Another Drug store http://inrikescs.webs.com/

Having some free time i decided to go after one more off those Drug Store,
Found one pretty fast on  FlashBack using webs.com (free hosting).
I read there TOS and yeah selling/offering drugs where against it so i send a mail.
They did answer pretty fast but sounds more like a automatic answer and the site is still up and running...

Thank you for notifying the Webs Abuse Department regarding a violation on a site hosted by us. Violations and abuses of our services are taken very seriously. With the enormous number of sites hosted by us, we are unable to catch violations before they happen, and at times, even after they have taken place.

All complaints and notifications are investigated and the site manager notified about the complaint and action that may be needed should they be in violation of our Terms-of-Service. Should action not be taken, the site is frozen pending deletion, unless corrective steps are taken.

We do not freeze or delete sites without investigating the complaint or notification since we do receive a large volume of false or incorrect accusations of such abuses.

You should also understand that although Webs does take responsibility for the content on sites that we host, we do not have the authority to investigate all issues, nor to prevent future violations. You should use your best judgment to contact an attorney or local authorities depending on the violation and what actions you feel need to be taken to prevent future violations by the offender.

Thank you for notifying us about the violation. We hope to take the appropriate action as soon as possible.

Best Regards,
Webs Abuse Department

Kindest Regards,

Clark

Adf.ly abused to spread malware

Adf.ly is a little bit like bit.ly not, the different is that you get paid for every click and the visitor have to wait 5 seconds before clicking skip ads. How ever it's quite popular among less talent cyber criminals to abuse it.
Providing warez on Youtube, in description the download link can be masked from being a quite suspicious url to a short and more legit looking url. The only lame thing is that they don't usally provide a direct link after no instead they have to have some shit survey before there i just lose interested.

Enought off that
there you have screen off response off one account i have reported.
Makes me happy :)

Abusing free domain and web hosting to sell drugs [Updated]

For a few days i visited Flashback,
How ever i forgot to print screen the forum post.
And the webpage it self it a little big to be print screened but i added one off the picture to post :).


In Sweden drug's are illegal, but buying them is quite easy. A lot off web based  shops does exist and have been around for long time.

The shop i found used http://www.nick.tk to get a free .tk domain, .tk are also being abused for malware.
Tho not by the big player mostly by noob and poor malware user.

The domain thy have/had where http://spicekungen.tk/,  how ever they did not use DNS  redirct instead just a iframe. Self explaining src="http://kryddor.n.nu" after that it appear that they used n.nu to host the content it self.

<frame frameborder=0 src="http://kryddor.n.nu" name="dot_tk_frame_content" scrolling="auto" noresize>

And it turn out to be true, view-source:http://www.kryddor.n.nu/
Finally i send one mail to abuse@nick.tk and another to abuse@n.nu.
Will update once i receive a answer hope fully it's the end off that store.

According to n.nu they have closed the "site",
and a print screen off website can you view here

Tool BinText from McAfee

Bintext qouted from McAfee website,

A small, very fast and powerful text extractor that will be of particular interest to programmers. It can extract text from any kind of file and includes the ability to find plain ASCII text, Unicode (double byte ANSI) text and Resource strings, providing useful information for each item in the optional "advanced" view mode. Its comprehensive filtering helps prevent unwanted text being listed. The gathered list can be searched and saved to a separate file as either a plain text file or in informative tabular format.

Download BinText here http://www.mcafee.com/uk/downloads/free-tools/bintext.aspx.


I have censor-ed the path to the file, since  the path to file else would contain my online nick.

a other notice the bot i Ounk, will share it later beside that u can actually see  it copy it self to P2P sharing folder, as well adding it self to startup :)

Have a nice day.

Creating a Obfuscater using Mono.Cecil [C#]

Short tutorial in two parts how to make a obfuscater for .net, using Mono Cecil and C#. We will use .net 4.0 for the GUI but 3.5 will be fine as well. Mono.Cecil use .net 3.5, the first part will be GUI and second part the 'code'.

 It will have the following feature
 -Drag and Drop, very friendly and easy to use.
 - Some misc feature.
 -Some picture boxes
 -And a menu stripe.

 I am aware that my tutorial about unpacking and packing .net assembly is not done. I lost the sample i had in mind using and will wait until i find a new fresh sample.

 Now back on topic, for the GUI i will use Winform since i know that pretty well compare to WPF. Open Visual Studio express, new project choose Windows Application Form. I will name it MonoObfuscater then a empty Winform should show up. Go to Properties disable the Maximizes Button. Since the Form will be pretty small and not look very good using full screen better off disabling that.

Now we add a Menu Stripe and add one label we change it text to 'About'. If the user click it the idea is that it should popup a second form with some information.

Below that we add two picture box, one for drag and drop and the other will be for user that don't like drag and drop and prefer a open FileDialog. Inside them i  choose a blue icon for drag and drop and a green for filedialog.

The Form should ate this moment look like something like this, next we will add code for the green one double click the green picture box and add the following.



Notice that we don't check extension that user choose .exe, This is think you can add later to improve but as off now we want forward.

Drag and Drop

Now we will focus on the drag and drop part,  We will use Event and that pretty easy and  use full.

Even is some thing that tricked under a special condition. We need to add two event doing that by 

selecting the other picture box and right click properties  click the yellow lighting icon and scroll down to DragDrop and DragEnter, in the empty text field double click.  Now Do that for both DragEnter and DragDrop. Once inside "MainForm" viewing the code scroll to 

public FromName()
{
InitializeComponent();
}
Inside that we add the following, this make the form allow drop and event handler for drag and drop.

Now add the following code, this will handle the drag and drop it self.




Misc notice i most off the time use iconspedia for icon's and below are links to the icon i use.
Make sure you download them as '.png'.
http://www.iconspedia.com/icon/inbox-green-icon-34984.html
http://www.iconspedia.com/icon/inbox-blue-icon-34983.html
 And thanks to doublejdesign.co.uk for the icon's :).