Flood Denial of Service (DoS)
    Testing Tool for Windows. DoSHTTP includes URL Verification, HTTP Redirection,
    Port Designation, Performance Monitoring and Enhanced Reporting.

  • DoSHTTP uses multiple asynchronous sockets to perform an effective HTTP
    Flood. DoSHTTP can be used simultaneously on multiple clients to emulate a
    Distributed Denial of Service (DDoS) attack.

  • DoSHTTP can help IT Professionals test web server performance and evaluate
    web server protection software. DoSHTTP was developed by certified IT Security
    and Software Development professionals.

Features

  • Easy to use and powerful HTTP Flood Denial of Service (DoS) Testing Tool
  • Uses multiple asynchronous sockets to perform an effective HTTP Flood
  • Allows multiple clients to emulate a Distributed Denial of Service (DDoS) Attack
  • Allows target port designation within the URL [http://host:port/]
  • Supports HTTP Redirection for automatic page redirection (optional)
  • Includes URL Verification that displays the response header and document
  • Includes Performance Monitoring and Enhanced Reporting
  • Allows customized User Agent header fields
  • Allows user defined Socket and Request settings
  • Supports numeric addressing for Target URLs
  • Includes a comprehensive User Guide
  • Clear Target URLs and Reset All options
  • Now supports 15,000 simultaneous connections

For testing purposes only

 

Case Conficker Worm F-secure

 

Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windowsoperating system that was first detected in November 2008.[1] It uses flaws in Windows software and dictionary attacks on administrator passwords to propagate while forming a botnet. Conficker has since spread rapidly into what is now believed to be the largest computer worm infection since the 2003 SQL Slammer,[2] with more than seven million government, business and home computers in over 200 countries now under its control. The worm has been unusually difficult to counter because of its combined use of many advanced malware techniques.

Case Conficker / Downadup
Mikko Hypponen & Patrik Runald
F-Secure Corporation

Species Conference
February 2, 2009
Amsterdam

 

 

Part 2

 

 

 

Brain: Searching for the first PC virus

Below is video made by F-secure (Mikko Hypponen)

A 10-minute video reportage about Mikko Hypponen’s trip to Lahore, Pakistan, to find the authors of the first PC virus “Brain”. This is the first time Amjad Farooq Alvi and Basit Farooq Alvi have given a video interview about the virus, which spread around the world via floppy disks in 1986.

Enjoy your watch…

Hide some file in your image (jpeg,png,…)!

!!!This tutorial is just for testing purpose!!!

 

So, how to hide some files in JPEG or any other image formats;

 

 

1. First you need a program called: Saint Andrew’s File in Image Hide.exe

 

Or you find the program using google.com 🙂

 

2. Run the Saint Andrew’s File in Image Hide.exe and choose you picture and file/program you want to hide in picture;

 

3. When you choose and click to “Add File To Image”, you will see, that your file in that case hosts.bat is hide in TestPicture.png. Below in picture you see a normal file description. !But hosts.bat file in now hide in the picture!

 

 

4. If you want Extract file back from picture, the process in very straightforward, you choose the picture, which have the file hide in picture and click to “Extract File From Image”

 

 

 

5. And that’s it, you have now your picture and your program/file back.