close

hacking Tools

The best Hacking tools of 2016 for hackers and pentesters

The best Hacking tools of 2016 for hackers and pentesters

Here are the top hacking tools for 2016 used by hackers and pentesters worldwide

Last year we published an article about the top ten hacker tools of 2015.  Likewise, Concise Courses conducted a fresh poll for 2016 and here are the top hacking tools for 2016 according to the results of that poll.

Nmap :

Nmap is an abbreviation of ‘Network Mapper’, which is a very well known free open source hackers tool. Nmap is used for network discovery and security auditing. Literally thousands of system admins all around the world will use nmap for network inventory, check for open ports, manage service upgrade schedules, and monitor host or service uptime. Nmap, as a tool uses raw IP packets in creative ways to determine what hosts are available on the network, what services (application name and version) those hosts are providing information about, what operating systems (fingerprinting) and what type and version of packet filters/ firewalls are being used by the target. There are dozens of benefits of using nmap, one of which is that fact that the admin user is able to determine whether the network (and associated nodes) need patching.

Acutenix Web Vulnerability Scanner :

Find out if your website is secure before hackers download sensitive data, commit a crime by using your website as a launch pad, and endanger your business. Acunetix Web Vulnerability Scanner (WVS) crawls your website, automatically analyzes your web applications and finds perilous SQL injection, Cross-Site scripting and other vulnerabilities that expose your online business. Concise reports identify where web applications need to be fixed, thus enabling you to protect your business from impending hacker attacks!

The fine folks at Acunetix have published a 100% FREE video course so you can learn how to use this awesome Web Vulnerability Scanner effectively! Here’s a link for more information and to register.

Metasploit :

The Metasploit Project is a hugely popular pentesting or hacking framework. If you are new to Metasploit think of it as a ‘collection of hacking tools’ that can be used to execute various tasks. Widely used by cybersecurity professionals and ethical hackers this is a tool that you have to learn. Metasploit is essentially a computer security project (framework) that provides the user with vital information regarding known security vulnerabilities and helps to formulate penetration testing and IDS testing plans, strategies and methodologies for exploitation.

OWASP Zed Attack Proxy Project :

The Zed Attack Proxy (ZAP) is now one of the most popular OWASP projects. The fact that you’ve reached this page means that you are likely already a relatively seasoned cybersecurity professional so it’s highly likely that you are very familiar with OWASP, not least the OWASP Top Ten Threats listing which is considered as being the ‘guide-book’ of web application security. This hacking and pentesting tool is a very efficient as well as being an ‘easy to use’ program that finds vulnerabilities in web applications. ZAP is a popular tool because it does have a lot of support and the OWASP community is really an excellent resource for those that work within Cyber Security. ZAP provides automated scanners as well as various tools that allow you the cyber pro to discover security vulnerabilities manually.

Wireshark :

Wireshark is an network analyser which allows the tester to capture packets travelling through the network, and to inspect them.

The test computer should be connected at appropriate testing points. Some of my recommendations are:
1. On various points of a DMZ.
2. On a port of a switch.
3. Between router and firewall.(If their is a separate hardware for each) .
Wireshark is possibly the second best known ‘Hackers Tool’ out there. Wireshark has been around for a long time now and it is used by thousands of security professionals to troubleshoot and analyse networks for problems and intrusions. Originally named Ethereal this tool, or rather, ‘platform’ is a highly effective (and free!) open-source packet analyzer. Worth noting that Wireshark is cross-platform, using the GTK+ widget toolkit in current releases, and Qt in the development version.

Burp Suite :

Burp Suite is a network vulnerability scanner basically with some enhanced features. Two commonly used applications used within this tool include the ‘Burp Suite Spider’ which can enumerate and map out the various pages and parameters of a web site by examining cookies and initiates connections with these web applications, and the ‘Intruder’ which performs automated attacks on web applications.

This is a ‘must-learn’ tool if you work within cyber-security and are tasked with penetrating applications used within an organization.

THC Hydra :

Although often considered as yet another password cracker, THC Hydra is hugely popular password cracker and has a very active and experienced development team. Essentially THC Hydra is a fast and stable Network Login Hacking Tool that will use dictionary or brute-force attacks to try various password and login combinations against an log in page.

Hydra supports various network protocols including, but not limited to AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, and Rexec.

Aircrack-ng :

The Aircrack suite of Wifi (Wireless) hacking tools are legendary because they are very effectively when used in the right hands. For those new to this wireless-specific hacking program, Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking hacking tool that can recover keys when sufficient data packets have been captured (in monitor mode).

For those tasked with penetrating and auditing wireless networks Aircrack-ng will become your best friend. It’s useful to know that Aircrack-ng implements standard FMS attacks along with some optimizations like KoreK attacks, as well as the PTW attacks to make their attacks more potent. If you are a mediocre hacker then you will be able to crack WEP in a few minutes and you ought to be pretty proficient at being able to crack WPA/ WPA2.

John The Ripper :

John the Ripper wins the award for having the coolest name. John the Ripper, mostly just referred to as simply, ‘John’ is a popular password cracking pentesting tool that is most commonly used to perform dictionary attacks. John the Ripper takes text string samples (from a text file, referred to as a ‘wordlist’, containing popular and complex words found in a dictionary or real passwords cracked before), encrypting it in the same way as the password being cracked (including both the encryption algorithm and key), and comparing the output to the encrypted string. This tool can also be used to perform a variety of alterations to dictionary attacks.

This was all about the trending tools for hackers in 2016. Must tell us if there is a name which is missing here but is worth including.

Also read: Top 15 Android Hacking Apps and Tools

read more

The Top Ten Hacker Tools of 2015

The Top Ten Hacker Tools of 2015

List of top ten hacker tools of 2015

Every task requires a good set of tools.This because having right tools in hand one can save much of its energy and time.In the world of Cyber Hacking (“Cyber Security” formally) there are millions of tools which are available on the Internet either as Freewares or as Sharewares.

If you are security researcher, pentester or a system admin, you need to have this on your PCs/laptops to find the vulnerabilities and plug them. Concise Courses conducted an online poll to determine top ten hacking tools out of some of the famous ones. Here is the list which came out the winner on the poll.

1. Nmap:  Network Mapper

Abbreviated as nmap is a versatile tool for Network Security, plus it is free and open source.It  is largely used by network administrators for network discovery and security auditing. System admins use nmap for network inventory, determining open ports, managing service upgrade schedules, and monitoring host(A term used for “a computer on a network”) or service uptime. The tool uses raw IP packets in many creative ways to determine what hosts are available on the network, what services (application name and version) they offer,which type of protocols are being used for providing the services,what operating systems (and OS versions and possible patches) and what type and version of packet filters/ firewalls are being used by the target.

2. Metasploit:

A tool for exploiting (Utilising network weakness for making a “backdoor”) vulnerabilities (Weak Points) on Network. This tool is neither free nor open source. But when it comes to features offered it deserves the price it claims. The Metasploit Project is a hugely popular pentesting (penetration testing) or hacking tool that is used by cybersecurity professionals and ethical hackers. Metasploit is essentially a computer security project that supplies information about known security vulnerabilities and helps to formulate penetration testing and IDS testing.

3. Cain and Abel:

Cain & Abel is a password recovery tool that is mostly used for Microsoft Operating Systems. This popular hacking tool allows the user to seek the recovery of various kind of passwords by sniffing the network(capturing some of the data packets), cracking encrypted passwords using Dictionary, Brute-Force(Generation of hashes out of words and then comparison of encrypted hash with the generated one,this method takes less time than dictionary attack method) and Cryptanalysis attacks. Cain, as it is often referred to, can also record VoIP(Voice over IP protocol,used for making calls over using internet) conversations, decode hashed scrambled passwords, recover wireless network keys and more.It can crack various types of hashes including NTLM,MD2,MD5,SHA-1,SHA-2 and many more.These functionalities make Cain and Abel one of the best password recovery tool.

4. Angry IP Scanner: 

Angry IP Scanner, also known as ‘ipscan’ is a freely available (open-source and cross-platform) hacking network scanner that is both fast and easy to use. The main purpose of this hacking tool is to scan IP addresses and ports to find open doors and ports. Worth noting that Angry IP Scanner also has a bunch of other uses as well. Common users of this hacking tool include network administrators and system engineers.

5.John The Ripper: 

John the Ripper is a popular password cracking pentesting tool that is most commonly used to perform dictionary attacks. John the Ripper takes text string samples (from a text file, referred to as a wordlist, containing popular and complex words found in a dictionary or real passwords cracked before), encrypting it in the same way as the password being cracked (including both the encryption algorithm and key), and comparing the output to the encrypted string. This tool can also be used to perform a variety of alterations to dictionary attacks.Including Brute Force and Rainbow attacks.

6. THC Hydra:

Although often considered as yet another password cracker, THC Hydra is hugely popular and has a very active and experienced development team. Essentially THC Hydra is a fast and stable Network Login Hacking Tool that will use dictionary or brute-force attacks to try various password and login combinations against an log in page. This hacking tool supports a wide set of protocols including Mail (POP3, IMAP, etc.), Databases, LDAP(Lightweight Directory Access Protocol),SMB, VNC, and SSH(Secure Shell,used by VPN Softwares).

7. Burp Suite:

A pentesting tool,Burp Suite has several features that can help the penetration tester or ethical hacker. Two commonly used applications used within this tool include the ‘Burp Suite Spider’ which can enumerate and map out the various pages and parameters of a web site by examining cookies and initiates connections with these web applications, and the ‘Intruder’ which performs automated attacks on web applications.

8. Nessus Remote Security Scanner

Recently went closed source, but is still essentially free. Works with a client-server framework. Nessus is the worlds Nessus Remote Security Scanner most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the worlds largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications. (This tool is not in the Concise list)

9. Ettercap:

Ettercap has a huge following and is widely used by cyber security professionals. Ettercap works by placing the user’s network interface into promiscuous mode and by ARP poisoning(ARP : Address resolution protocol is used to determine a host’s MAC address (address of its Network Interface Card) by knowing its IP address. ARP poisoning is a process where a hacker gives wrong information of either its MAC or IP address to the network.) the target machines, i.e. facilitating a ‘Man In The Middle’ or MITM attack. Once successful Ettercap (and the hacker) can deploy various attacks on the victims. A popular feature about Ettercap is its’ ability to support various plugins.

10. Wapiti:

Wapiti has a very loyal following. As a pentesting tool (or framework) Wapiti is able to scan and detect hundreds of possible vulnerabilities. Essentially this Multi Purpose Hacker Tools can audit the security of web applications by performing “black-box” scans, i.e. it does not study the source code of the application but will scan the HTML pages of the application seeking scripts and forms where it can inject data.

If you have any favourite tool of your own which we have not mentioned in the article, kindly mention it in the comments so that we can include it in our next list.

Resource : Concise.

read more

Top 10 Android hacking tools for Android users, ethical hackers and pentesters

Top 10 Android hacking tools for Android users, ethical hackers and pentesters

Top 10 hacking tools for Android

Android is one of the most widely used mobile operating system, owned by Google Inc. The platform changed the market scenario by becoming the most popular and widely used mobile OS. It has completely changed the view of mobile and had come up with extraordinary features which the users love to operate.  Its interface is good and is user handy. User feels very comfortable while using it. The OS uses touch inputs that loosely correspond to real-world actions, like swiping, tapping, pinching, and reverse pinching to manipulate on-screen objects.

Apart from the normal mobile user, tech guys also like its flexible features that allow them to do various new tasks. But its security issues are also the main concern. Recently there were many cyber attacks targeting Android users which were reported.

So here is some the tools that are meant for the security testers, ethical hackers and pentesting. Most of you might be familiar with the tools discussed but others can find some new things also. So top 10 Android hacking tools that are meant for hacking and hackers are given as:-

Hackode

The hacker’s toolbox is an application for penetration tester, ethical hackers, IT administrators and cyber security professionals to perform different tasks like reconnaissance, scanning performing exploits etc. This Application contains other different tools like Google Hacking, Google Dorks, Whois, Scanning, Ping, Traceroute, DNS lookup, IP, MX Records, DNS Dig, and Exploits Security Rss Feed.

Androrat

Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server. The name Androrat is a mixture of android and RAT {Remote Administration Tool}. The goal of the application is to give the control of the Android system remotely and retrieve information from it. It has additional feature which help to get contacts, get call logs, get all messages, location by GPS/Network, monitoring received messages in live, monitoring phone state in live, take a picture from the camera, stream sound from microphone, streaming video, send a text message, make call, open an URL in the default browser and vibrate the phone.

APKInspector

APKinspector is a powerful GUI tool for analysts to analyse the Android applications. The goal of this project is to aid analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps. Its helps in UI Improvement have automatic installation, Fine-grained Graph View to Source View, Call Graph, Navigation, Better display of Control Flow Graph. Its new features are Static Instrumentation and Combine Permission Analysis.

DroidBox

DroidBox is developed to offer dynamic analysis of Android applications. This application helps in analysing the hashes for the analyzed package, Incoming/outgoing network data, File read and write operations, Started services and loaded classes through DexClass Loader, Information leaks via the network, file and SMS, Circumvented permissions, Cryptographic operations performed using Android API, Listing broadcast receivers, Sent SMS and phone call.

Burp Suite

Burp Suite is a Java application that can be used to secure or penetrate web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun. Burp is easy to use and intuitive, allowing new users to begin working right away. Burp is also highly configurable, and contains numerous powerful features to assist the most experienced testers with their work.

zANTI

zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety. zANTI produces an Automated Network Map that highlights every vulnerability of a given target. It helps to uncover authentication, backdoor and brute-force attacks, DNS and protocol-specific attacks and rogue access points using a comprehensive range of full customizable network reconnaissance scans. Further it also helps to enable Security Officers to easily evaluate an organization’s network and automatically diagnose vulnerabilities within mobile devices or web sites using a host of penetration tests including, man-in-the-Middle (MiTm), password cracking and metasploit. It highlights security gaps in your existing network and mobile defenses and reports the results with advanced cloud-based reporting through zConsole. zANTI mirrors the methods a cyber-attacker can use to identify security holes within your network. Dashboard reporting enables businesses to see the risks and take appropriate corrective actions to fix critical security issues.

Droid Sheep

DroidSheep can be easily used by anybody who has an Android device and wants to test it for vulnerabilities. So anybody can test the security of his account by himself and can decide whether to keep on using the web services. It listens for HTTP packets sent via a wireless network connection and extracts the session id from these packets in order to reuse them. DroidSheep can capture sessions using the libpcap library and supports: OPEN Networks WEP encrypted networks WPA and WPA2 encrypted networks (PSK only). DroidSheep is not intended to steal identities or endamage anybody, but to show the weak security of non-SSL web services. This software uses libpcap and arpspoof.

dSploit

dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device. dSploit contains a number of powerful functions that allow you to analyze, capture, and manipulate network transactions. You can scan networks for connected devices, identify the operating system, running services and open ports on each device, as well as checking them for vulnerabilities. Its key features are WiFi Cracking, Router PWN, Trace, Port Scanner, Inspector, Vulnerability finder, Login cracker, Packet forger, Man in the middle, Simple sniff, Password sniff, Session Hijacker, Kill connections.

AppUse – Android Pentest Platform Unified Standalone Environment

AppSec Labs recently developed the AppUse Virtual Machine. This system is a unique, free, platform for mobile application security testing in the android environment, and it includes unique custom-made tools created by AppSec Labs. It allows you to work faster, be more effective, get higher quality results and save precious time. The AppUse will allow you to perform complex actions on your testing device/emulator via single-click; the following is only a partial list that are stated to have following features as to Configure proxy for any protocol/port, Pull APK from the device, Edit application files, Launch emulator/auto detect your testing device directly into the AppUse dashboard interface, Easily send broadcast messages and start activities and services, Perform runtime manipulation  with Reframeworker, Easily broadcast receivers, and services detection.

ConnectBot

ConnectBot is a powerful open-source Secure Shell (SSH) client. It can manage simultaneous SSH sessions, create secure tunnels, and copy/paste between other applications. This client allows you to connect to Secure Shell servers that typically run on UNIX-based servers. It user to enter commands from their android device and have the commands run on the remote server instead of the local android device. It uses the standard encryption used by SSH2 to keep any commands and data that are transmitted from being eavesdropped by any potential listeners across the network. Its key feature are that it supports login with a username and password to any arbitrary server on the local network or internet, Supports connections based on a public/private keypair instead of username/password for increased security, Allows frequently accessed hosts to be saved in a menu, so that they can quickly be re-connected to, Other programs on the android device can use ConnectBot as a ssh-agent so that the other program can pass data and commands securely to the server. Once the connection has been made with the remote server, the program presents the user with a terminal where input and output can be sent/received just as if the user were sitting in front of a terminal on the actual server.

Do remember that these tools are very powerful and should be handled only if you are into pentesting, ethical hacking or a cyber security expert. Using the tools without applicable knowledge may be illegal in your country.

Click on the hyperlinks in the heading to know more, download the App.

read more

Top 10 Free Wireless Network hacking/monitoring tools for ethical hackers and businesses

Top 10 Free Wireless Network hacking tools for ethical hackers and businesses

Ten Free Wireless Hacking Software

There are lots of free tools available online to get easy access to the WiFi networks intended to help the network admins and the programmers working on the WiFi systems and we at Team Techworm have picked the top 10 of those for ethical hackers, programmers and businessmen.

Internet is now a basic requirement be it office or home as it is majorly used in smartphones besides computer. Most of the times people prefer to use wireless network LAN which is much easier and cost effective.

It has been observed that the neighborhood WiFi hot-spots are visible on user’s device however one can get access to the same only by cracking password with the sole purpose of using free internet. Also in case of big firms where all the employees are connected through a wireless network admin might want to keep a check on the network traffic and hence even they need tools to crack the network.

Vulnerability in the wireless LAN is majorly due to poor configuration and poor encryption. Poor configuration includes the case of weak password mainly done purposefully by the network admin to check the network traffic. Poor encryption is dangerous as it is related to the 2 security protocols WEP (Wired Equivalent Privacy) and WPA (WiFi Protected Access) and WPA is again of 2 types WPA1 and WPA2, WPA was introduced in 2003 as WEP protocol was easy to crack. The tools used to hack the network is used either for the

  • purpose of sniffing the network : as is the case of network admins and
  • cracking the password: used by programmers to rectify the trouble shooting and by the people who want to use internet free of cost. It has been seen that based on this concept there are around 10 tools together which can be understood to hack wireless LAN.

Aircrack

Most popular wireless password cracking tool, it attacks 802.11a/b/g WEP and WPA. This tool manufacturers also provides tutorial for installation of the tool and its usage for cracking the password. Prior to using this tool it is essential to confirm that the wireless card can inject packets as this is basis of WEP attack. This can be downloaded from: https://www.aircrack-ng.org/

2) Cain & Abel: This tool intercepts the network traffic and cracks the passwords forcibly using crypt-analysis attack methods. It also helps to recover the wireless network keys by analyzing routine protocols. Can be downloaded from : https://www.oxid.it/cain.html

inSSIDer

This tool has been awarded “Best Opensource Software in Networking” and is a paid software available at a cost of $19.99. This is popular scanner for Microsoft Windows and OS X operating systems and can do a lot of tasks which can be helpful for the admins to sniff the network LAN. Can be downloaded from : https://www.inssider.com/

WireShark

This is network protocol analyzer. So again good for the network admins to keep a check on the traffic. Basic requirement is that the user should have a good knowledge of the network protocol only then they can use this tool. Can be downloaded from : https://www.wireshark.org/

CoWPAtty

This tool is an automated dictionary attack tool for WPA-PSK. CoWPatty is simple to use however it is slow as tool uses the password dictionary for generating hack for each word contained in the dictionary by using the SSID. Can be downloaded from: https://sourceforge.net/projects/cowpatty/

Airjack

This is a Wi-Fi 802.11 packet injection tool. Mostly used to check for the “man-in-the-middle (MiTm) flaws” in the network and mitigate them. Can be downloaded from : https://sourceforge.net/projects/airjack/

WepAttack

This is an open source Linux tool for breaking 802.11 WEP keys. While working with this tool a WLAN card is required and basically the tool attacks working key using the dictionary words. Can be downloaded from : https://wepattack.sourceforge.net/

OmniPeek

This is again network analyzer tool working only on Windows OS. This tools captures and analyzes the network traffic. The tool can be also used for trouble shooting. Can be downloaded from : https://www.wildpackets.com/products/distributed_network_analysis/omnipeek_network_analyzer

CommView for WiFi

This is for wireless monitoring and protocol analysis. Captured packets can be decoded by user-defined WEP or WPA keys.  This again is mainly used to monitor the WiFi traffic by the professional programmers, protocol admins and even at homes. Can be downloaded from : https://www.tamos.com/products/commwifi/

CloudCracker

This is online password cracking for WPA protected WiFi networks. It is used to crack the passwords by using a dictionary of around 300 million words. Can be downloaded from : https://www.cloudcracker.com/

Most of these tools are free; some of them are for protocol analyzers to monitor the trouble shooting whereas others are for hacking the password for unauthorized internet access also there are tools which use the dictionary words to crack the password.

For the network admins and the professional programmers these tools should be more helpful for understanding the cracking of password and hence helping them professionally.

However, one needs to be cautious when using the tools as this might be an offense to use the tools to crack the passwords and get unauthorized access to the internet in some countries. Also such kind of tools are also used by cyber criminals and terrorists to get easy access for free usage of internet anonymously.

read more

New Bug Found in iPhone Which Stores User Input Data And Transfer To Remote Server

A new vulnerability has been found in iphone by Security Research firm FireEye.  The researchers at FireEye found out about a malicious Application which can work like a keylogger.  It is well known that the iPhone doesnt have much but apparently this malicious app is programmed keeping that in mind, therefore it can be safely said that this App may be first of the kind of ‘Touchloggers’. The App can read every touch or tap made by the user and record the same in its log.  This basically  means that this app can keep data of every movement made by the iPhone user.  As such even if the user locks or unlocks his/her iPhone or types anything or opens any App, this malicious App can record everything and send the logged or shall we say ‘touchlogged’ information to any external server.

Iphone vulnerability

FireEye is the same Security research firm which had previously discovered a major flaw/zero day vulnerability in Internet Explorer.  To read that article kindly visit here :

Read More: Zero Day Vulnerability Found in Internet Explorer By FireEye Security Researchers

FireEye Says that

“We have created a proof-of-concept “monitoring” app on non-jailbroken iOS 7.0.x devices. This “monitoring” app can record all the user touch/press events in the background, including touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server, as shown in Fig.1. Potential attackers can use such information to reconstruct every character the victim inputs.”


According to FireEye this malicious App which takes advantage of a key flaw in the iOS multitasking capabilities to allow the hackers/attackers to record the iPhone users every tap or swipe, has so far only been found in Non-Jailbroken iOS 7.0.x device which means that Jail broken iPhones are immune to this particular App.   FireEye has also said that the logged files containing the ‘touchlogs’ are then transferred to unknown command and control servers.

The Apps concept relies on Apple’s background refresh technology because an iPhone can run several apps in background and  can collect information of every touch made on device. iPhone has Option to turn off background refreshing of applications but researchers have said that disabling background refresh may not restrict the touchlogging of this malicious app.  FireEye gave the example of the “Music player App” on a iPhone.  The Music Player App keeps on continuously refreshing itself even if background refresh has been disabled by the user.  This App, FireEye says, works in a similar fashion, refreshing data even when background refresh is Disabled.

Until Apple releases Patch for this flaw or vulnerability, the only thing iPhone users can do is keep an eye on the running Apps in the Task Manager and kill any App/Task which seems unnatural.

read more

South Korea Designs A New Malware Similar To Stuxnet Which Will Destroy North Korea’s Nuclear Program

South Korean Government has planned to develop a Sophisticated Cyber Weapon similar to the Stuxnet malware. According to Yonhap, A South Korean News Agency, The weapons are part of the wider government strategy which will help them to Boost South Korea’s national cyber-offensive capabilities . An unnamed source within the South Korean Ministry confirmed that the South Korean Government will be funding the creation of the sophisticated malware which will be designed to sabotage North Korean’s missile and Atomic facilities. Once the second phase is established the cyber command will carry out compressive cyber warfare mission.
Exactly how this malware will work is still unknown But this malware is designed to Brutalize any source targeting South Korean System with any kind of cyber Attacks.
Image Credits: techweekeurope.co.uk


News about Korean Government is that they will also fund in the creation of the new cyber Defense department which will run by the joint chiefs of the staffs. This department will act as a control tower of cyber warfare missions.
This new department will oversee the defensive cyber warfare missions when some major networks of South Korea will be hit by major Hack attack.
The news came just after the Korean minister of Defense announced new cyber-attack sharing information in partnership with US. The Partnership was announced at the first Korean US national Defense Cyber Cooperation working group.

According to source the US had funded the creation of the Stuxnet malware which is a cyber-sabotage tool which was discovered in 2011, which targeting Iranian Nuclear Facilities. Security Giant Kaspersky reported that the malware has managed to infect many Russian nuclear facilities in 2013.
read more

War Against Mobile Adware Still Exists, More Than 1000 Of Mobile Apps Contains Adware

Google’s crackdown on malicious ‘adware’ within Android apps last September had an immediate impact on the number of people encountering this category of mobile Malware, according to security firm Lookout.

Google has published its latest figures for “encounter rates” with various categories of mobile Malware in 2013; they have noticed sharp growth in Adware rates between the second and third quarters of the year, but then a decline in many countries in the final quarter.

Google has updated its Play Store terms and condition In September 2013 According to Google’s updated Play Store terms and conditions around 36,000 apps contained Ad network which broke the rule, as explained by LookOut in a Blog Post.
War Against Mobile Adware Still Exists, More Than 1000 Of Mobile Apps Contains Adware
Image Credits: Emailtray.com

LookOut Further Explains that “Through Q3 2013 Adware began to fall. By late 2013 the biggest offenders, Lead Bolt, and RevMob updated their advertising SDKs to be compliant with the new guidelines providing a much less intrusive experience to users.”

The LookOut report further warns that the Adware is still frequently encountered by mobile users, with SDKs bundled into apps that steal personal data and insert “occasionally disruptive, often offensives adverts” into the user experience. It also states that the Adware encounters mostly in Smartphone users.

LookOut claims that “In this world where our personal phones are used in the corporate workplace, gaining unprecedented access to valuable information, it is even more important than ever before that we police advertising networks, Ensuring that they, and the apps that carry them, are built from the ground up with privacy and security in mind is the only way we will prevent criminals from adapting to this latest opportunity.”

Lookout’s new report also notes that there is a rise of another mobile Malware category, “chargeware”. These “Chargeware” Apps refers to apps – which often focused on pornographic content – that are deliberately unclear about how they charge users, and how those people can unsubscribe.
read more

Internet Bug Bounty Program Pays First Reward For Adobe Vulnerability

In November 2013 A group of security experts backed by Tech Giant Microsoft and Social Network Giant Facebook launched an Internet Bug Bounty (IBB) Program and they have issued their First $10,000 Reward for a critical vulnerability in flash Player by Adobe Back in December 2013.

David Rude is the person who was rewarded  $10,000, Rude is a researcher in iDefence Lab. but he is not the only one who won this reward. When the Vulnerability was found it was not reported to IBB immediately, The vulnerability was reported first to Adobe through standard channels.

Internet Bug Bounty Program Pays First Reward For Adobe Vulnerability

Chris Evans, a Google security engineer and a member of the IBB said that “IBB culture is to look mainly at whether a given discovery or piece of research helped make us all safer. Our aim is to motivate and incentives any high-impact work that leads to a safer internet for all”.

Evan said “IBB does not want or need details of unfixed vulnerabilities — that would violate strict need-to-know handling”

“Once a public advisory and fix is issued, researchers or their friends may file IBB bugs to nominate their bugs for reward. Or, for important categories such as Flash or Windows / Linux kernel bugs, panel members keep an eye out for high impact disclosures and nominate on the researchers’ behalf. Because we care.”

read more

New Variant Of Zeus Banking Trojan Named ZeusVM Found Steganographed In JPG Images

Jerome Segura, a senior security researcher of MalwareByte says that “A new Variant of Zeus Banking Trojan (ZesusVM) has been found in JPEG (Joint Photographic Experts Group) image file. This act of concealing images or messages in other messages or images is known as Steganography”.

In the case of ZeusVM the code is hidden in the JPEG Images steganographically.  The trojan ZeusVm than uses this retrieve  its configuration files and perpetrate.

Jerome Segura further explains that”The JPEG contains the Malware configuration file, which is essentially a list of scripts and financial institutions – but doesn’t need to be opened by the victim themselves. The JPEG itself has very little visibility to the user and is largely a cloaking technique to ensure it is undetected from a security software standpoint”.

bank trojan
ZeusVm Trojan allows man-in-the-middle attack in which attacker can not be traced easily. An attacker can obtain sensitive information by altering a Login page using WebInjects. Segura says that Visiting Banking related websites may activate the ZeusVM .

Segura Furthur explains that ZeusVm Trojan is executable, and copies itself deep within the computer like other replicating Viruses, ZeusVM can also easily communicate with the command-and-server when it finds network and it can also reactivate (auto restart) itself when computer  reboots.

This Malware can be distributed in many ways but the spread is majorly through phishing emails or web based attacks.  This Malware can also be spread via Malvertising, which involves websites hosting ads that spread Malware. Malvertising is the best method for spreading such Malwares because in case of websites, the malware gets ready made host which is always online.   The moment the malware injects itself into the advertising, it can go viral by the amount of clicks it generates.  The malvertising ads can then spread Malware through the internet traffic which the hacker/attacker may obtain through ethical means (search engines) or through illicit means (phishing mails/spam links/spam comments).

Segura has started more research on into this Trojan and to show the difference between the original image and the Steganographed image. In a Blog post he showed two images which looked exactly same but when he showed his result of viewing the images in Bitmap mode and in a hexadecimal viewer the difference of both images was clearly visible.

Segura wrote in the post that to make identification more difficult the appended data is encrypted with Base64, RC4. To decode you can reverse the file with a debugger such as OllyDbg and grab description Routine.
read more

Moon Worm Infects Thousands Of LinkSys Routers, Spreading from one to Another.

According to the recent security report a worm named “MOON” is spreading in to various Linksys routers like a wild fire. This worm can infect routers without acquiring or requiring password. Infected machine then uses maximum bandwidth to scan for other routers which are vulnerable and can be preyed upon.  The predatory worm “MOON” uses Port 80 and Port 800 to scan for other  vulnerable routers to spread itself. As already said above, this worm is so dangerous that it does not require any authentication and sends out random “Admin” credentials which are hooked up by the prey.

This attack was discovered by an ISP in Wyoming, USA.  When the users discovered it they thought that only few number of routers were susceptible to it but later on it became known that the worm is predatory in nature and almost all Linksys routers are vulnerable.  After the discovery, it was noticed that the “MOON” worm is spreading to various other models of Linksys routers.  As of now the model number or the quantity of Linksys routers infected by ‘Moon’ is not clear but the Linksys officials said in a presser that the vulnerability may spread depending upon the firmware version.  Linksys described following model as highly vulnerable to the ‘Moon’ worm : E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000,E900.

Due to this worm an infected router’s HTTP server is opened only for a short period of time and for each target a new server with different port is opened.

Moon Worm Infects Thousands Of LinkSys Routers, spreading from one to another.
Image Credits : Lifehacker.com

Johannes Ullrich of the Internet Storm Centre who is studying this particular worm,  says that “This may be a ‘bot’ if there is a functional command and control channel present”.

Many routers have come under scrutiny from security researchers in the past year, after a series of demonstrations showed ways to break into the devices.

Many routers of popular Router brands like Linksys and Netgrear are found to be particularly vulnerable to a “backdoor”, or a gap in layman terms, which allows the would be hacker/attacker to access routers admin panel. The attacker can then set and reset the router switching based on his/her preference to create a create an wireless access point. Once the WAP is created, the hacker/attacker has unhindered access but the only requirement for this backdoor to work is that this backdoor requires that the attacker to be on the same local network.

This backdoor was discovered by French researcher Eloi Vanderbeken who claimed that he found this backdoor by accident, while he was checking his family’s home router, noticing that the router was ‘listening’ for commands via a TCP port. Vanderbeken was able to use this to gain administrator privileges and reset the password. Last year various D-Link routers were vulnerable to serious backdoor breaches which cut down the sales of various D-Link routers.

read more