fredag 8 mars 2013

Debuggers just have to love them

Spend around 20 hour the past days reading about anti debugging tricks.
And i find it very interesting will write a Class for it since i lost my usb stick all my old and "current" project no longer exist so to speak. I would also need to make my self a new dropbox account our equal.

I think Yandex migh be worth a try =), back on topic i have found many samples how ever most off them are for C++.

Over and out

tisdag 19 februari 2013

Abusing tumblr to spread malware

A friend kindly shared this link with me http://gta5updates.tumblr.com/,
then after that we go to http://tumblr.comlu.com/...

and pie, there is a java applet


Pretty fun to see that tumblr can be abused like that, i have never seen it before...
How ever for reporting a tumblr a mail is fine (that nice)
http://tumblring.net/how-to-report-people-on-tumblr-for-abuse/

tisdag 12 februari 2013

Phoenix Downloader source code C#

Since i have now lately made up my mind and decided to start learning C++,
I also decided to clean up some off the massive source code in C# i have.

Phoenix is a basic downloader/dropper, that attempt to download a file and drop it one the hard-drive. 

The builder GUI is very straight forward,
You choose if you want to delay the process of downloading and executing, and it also offer to add start up for the dropped file.

I recommend using App data instead off System 32, for a higher success since appdata is more UAC friendly then system 32.

Please don't miss use it only use it for education usage :).
Credit: CaptainBri

Download: http://www.sendspace.com/file/pvljpc
You will need a program such as 7zip to unpack...

torsdag 17 januari 2013

Another Domain says "canceled" due to abuse

You can read about it here, https://www.flashback.org/p41486538
It appear to be a browser addon that cause it.


Any way probably used to host some JDB there our other shit, when i visited the there hosting where canceled. How ever i just reported to nic.tk and yeah the suspended the domain at least ^^.

söndag 16 december 2012

Another Drug store http://inrikescs.webs.com/

Having some free time i decided to go after one more off those Drug Store,
Found one pretty fast on  FlashBack using webs.com (free hosting).
I read there TOS and yeah selling/offering drugs where against it so i send a mail.
They did answer pretty fast but sounds more like a automatic answer and the site is still up and running...

Thank you for notifying the Webs Abuse Department regarding a violation on a site hosted by us. Violations and abuses of our services are taken very seriously. With the enormous number of sites hosted by us, we are unable to catch violations before they happen, and at times, even after they have taken place.
All complaints and notifications are investigated and the site manager notified about the complaint and action that may be needed should they be in violation of our Terms-of-Service. Should action not be taken, the site is frozen pending deletion, unless corrective steps are taken.
We do not freeze or delete sites without investigating the complaint or notification since we do receive a large volume of false or incorrect accusations of such abuses.
You should also understand that although Webs does take responsibility for the content on sites that we host, we do not have the authority to investigate all issues, nor to prevent future violations. You should use your best judgment to contact an attorney or local authorities depending on the violation and what actions you feel need to be taken to prevent future violations by the offender.
Thank you for notifying us about the violation. We hope to take the appropriate action as soon as possible.
Best Regards,
Webs Abuse Department
Kindest Regards,
Clark


fredag 14 december 2012

Adf.ly abused to spread malware

Adf.ly is a little bit like bit.ly not, the different is that you get paid for every click and the visitor have to wait 5 seconds before clicking skip ads. How ever it's quite popular among less talent cyber criminals to abuse it.
Providing warez on Youtube, in description the download link can be masked from being a quite suspicious url to a short and more legit looking url. The only lame thing is that they don't usally provide a direct link after no instead they have to have some shit survey before there i just lose interested.

Enought off that
there you have screen off response off one account i have reported.
Makes me happy :)

tisdag 11 december 2012

Abusing free domain and web hosting to sell drugs [Updated]

For a few days i visited Flashback,
How ever i forgot to print screen the forum post.
And the webpage it self it a little big to be print screened but i added one off the picture to post :).


In Sweden drug's are illegal, but buying them is quite easy. A lot off web based  shops does exist and have been around for long time.

The shop i found used http://www.nick.tk to get a free .tk domain, .tk are also being abused for malware.
Tho not by the big player mostly by noob and poor malware user.

The domain thy have/had where http://spicekungen.tk/,  how ever they did not use DNS  redirct instead just a iframe. Self explaining src="http://kryddor.n.nu" after that it appear that they used n.nu to host the content it self.

<frame frameborder=0 src="http://kryddor.n.nu" name="dot_tk_frame_content" scrolling="auto" noresize>

And it turn out to be true, view-source:http://www.kryddor.n.nu/
Finally i send one mail to abuse@nick.tk and another to abuse@n.nu.
Will update once i receive a answer hope fully it's the end off that store.

According to n.nu they have closed the "site",
and a print screen off website can you view here