Track Emails

Email Tracker
Go to www.readnotify.com

register there.

Once registered , send a mail to your victim by the email id you registered at readnotify.com

But before sending the mail just add “.readnotify.com” with the victims id.. for example

xxxxx@yahoo.com.readnotify.com

and then send it.

Malware increases by 46% in only one year

There is a steady growth of threats to mobile platforms, according to a new McAfee report.

The number of pieces of new mobile malware in 2010 increased by 46 percent compared with 2009. The report also uncovered 20 million new pieces of malware in 2010, equating to nearly 55,000 new malware threats every day.

Of the almost 55 million total pieces of malware McAfee Labs has identified, 36 percent was created in 2010. Concurrently, spam accounted for 80 percent of total email traffic in Q4 2010, the lowest point since the first quarter of 2007.

Threats to mobile platforms are not new. However, as more consumers use mobile devices and tablets in their daily lives and at work, cybercriminals have taken note. During the last several years, McAfee Labs has seen a steady growth in the number of threats to mobile devices.

Some of the most interesting mobile threats of Q4 2010 were SymbOS/Zitmo.A and Android/Geinimi. SymbOS/Zitmo.A was a high-profile threat that struck early in the quarter. The creators of the Zeus botnet repurposed an old version of a commercial spyware package.

Android/Geinimi, a Trojan inserted into legitimate mobile applications and games for the Android platform, was one of the most important threats of the quarter.

With the adoption of so many new mobile platforms, combined with the lack of security awareness and mobile safeguards, McAfee Labs expects cybercriminals to use botnet infections to target mobile devices.

In Q4 2010, Cutwail was dethroned as the global leader in botnet activity, with Rustock the most prevalent in many parts of the world, and Bobax closely trailing behind the two.

The onslaught of malware seems to have no end, and the proliferation of both handled and IP-enabled devices’ affect on this growth remains to be seen. The top malware threats in Q4 2010 were very different in various geographies, due in part to the larger trend that threats now tend to match the types of users, habits and events that are specific to a region.

Favorites for cybercriminals worldwide this quarter consisted of AutoRun malware (Generic!atr), banking Trojans and downloaders (PWS or Generic.dx), as well as web-based exploits (StartPage and Exploit-MS04-028).

Spam hitting its lowest levels in years can be attributed to a “transition period,” with several botnets going dormant during a time of year when spam volumes are usually on an upward path.

In Q4, McAfee Labs learned the Bredolab botnet had been closed along with parts of the Zeus botnet. Around the Christmas holiday, spam from the Rustock, Lethic, and Xarvester botnets all disappeared, while the spam leaders this quarter were the Bobax and Grum botnets.

As more users access the Internet from an ever-expanding pool of devices—computer, tablet, smartphone or Internet TV—web-based threats will continue to grow in size and sophistication. In Q4, some of the most active threats included Zeus-Murofet, Conficker and Koobface, and the number of potentially malicious domains grew at a rapid pace.

Phishing URLs in the form of the IRS, gift cards, rewards accounts, and social networking accounts were also among the most popular. McAfee Labs found that within the top 100 results of the top daily search terms, 51 percent led to malicious sites, and on average each of these poisoned results pages contained more than five malicious links.

McAfee Labs expects attacks using the techniques of search-engine abuse and trend abuse to focus more specifically on new types of devices in 2011.

In 2009, McAfee Labs predicted that vulnerabilities in Adobe product would become the clear choice of malware authors and cybercriminals for distribution malware and compromising systems and networks. This prediction has come true. Throughout 2010 malware developers have heavily exploited weaknesses in both Flash and especially PDF technologies.

McAfee Labs databases reveal that malicious PDFs targeting Adobe Acrobat topped the number of unique samples by a wide margin, making them the favorite target of client-side exploitation. McAfee Labs is certain that the “Adobe” trend will continue this year, as more mobile devices and non-Microsoft operating systems support various Adobe technologies.

Russian hacker steals $10 million

A 27-year old Russian hacker pleaded guilty to stealing $10 million from a former Royal Bank of Scotland division back in 2008, and he's awaiting a verdict and sentencing at the end of this or at the beginning of the next week.

The trial is held in Novosibirsk in Siberia, and the man - one Yevgeny Anikin - has admitted that he was part of the international hacking ring that executed the cyber heist.

According to Reuters, they hacked into the accounts of the bank's customers, raised the limit that regulated the maximum withdrawal of funds that could be executed in one day and organized a simultaneous withdrawal of the funds from ATMs located in Europe, the US and Asia.

Anikin is not the first member of that hacking ring to be caught and sentenced. Late last year, another one received a prison sentence of six years from a court in St. Petersburg.

73% of organizations hacked in the last 2 years

Website attacks are the biggest concern for companies, yet 88 percent spend more on coffee than securing Web applications, according to a survey by Barracuda Networks, Cenzic and the Ponemon Institute. According to 74 percent of respondents, Web application security is either more critical or equally critical to other security issues faced by their organizations. Despite this, the study shows there are many misconceptions around the methods used to secure Web applications, primarily Web application firewalls and vulnerability assessment. "While it is encouraging to see that Web application security is on the minds of most organizations, there still seems to be a real disconnect between the desire and implementation of security countermeasures required for Web application security,” said Dr. Paul Judge, chief research officer and VP for Barracuda Networks. "The fact that 69 percent of respondents are relying upon network firewalls to secure Web applications is like relying upon a cardboard shield for protection in a sword fight – eventually your shield will prove that it's insufficient and an attack will reach you that can fly past a network firewall," he added. “The fact that a quarter of respondents could not provide a range for how many Web applications they have is a huge red flag right off the bat,” said Mandeep Khera, CMO for Cenzic. “Furthermore, that 20 percent of organizations do not test at all and 40 percent test only 5 percent of their Web applications is shocking. And, most of these companies have been hacked multiple times through insecure Web applications. If you know that burglars come through a broken door repeatedly wouldn’t you want to fix that door?” Other key findings in the study include:

• Data protection (62 percent) and compliance (51 percent) were the top reasons for securing Web apps. Job protection was also a significant reason cited by 15 percent of respondents.
• Despite 51 percent listing compliance as a key driver for Web application security, 43 percent are not familiar with or have no knowledge of OWASP, a key component to compliance standards like PCI.
• With 41 percent reporting they have over 100 Web applications or more, the majority (66 percent) test less than 25 percent of these applications for vulnerabilities.
• More than half (53 percent) expect their Web hosting provider to secure their Web applications.
• Of those respondents who own a Web application firewall, nearly 2 times agreed that a reverse proxy is a better and more secure technology than a transparent bridge technology.

"While IT practitioners recognize the criticality of secure Web applications, their organizations do not provide adequate resources and expertise to manage the risk," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Over half of the respondents we polled believe they do not have resources to detect and remediate insecure Web applications, and 64 percent said they believe that their organization have inadequate governance and usage policies.”

Scan Open Ports/Services of Target: Netcat Scan Open Ports/Services of Target: Netcat

Prerequisites: None Countermeasures: Uninstall/disable fix unnecessary services, Intrusion Detection Systems (IDS) Log and Event Log review Description: The netcat application has many uses; one is the ability to scan a target for open ports and services. Another utility, cryptcat, is almost identical except that it operates with encryption. Procedure: From a DOS prompt, type the following with the syntax of: nc _ The –v option instructs netcat to run in verbose mode, allowing you to see the progress of the scan. _ The –r option instructs netcat to randomize local and remote ports in an attempt to elude any intrusion detection systems. _ The –w2 option instructs netcat to wait 2 seconds between each port scanned to help elude any intrusion detection systems. _ The –z option instructs netcat to operate in a zero-I/O (Input/Output) mode. It is best to use the –z when scanning with netcat. _ The 1-1024 instructs netcat to scan port 1-1024. In this example, the target has the following ports open: _ 80 (Web) _ 7 (Echo) _ 13 (daytime) _ 21 (FTP) _ 17 (Quote of the Day) _ 445 (Windows Share) _ 9 (discard) _ 139 (Windows Share) _ 19 (Character Generator) _ 135 (epmap) _ 443 (HTTPS) _ 25 (Simple Mail Transfer Protocol [SMTP]) Note: From the results of this example the “low hanging fruit” ports are: _ 7, 13, 17, 9, and 19 as these ports can easily be used to create a Denial of Service (DoS). These ports should not be open to the Internet. © www.shubhamsahu.blogspot.com

Dos Attacks | Denial Of Services

DOS Attacks or Denial Of Services is a very favorite hacking technique by hackers. This is relatively easy to do and have been testing grounds for budding hackers. In fact, hackers use this technique to gain wide recognition because of the fame and respect that a successful DOS Attack brings to the hacker in the underground groups.

DOS attack is done by sending too much data packets which cannot be handled by the target network server. There are many avenues of exploits and these are vulnerabilities in the TCP/IP protocols suite, vulnerabilities in the Ipv4 implementation and the use of the resources of the target system and make the services unable to respond.

There are many vulnerabilities in TCP/IP itself and some of them are enumerated here as they are called Ping of Death, Teardrop, SYN attacks and Land Attacks.

Ping of Death

This was one of the earliest tool of denial of service during the time when systems where less complex than they are today. There are now fully upgraded systems that are invulnerable to Ping of Death attacks. Ping of Death works by causing the system to hang or reboot and thereby unusable by legitimate users.

In this attack, the target system is pinged with a data packet that exceeds the maximum bytes allowed by TCP/IP. When the target computer is pinged, the system has no recourse but to hang, reboot or crash.

Teardrop

The Teardrop is an attack that exploits the vulnerability in the reassembling of data packets.

When data is sent over the Internet, it is first broken down into smaller fragments at the source system and then put together at the destination system. With a teardrop attack, the hacker will confuse the target making it unable to put together the correct sequence of data packets.

When these packets are divided up they have an OFFSET field in their TCP header part which will determine which date packet that each fragment is carrying.
By disrupting the series of data packets by overlapping their Offset field values, the target system becomes unable to piece them together and forced to crash, hang or reboot.

SYN Attack

The SYN attack is a disruption in the TCP/IP's three-way connection by using bad IP address to so that the SYN ACK will never come and the target server waits and waits. When a connection is negotiated by a computer to the Internet, there is a three way connection that must be established.

When too many of these disruptions are sent, the target will no longer have the resources to entertain legitimate connection request.

In a SYN attack, the attacker send SYN packets server with a SYN packets from a bad source IP Address. When the target system receives these SYN Packets with Bad IP Addresses, it tries to respond to each one of them with a SYN ACK packet. Now the target system waits for an ACK message to come from the bad IP address.


Land Attacks

This is no longer famous since this can be easily addressed. A Land attack is like the SYN attack but this time the attacker uses the target’s own IP address to create an infinite loop where the target waits for itself to send acknowledgement which will never come because it is the target system itself waiting to communicate with itself.


Smurf Attacks

A Smurf attack is a DOS Attack done by making huge number of Ping Requests with spoofed IP Addresses from within the target network creating a traffic that is too much for target system to handle. The result then is that the target network is unable to respond to legitimate users.


Distributed DOS Attacks

This is a new and improved DOS attack which is far greater threat that even threatens the virus as the most feared DOS Attack in the Internet.
This Distributed DOS attack will allow attackers to escape because it will be difficult to trace them because they are a group that acts in concert with each other. This kind of attack is somehow a little difficult since each will have to find lesser weakness on the target network and work their way up together.

Social Engineering: The Art of Human Hacking

Social Engineering: The Art of Human Hacking Summary:

Publisher: W i l e y 2010 | 408 Pages | ISBN: 0470639539 | EPUB | 6 MB

The first book to reveal and dissect the technical aspect of many social engineering maneuvers
From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unraveled the mystery in social engineering.
Kevin Mitnick—one of the most famous social engineers in the world—popularized the term “social engineering.” He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single-most effective method in his arsenal. This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats.

* Examines social engineering, the science of influencing a target to perform a desired task or divulge information
* Arms you with invaluable information about the many methods of trickery that hackers use in order to gather information with the intent of executing identity theft, fraud, or gaining computer system access
* Reveals vital steps for preventing social engineering threats

Social Engineering: The Art of Human Hacking does its part to prepare you against nefarious hackers—now you can do your part by putting to good use the critical information within its pages.

http://hotfile.com/dl/101569006/5bde095/Social_Engineering_-_Christopher_Hadnagy.rar.html