More Info on the Castlecops website
Apparently Paul Laudanski, the owner, and main driving force behind the castlecops website has accepted a position at microsoft. We can put away our tin foil hats, Paul stated he simply would not be able to do run Castlecops *and* be in microsoft full time employ.
You can read about it in more detail here courtesy of geek.com
Jean “TinFoilHatMan” Taggart
|
‘Tis the Season… for scams!
Scammers are not getting any rest during the holiday season. As always be vigilant when you get an email that sounds too good to be true.
Below are some classic examples I received in my bait email account:
Love:
The “FBI”:
“Lucky winner”
Bill Gate [sic]
Approved Signature
Jerome
|
Is it the end for Castlecops?
One of the sites that I monitor on a daily, no hourly, basis is Castlecops. Castlecops is a volunteer based security site, where you can report phishing incidents, get help with hijackthis logs, and educate yourself on cybercrime, amongst other things. It has been under Ddos countless times, and is a thorn in many a web criminals side.
Looks like they have suspended activities. Bad guys are probably cheering and uncorking the champagne, while we observe a moment of silence in their memory.
We will monitor this situation closely, and I will try to get used to referring to them in the past tense.
Jean “TinFoilHatMan” Taggart
|
VitalSecurity.org is back!!!!!
That looks like a great Christmas present: Paperghost is back on VitalSecurity.org!
It’s good to see you back Chris. We had missed your humor and insatiable thirst for a good pownage.
Jerome
|
Maintenance… clean up… it’s Christmas
Well, the weather is quite miserable, snow keeps coming and there are less people in the office. Despite that, we’re still analyzing malware and such…
I’m doing some upgrades to my systems as well, trying the new Ubuntu 8.10. My version of 8.04 is getting messy and some apps are giving me trouble.
I’ve noticed it’s been quiet on the blogs… at least security blogs, since it’s pretty much all I read anyways.
I’m planning on making some more videos for the YouTube channel. If you have any special requests feel free to let us know.
Jerome
|
Microsoft releases out-of-cycle patch for IE7 exploit
The guys at Microsoft must have been working hard on pushing a patch for this nasty vulnerability.
Shortly after their monthly security updates they released a patch today supposed to fix the issue.
Malware authors were quick to jump on the bandwagon all the while this flaw was discovered. Apparently Chinese researchers had leaked the code for the exploit… by mistake. But, it seems the code was already known to hackers who were selling it for quite a bit of money on the underground markets.
All this confirms that browser-based attacks are the most common infection vector.
Jerome
|
We’re snowed in… in Victoria!
Yes, there is quite a bit of snow on the West Coast right now. The forecast is showing some more for the next days.
We’re not used to this here… so commuting is a bit of a pain…
But there’s a bit of fun too… for some old-school snowball fights (that’s me on the pic)
Jerome
|
The porn trojan is no more
Once there was a nasty Trojan Horse that I nicknamed the “Porn Trojan”. It earned this name because of the massive traffic to porn sites it was generating. I’m talking about gargantuesque downloads of entire adult websites… It ofen came with a bunch of exploits pushing various scareware programs.
Since ICANN shutdown ESTDomains, the servers are no longer there… so here it sits, trying to call home… 
I captured a video at the time showing is payload.
Jerome
|
Lost In Rogue’s Strange Ways…
I’ve been on the hunt for the AntiVirus 360 rogue think everyone’s talking about…
Well, getting the Trojan that installs it was relatively easy, but the rest was something else.
First off, this sample likes to play tricks with you… it ’sleeps’ for more than 6 minutes before actually doing something… So, if your sandbox only runs the sample for 2 minutes, you will get nothing out of this one.
Moving on, this sample is actually quite nasty, reminding me of the days of DollarRevenue ahhh…
Check this great EULA: one button, and one only: Accept. Nice!
And it seems to store more bad stuff on RapidShare… Unfortunately the file is gone already
Now, this pic does remind me of DollarRevenue… the classic Command infection… still there after all this time!
Time to proceed to the checkout:
No thanks! 
Jerome Segura
|
Offline RSS feeds viewer for the PSP
As some of you may know, I won Sunbelt’s prize at VB 2008, a red PSP.
Well, I’m not a huge gamer, so I decided to turn it into something useful 
There is a RSS feed functionality within the PSP but it has drawbacks:
- incompatible with some blogs
- requires internet connection
So I wrote a script to download my favourite feeds for offline browsing. Then I built a simple html page to link all the blogs together and voila!
P.S. you will notice that most of my RSS feeds are security related… go figure…
Update!
If you want to read your favourite blogs offline, and you happen to have a PSP then this is for you:
Note that this script will only run under Linux (I tested it with Ubuntu 8.10).
What you need to do is:
1. create a folder on your desktop called Blogs.
2. Create a new file and name it rss_info. That file must be under ~/Desktop/Blogs
this file contains: the name of the blog (no space), the URL or XML for RSS2 feeds, 1 or 2
1 stands for regular full page scrape.
2 stands for RSS2 indivudal scrape of each posts for that blog.
This is a comma separated file too.
Sophos,http://feeds.sophos.com/en/rss2_0-sophos-sophoslabs-blog.xml,2 FrenchMAD,http://mad.internetpol.fr/feeds/index.rss2,2 Sunbelt,http://sunbeltblog.blogspot.com,1 CA,http://community.ca.com/blogs/securityadvisor,1 ESET,http://www.eset.com/threat-center/blog,1 StopBadware,http://blog.stopbadware.org,1 Microsoft,http://blogs.technet.com/mmpc,1 VitalSecurity,http://www.vitalsecurity.org,1 ThreatFire,http://blog.threatfire.com,1 TrendMicro,http://blog.trendmicro.com,1 McAfee,http://www.avertlabs.com/research/blog,1 FSecure,http://www.f-secure.com/weblog,1
3. Run the script
4. Copy the Blogs folder onto your PSP under PSP/COMMON/
5. In your PSP, launch the Internet browser (under Network). You do not need an internet connection.
6. Type the address to the blog (address entry): file///PSP/COMMON/Blogs/index.html
7. Set it as a bookmark, or homepage so you don’t have to type the address every time.
That’s about it. New features may come in the future.
Jerome Segura
|
