Posted: October 27th, 2009 | Author: xanda | Filed under: IT Related | Tags: cyber security, f-secure, free, google search, malware, rogueware, trojan | 2 Comments »
*still waiting for my advisory to be approved.. will post some links soon*
Hahaha.. Dont get me wrong.. I didn’t mean the companies are bad.. Its the rogue security software π
Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing
[source: wikipedia]
Lets see some screeny:
Yo! Cyber Security in da haus!
Google search lead to rogueware
Captain Obvious to the rescue! I’m in Linux and don’t have Windows installed π
Moral of the story:
- do not simply trust free stuffs
- keep your AV up to date
- it is worth it to have antispyware installed (Malwarebyte’s Anti-Malware is not bad)
- find anything suspicious? keep a copy of it.. share the sample with me π
*still waiting for my advisory to be approved.. will post some links soon*
Posted: October 23rd, 2009 | Author: xanda | Filed under: IT Related | Tags: canadian pharmacy, spam, viagra | No Comments »
McAfee Lab Blog in their latest entry said that they saw Balloon Boy spam and what I saw is NOTHING.. π
Anyway, both Ballons and NOTHING leading to the same fake βCanadianβ pharmacy sites
Posted: October 20th, 2009 | Author: xanda | Filed under: IT Related | Tags: email, honeynet, malware, spam, ssl, zbot | 2 Comments »
Here is my short writeup on the latest ZBot malware..
Nothing much with the malware, but nice trick on the way of spreading it
Link: Honeynet Blog
Posted: October 13th, 2009 | Author: xanda | Filed under: IT Related | Tags: convert, ow.ly bit.ly, ruby, shorten url, tinyurl | 4 Comments »
You might worry to visit directly to a shorten URL because who knows it may contain some malicious script/code
I’ve found a solution “Python: Convert those TinyURL (bit.ly, tinyurl, ow.ly) to full URLS” in stackoverflow.com but the code is in Python.
Here is how you can perform the conversion in Ruby
#!/usr/bin/ruby
require 'net/http'
def ConvertToFull(tinyurl)
url = URI.parse(tinyurl)
host, port = url.host, url.port if url.host && url.port
req = Net::HTTP::Get.new(url.path)
res = Net::HTTP.start(host, port) {|http| http.request(req) }
return res.header['location']
end
puts ConvertToFull('http://bit.ly/rgCbf') #here is how you can call the function. Thank you Captain Obvious! |
#!/usr/bin/ruby
require 'net/http'
def ConvertToFull(tinyurl)
url = URI.parse(tinyurl)
host, port = url.host, url.port if url.host && url.port
req = Net::HTTP::Get.new(url.path)
res = Net::HTTP.start(host, port) {|http| http.request(req) }
return res.header['location']
end
puts ConvertToFull('http://bit.ly/rgCbf') #here is how you can call the function. Thank you Captain Obvious!
**UPDATED on 19/10/2009**
I’ve work on a more complete version which can determine Shorten URL or Full URL and return the full URL for the shorten URL.. email for for the code π
Posted: October 9th, 2009 | Author: xanda | Filed under: IT Related | Tags: 2009, crayon, ctf, d3ck4, hitb, hitbsecconf | No Comments »
First of all, congrats to d3ck4, crayon and the team..
Hurm.. HITBSecConf 2009.. Personally, nothing much.. I was disappointed with Mark Dowd and Saumil’s presentation (yeah.. maybe i’m expecting too much) but somehow Wes Brown, METASM and Google’s guy fixed my day..
Enjoy spending some time outside of the office, meeting people (and old friends), (_NOT_ really) learn new stuff..
Anyway.. Itu lah apa yang berlaku..