About site: Security/Malicious Software/Viruses - The Art Of Noh
Return to Computers
  About site: http://www.noh.ro/blog/index.rdf

Title: Security/Malicious Software/Viruses - The Art Of Noh A weblog on computer security, viruses, worms, trojans and other types of malicious software by Costin G. Raiu. [RSS]

  Alexa statistic for http://www.noh.ro/blog/index.rdf






Get your Google PageRank






Please visit: http://www.noh.ro/blog/index.rdf
  Related sites for http://www.noh.ro/blog/index.rdf
    Accenx_Technologies Focuses on business activity monitoring and process management software.
    Blackhawk_Systems Paperless shop floor management solution. Integrate realtime information to ERP systems via machine interfacing, barcoding and human intervention.
    Cambian Develops and markets collaborative commerce application software that automates business-to-business collaboration.
    Celcorp Developer of B2B-integration software using intelligent systems to integrate business processes.
    COMPORSYS_Hansa_GmbH Java J2EE JCA/J2CA Connectors for IBM CICS, IMS, MQSeries (WebSphere MQ) and Microsoft Navision.
    Computer_Network_Technology Enterprise/Access EAI server.
This is best-2006.com cache of m/ as retrieved on 2009.01.08 best-2006.com's cache is the snapshot that we took of the page as we crawled the web. The page may have changed since that time.
The Art Of Nohhttp://www.noh.ro/blog/The changing face of computer security.en2008-08-08T14:11:55+02:00The dark side of teachinghttp://www.noh.ro/blog/archives/2008/08/the_dark_side_o.htmlGrant Joy runs a program that surreptitiously records every keystroke on his machine, including user names, passwords, and credit-card numbers. And Thomas Fynan floods a bulletin board with huge messages from fake users. Yet Joy and Fynan aren't hackers—they're students in a computer-security class at Sonoma State University. And their professor, George Ledin, has showed them how to penetrate even the best antivirus software.http://www.newsweek.com/id/150465Back in my university years, we had course dealing with the topic of Data Communications. Not unusual for my faculty, the lab part of the course included a couple of things which had nothing to do with communications. For instance, there was one homework which requested the students to write a boot virus. I went to the assistant and asked for another assignment, as writing viruses is not something I wanted to do. The assistant refused my proposal, refused discussing the subject (he was 'busy') and subsequently gave me 0 points for that particular homework.Every now and then, in a teaching institution, somebody comes up with the brilliant idea of teaching students about malware. I am not joking here, it IS a brilliant idea. What is however wrong with it, in 99% of the cases, is that the people who come up with the idea have absolutely no clue about ethics or just don't care about it. They also do not understand that writing malware is not the best way to teach people about how to protect against it. Actually, writing malware is the easy way; it is much easier to write malware than writing antivirus programs. Of course, there is also a dark attraction towards writing malware and young people are easy to fall prey to it.Back to my university years and to the boot virus writing homework, only a few people bothered doing it. Of them, most actually took the Michaelangelo (March6) sourcecode and shuffled it around. A few years later, I heard that homework was removed from the course's curriculum. Most of the people were just taking existing boot viruses and patching them. And it wasn't really a Data Communications assignment per-se.There are many other more interesting things to teach about than writing viruses, sending spam and circumventing protection solutions. Yet, there will always be people willing to join the dark side, for one reason or another.The bad thing is that their number seems to be increasing from year to year.]]>The List of Dubious ResearchCostin Raiu2008-08-08T14:11:55+02:00LinkedIn 419 scamhttp://www.noh.ro/blog/archives/2007/10/linkedin_419_sc.htmlBad guys using LinkedIn for what it seems like a 419 scam:Simpson Millar’s CONSULT AND CHAMBER,LIVEPOOL UNITED KINGDOMTel: xxxxEmail: xxxxHow are you? i trust you are having a nice day. I am mailing you in reference of investment in your country through you. I am delighted to let you know that, am a consultant and associate of Simpson Millar’s CONSULT AND CHAMBER, UNITED KINGDOM.I have a client (Kurt Kahle) based here in the UK, who died in the year 2000 with all the members of the Family died in the Plane Crash. You can as well confirm this news at the BBC News Website:(http://news.bbc.co.uk/1/hi/world/europe/859479.stm)leaving behind the sum of GBP 11, 520,000.00 (Eleven Million, Five Hundred and Twenty Thousand Pounds). Before his death he disclosed to me his intention of investing in Real Estate business in foreign country and I have not been able to contact any of his family members. He further told me that he deposited this money in Security Company GERMANY for this project.Meanwhile, i would want us to discuss on how this investment we be done, I am entrusting you with the transaction, since i have not been able to contact any of his family members. As soon as i received from you the confirmation of taking care of my late client properties, we shall then been discussing on how to consult the security company in GERMANY, on how this fund should be release to you for the investment properly.Wait to hear from you soonest.RegardsJohnson MillsCompany: Simpson Millar LLPJob Title: ProjectDescription: Investment Project]]>The Art of NohCostin Raiu2007-10-22T17:48:30+02:00Audio stock spamhttp://www.noh.ro/blog/archives/2007/10/audio_stock_spa.htmlToday I've seen a couple of reports from various people that the Storm gang has changed once again tactics and started sending out MP3 files with pump and dump stock hints.Here's one such example received by my girlfriend on her Yahoo e-mail account.The stock they are spamming, as far as I can make it from the bad quality MP3 is: http://finance.google.com/finance?q=extoSo far it seems that the method is not as good as the old fashioned plain text stock spam but I'll keep an eye on it to see if it picks up.]]>The Art of NohCostin Raiu2007-10-18T17:58:48+02:00Restarting in 5http://www.noh.ro/blog/archives/2007/10/restarting_in_5.htmlEarlier today I launched a wget to fetch FC7 from www.linuxusers.ro. While I was doing other things, I saw the following window appearing on my laptop:restart5min.pngI wonder if Windows figured out I was downloading Fedora and decided to do something about it. ;)Anyways, it strikes me as a really bad thing to reboot an user's machine without asking first. Bad, Microsoft, very bad.]]>The Art of NohCostin Raiu2007-10-12T11:46:32+02:00Some photos from VB 2007http://www.noh.ro/blog/archives/2007/10/some_photos_fro.htmlhttp://picasaweb.google.com/costin.raiu/VirusBulletinConference2007]]>Costin Raiu2007-10-08T11:02:44+02:00Yahoo's baaad habithttp://www.noh.ro/blog/archives/2007/07/bad_habit.htmlLooks like Yahoo Messenger has gotten a very bad habit recently, of installing the Yahoo Toolbar in IE without consent. yahootoolbar.pngIf you use Yahoo Messenger but install it without the IE Toolbar, then you get a security patch install warning from Messenger and accept it, then apparently the security patch will also install the Yahoo Toolbar, without any question, warning and of course, consent.I'm personally not necessarily against the Yahoo Toolbar, but installing it without the user's consent strikes me as something that a respectable company should not be doing.]]>The Art of NohCostin Raiu2007-07-09T13:13:36+02:00Eggs you'll take to hearthttp://www.noh.ro/blog/archives/2007/05/cholesterol_ad.htmleggsDSC00675.JPGCholesterol AD on a car in Kuala Lumpur.]]>The Art of NohCostin Raiu2007-05-25T12:58:52+02:00Cryptovirologyhttp://www.noh.ro/blog/archives/2007/03/cryptovirology.htmlThe List of Dubious Research - 3A copy and paste from:http://www.cryptovirology.com/This chapter presents an experimental implementation of cryptoviral extortion, an attack that we devised and presented at the 1996 IEEE Symposium on Security & Privacy [16] and that was recently covered in Malicious Cryptography [17]. The design is based on Microsoft's Cryptographic API and the salient aspects of the implementation were presented at ISC '05 and in the International Journal of Information Security [14,15]. Cryptoviral extortion is a 2-party protocol between an attacker and a victim that is carried out by a cryptovirus, cryptoworm, or cryptotrojan. In a cryptoviral extortion attack the malware hybrid encrypts the plaintext of the victim using the public key of the attacker. The attacker extorts some form of payment from the victim in return for the plaintext that is held hostage. GPCode was the first real world malware to implement a PK "cryptoviral" extortion attack. In 2006, we've been able to break the 660-bit RSA encryption employed by GPCode.ag. That was only possible because of several clever observations of our analysts, however, it is pretty obvious for anybody that a properly implemented attacks of this type would be impossible to defeat. As I write these lines, I wonder how much the research from www.cryptovirology.com influenced the person behind GPCode.]]>The List of Dubious ResearchCostin Raiu2007-03-18T18:47:57+02:00Evolution of network attackshttp://www.noh.ro/blog/archives/2007/03/evolution_of_ne.html"The developments of 2006 have highlighted two major trends in the evolution of attacks carried out via the Internet.The first trend is the apparition of the now constant “background noise”, which is caused by the Slammer worm and the bot armies which exploit relatively old vulnerabilities. [...]The second trend is probably far more significant in terms of the evolution of the Internet"From my recent article: "Kaspersky Security Bulletin 2006: Internet Attacks"]]>The Art of NohCostin Raiu2007-03-02T13:33:53+02:00Catching fast wormshttp://www.noh.ro/blog/archives/2007/02/catching_fast_w.htmlWhile going through my e-mail backlog, I came by a story on DarkReading. It seems that a group of researchers from the Penn State University have launched a startup which sells their newly developed worm catching technology. Based on my statistics from Smallpot and MailPot, two honeypots I've developed during the past 4 years at Kaspersky Lab, fast spreading worms are a thing of the past. Actually, even slow spreading, network aware are more or less dying, being replaced by automatic hacking tools and direct network attacks. More about the death of network worms and the rise of targeted attacks in an article I have written for viruslist.com, scheduled for publishing next week.I guess new ways to fight worms are always welcome, but unfortunately, I suspect those designed to catch fast moving malware will not very successful in the next 5 years. With Microsoft producing more secure versions of Windows and CPU developers trying to mitigate security issues in software through prevention of code execution in data segments, worms that spread automatically between computer systems might become a thing of the past pretty soon. They will be replaced by malware based upon social engineering techniques, malware that is exploiting the weakest link of any computer system: its user.]]>The Art of NohCostin Raiu2007-02-22T15:49:14+02:00Trenul cu vedere la ferestrehttp://www.noh.ro/blog/archives/2007/01/trenul_cu_veder.htmlDe cateva zile, in lumea Trenului Polar tras de Pinguini (tm), umbla un zvon. Confirmat de anumite persoane si infirmat de altele, zvonul se raspandeste cel putin cu viteza luminii, deoarece in galaxia trenului polar, limitele fizice sunt cu totul altele decat in lumea oamenilor care citesc bloguri de pe Internet. In orice caz, zvonul, ingrijorator din anumite puncte de vedere, spune ca undeva spre Polul Nord, la sediul companiei Trenurilor cu Ferestre (r), se lanseaza un nou tren:Trenul 'cu vedere la ferestre'.--Persoana 1: Salut, omule bun!Persoana 2: Salut frate calator!P1: Ai auzit?P2: Aaah?P1: Au dat drumul la trenul cel nou!P2: Nu, pe bune!?P1: Da!P2: ...P1: Se aude ca acum au si locuri la geam! Adica poti sa vezi din tren, in timp ce mergi!P2: Incredibil! --Undeva, in stanga mea, cam la zece metri, doi tipi cu barba discuta despre noul tren cu vedere la geamuri. "La FE-RES-TRE!", ma corecteaza un calator de langa mine, ce trage cu ochiul peste umar la ce scriu. Ma trag mai intr-un colt, in speranta in care omul spion se va muta si el in alta parte cu spionatul.Dupa cum spuneam, noul tren cu vedere la g... ferestre a devenit subiectul fierbinte al zilei. In toate garile de pe traseul trenului polar, reclame mari, in care un tren cu ferestre multe si mari - cum e mai bine - trece printr-o zona cu dealuri verzi, ca de basm. "Calatoriti cu noul tren cu vedere la ferestre!". Parerile sunt impartite. Unii deja au cumparat bilet, desi trenul a inceput sa circule abia ieri, altii spun ca nu vor merge cu el nici daca intra in greva pinguinii - mai bine merg pe jos!In timp ce scriu, langa mine se aseaza un alt calator. Dupa expresia senina si nestiutoare, pare sa fie un client al trenului cu o mie si una de ferestre. Ma uit la el, se uita la mine, ne privim. Expresia senina se transforma intr-o masca superioara - imi imaginez ce gandeste: "asta e dus cu pinguinul!". Recunosc, cu inima si borcanul de muraturi deschise, ca in ultima vreme am calatorit din ce in ce mai mult cu Trenul Polar tras de Pinguini. Complet gratuit, trenul polar tras de pinguini este din ce in ce mai frumos, vine regulat si se opreste din ce in ce mai rar - tot ce conteaza este ca pasagerii sa ajunga la destinatie fara probleme. Nici trenul pe baza de mere nu o duce rau. Baietii de la firma cu mere muncesc din greu si desi in ultima vreme sunt mai mult preocupati de sertarele muzicale, nici trenul nu a fost uitat. Dotat cu noi imbunatatiri la mere, care acum sunt mai mult inteligente decat puternice, trenul cel alb (uneori negru, sau argintiu) este visul multor calatori chiar din trenul polar tras de pinguini. - Ce parere aveti de trenul cu vedere la ferestre?Calatorul nou venit incearca probabil sa deschida o conversatie pe tema zilei. - Pai nu prea stiu ce sa zic, am auzit de la unii oameni ca ar fi o mare descoperire - Desigur! Este revolutionar. Acum poti sa te uiti pe geam in timp ce mergi cu trenul! - Aaah... dar asta stiti, se cam poate la toate trenurile - Nu stiu, pe mine ma intereseaza doar trenurile de la compania ferestrelor (r) - OK. Dar alte noutati...? - Desigur! Este revolutionar. Acum ferestrele sunt transparente! - Incredibil! Dar auziti, mai sunt si alte trenuri cu ferestre transparente... trenul pe baza de mere - Tot ce se poate. Nu stiu cum e la alte trenuri. - Dar, altceva? - Usile se pot incuia mult mai bine. Daca vrei sa deschizi usa, esti intrebat mai intaii daca esti sigur ca vrei sa deschizi usa. Cred ca se vor rezolva multe probleme in felul acesta, mai ales cu calatorii care cadeau din tren.Intr-adevar, numarul de calatori cazuti din tren a fost in ultima vreme incredibil de mare pentru trenurile de la compania trenurilor cu ferestre. Umbla vorba ca unii calatori, cazuti din tren, s-au imbolnavit grav, necesitand tratament cu medicamente puternice. - Remarcabila, treaba cu usile. La trenul polar tras de pinguini nu prea se cade din tren, stiti... - Tot ce se poate. - Si alte noutati? - Sute! Este revolutionar! Acum se poate pune parola la borcanul cu muraturi! Direct in tren! - Incredibil. Dar stiti, asta se poate... - DA - tot ce se poate; nu ma intereseaza alte trenuri. - Inteleg. Altceva? Poate la roti, ceva modificari? - La roti? Rotile sunt noi! Acum trenul functioneaza doar cu roti certificate! - Pai cum si daca vrei sa pui rotile tale? - Cum sa pui rotile tale?? - Pai stiti... eu imi fac singur rotile la vagon... - Daca vrei sa pui rotile tale, mergi cu ele la compania trenurilor cu ferestre, se semneaza pe roti si le poti pune. - Altfel nu? - NU! - Inteleg... - Da, este fantastic! Iar biletul costa foarte putin. Iar daca ai mai calatorit cu trenuri mai vechi, costa si mai putin. - Dar stiti, trenul polar tras de pinguini este gratuit... - Tot ce se poate.Ma indepartez de calator, care pare un pic dezamagit ca nu poate sa imi enumere si celelalte avantaje ale noului tren cu vedere la fereastra. In timp ce ma indrept spre trenul polar tras de pinguini, aud ca seful de la compania ferestrelor este foarte ocupat sa deschida un nou centru de suport tehnic pentru calatori. Intrucat acum este posibil sa vada afara din tren mult mai bine, se asteapta mari probleme. Oamenii nu sunt obisnuiti sa priveasca in afara lumii lor - socul realitati poate fi uneori covarsitor. Un tren cu vedere la ferestre, comparabil cu trenul pe baza de mere sau trenul polar tras de pinguini. Un lucru cel putin remarcabil, intr-adevar. Chiar daca are o intarziere de cam 10 ani. Urcandu-ma in trenul polar tras de pinguini, o voce anunta tare la megafoane:"Uimirea incepe acum! Priviti! Pe fereastra!"Le urez si eu in gand, pasagerilor de la geam, calatorie placuta!]]>Povestiri fantastice din trenul polar tras de pinguini (Romanian only)Costin Raiu2007-01-31T21:59:07+02:00Update servers vacationhttp://www.noh.ro/blog/archives/2006/12/update_servers.htmlIn the true Christmas spirit, some of our update servers have gone in vacation. We're trying to get them back to work so please bear with us for a while. :-)err_kav_061227.ongw.PNGHappy Holidays!]]>The Art of NohCostin Raiu2006-12-27T18:01:05+02:00Best of AVAR 2006http://www.noh.ro/blog/archives/2006/12/best_of_avar_20.htmlSome of the best presentations from AVAR 2006 according to yours truly:Prevalence of PE packers in e-mail traffic - Maksym Schipka - MessageLabs / Interesting stats regarding the use of executable packers in e-mail attachments.Witnessing the evolution of an automated release scanning system - Jonathan Poon - Microsoft / The reason why Microsoft products have been virus free for the past 6 years.Attacks on Virtual Machine Emulators - Peter Ferrie - Symantec / Lots of way to detect virtual machine software such as QEMU and VMWare.Binary Feature Extraction and Comparison Using Function Complexity - Aditya Kapoor & Joel Spurlock - McAfee AVERT Lab / Paper on a Win32 PE malware classification tool that uses static code analysis.Kernel Malware: The Attack from Within - Kimmo Kasslin - F-Secure / Interesting ring0 aware Win32 malware.IMG_6408w]]>The Art of NohCostin Raiu2006-12-11T14:25:38+02:00The List of Dubious Research - 2http://www.noh.ro/blog/archives/2006/11/the_list_of_dub_1.htmlAnother entry for the list. A so-called "security company" creates malware so they can better market their solutions:Wilfried Hafner, CEO of SecurStar GmbH, has developed a Trojan horse, named "RexSpy", solely for demonstration purposes. The results are alarming....SecurStar is offering the comprehensive security solution, PhoneCrypt, in addition to the Anti-Trojan tool (which is offered free of charge), to protect against all "electronic eavesdropping," be it via Trojan horse viruses or other professional eavesdropping tools, such as IMSI-Catcher.[SecurStar GmbH's] team consists of renowned specialists and well-known experts from the IT business. Customers include [...] banks and financial service providers such as Citibank, as well as Scotland Yard and Ministries of Defense from different countries.Thanks to Mady for sharing the link. Full story here.PS: My colleague Roel Schouwenberg just started his own weblog. Cheers mate!]]>The List of Dubious ResearchCostin Raiu2006-11-19T16:27:05+02:00The List of Dubious Research - 1http://www.noh.ro/blog/archives/2006/10/the_list_of_dub.htmlI'm starting a list with projects that have questionable ethics, which I decided to pompously call "The List of Dubious Research". Feel free to comment if you think these are kosher or if they 3v1l.We will start with:http://cs.ucsb.edu/~rsg/projects/smartphones/index.html"Mobile phone viruses and worms are becoming more common and sophisticated. To better understand the threat posed by these class of malware, we developed a proof-of-concept mobile phone worm for the Symbian OS. Through the development of this proof-of-concept worm we gathered information about what is needed to develop a mobile phone worm, how mobile phone worms spread, and how targets are infected....This research was supported by the Army Research Office, under agreement DAAD19-01-1-0484, and by the National Science Foundation, under grants CCR-0238492 and CCR-0524853."Thanks to Roel for pointing this out to me.]]>The List of Dubious ResearchCostin Raiu2006-10-31T19:02:48+02:00
 

A

weblog

on

computer

security,

viruses,

worms,

trojans

and

other

types

of

malicious

software

by

Costin

G.

Raiu.

[RSS]

http://www.noh.ro/blog/index.rdf

The Art Of Noh 2009 January

dvd rental

dvd


A weblog on computer security, viruses, worms, trojans and other types of malicious software by Costin G. Raiu. [RSS]

Rules

© 2005 Internet Explorer 5+ or Netscape 6+
Recommended Sites: 1. Arts - Business - Computers - Games - Health - Home - Kids and Teens - News - Recreation - Reference - Regional - Science - Shopping - Society - Sports - World Miss Gallery - Top Anime Hentai - DVD rental by mail - Acne Treatments - Manual directory submissions - Loans - Loans - BankruptcyLinki Stae - Kasy Fiskalne - Tusze,tonery, - Wzki Widowe - Art. Biurowe,multimedia
2009-01-08 02:15:57

Copyright 2006 by Rules
--BEGIN VALIDATION CODE--
W wWzD yY aDqBoNsGqJ fMqD eFnS tOvOtJrFhJuM qKpTnXbT x TyZqZ jTsMgTdNaQ jFwYmNkAhYaQ oZxViV gG fFxKeAqJ oDqJwVoWyVa XsJhL b XbHnUmZ bT mLmUoR pPcJySbFjOuJoGaIgDpI zNiJ nDhCaJmF iQ vV bHxT jCsY oBnU gV lZqAgOtNgJmWoPbT jQeR cUbBl T yD lA bOuYaGzMvUnXqDpA l J hohositeX2006
--END VALIDATION CODE--