blog trackingRealtime Web Statistics Windows Archives - Page 10 Of 18 - Gregory D. Evans | Worlds No. 1 Security Consultant | Gregory D. Evans | Worlds No. 1 Security Consultant - Part 10

Posts Tagged ‘Windows’

Windows password crack with Metasploit & BackTrack 4

Dimostrazione di intrusione in un sistema M$ Win XP attraverso la distribuzione Linux Backtrack e il software Metasploit… Search delle password SAM di windows in formato md5 Software utilizzati: Win XP SP2 virtualizzato Linux distribuzione BackTrack 4 virtualizzato Virtual Box, per la virtualizzazione Metasploit per penetrare nel sistema…..

View full post on National Cyber Security

Windows password crack with Metasploit & BackTrack 4

Dimostrazione di intrusione in un sistema M$ Win XP attraverso la distribuzione Linux Backtrack e il software Metasploit… Search delle password SAM di windows in formato md5 Software utilizzati: Win XP SP2 virtualizzato Linux distribuzione BackTrack 4 virtualizzato Virtual Box, per la virtualizzazione Metasploit per penetrare nel sistema…..

View full post on National Cyber Security

Why Mac users should care about Windows malware

Although Macs are more likely to carry Windows malware than Mac malware, Mac users need to keep their systems clean

Follow @tsamson_IW

A Sophos researcher stirred up the Mac masses this week when he reported that 20 percent of Mac computers carry Windows malware. The good news is that even though Macs are capable of harboring Windows-targeting viruses and Trojans, those machines can’t be harmed by the malware in all but exceptional cases. The bad news, though, is that Mac users can still spread that malware to Windows machines in a number of ways.

Sophos senior technology consultant Graham Cluley reported earlier this week on a Sophos study that found that one in five Macs carries one or more instances of Windows malware and that one in 36 Macs are infected with Mac malware.

Some critics of Cluley’s article have taken issue with his view that “although most of the malware we’re currently seeing on Macs is designed to infect Windows, you should still be a responsible member of society and ensure that you’re keeping your Mac squeaky clean.”

Again, Windows malware won’t hurt a Mac, but a Mac user can inadvertently pass along that malware to a colleague’s or friend’s Windows machine in a number of ways. Cluely provided InfoWorld with the following examples:

  • Forwarding malware-infected emails to Windows-using friends and colleagues
  • Sharing files with Windows colleagues and friends (using USB sticks, Dropbox, or the like)
  • If Web development is done on a Mac, infected files (be they executable or HTML/JS infections) can end up being transferred to a Web server and shared with the world

What’s more, Mac machines aren’t entirely immune to Windows malware if they’re, say, running Parallels. “When you run Parallels, or any virtual machine software that runs a full copy of Windows, it’s just like you’re running Windows when you’re in that VM, and all the same rules apply,” InfoWorld security expert Roger Grimes said via email.

Unless you run Windows on your Mac, the notion of loading resource-intensive antivirus software simply for the sake of protecting a peer or friend’s Windows machine may not sit well. Bill Cole, a system admin, thoughtfully weighed in on the subject in his blog:

One of the reasons Mac users have been reluctant to adopt AV software is that it is perceived as bloatware that does nothing of direct value for a Mac user. Is it worth the AV overhead for the average Mac user to know when he has surfed past a page that has IE-specific evil JavaScript in it or when the latest blatant phish in his Junk folder is recognized specifically as containing a Windows attack vector? Not really. Flashback and PubSab change that analysis significantly, but not enough for a lot of Mac users. Maybe if the major AV vendors could claim to have prevented infections before Apple’s sluggish fix for the Java hole they would be more convincing.

As both Cole and Cluley noted, the emergence of Mac malware like Flashback points to the fact that Macs are becoming increasingly targeted by malware as the Mac platform continues to gain popularity. “Clearly, the Windows malware on Macs isn’t as big a problem as Mac malware actually running on Macs, but the fact that some of the Windows malware we found on Macs was five years old underlines that many Mac users simply aren’t taking security seriously at all,” Cluely told InfoWorld.

In other words, it would behoove Mac users to start taking necessary precaution to better protect their machines, just as it would suit vendors (hey, how about Apple?) to develop the sort of security software that Mac users will want to use. Mac malware will only increase, and down the road, we might start seeing instances of malware capable of infecting both Macs and Windows.

“There are very, very few examples of malware that have payloads that work on both Mac and Windows. The ones that do exist aren’t common in the wild,” said Grimes. “As our Web standards become more standard (with Web services, HTML5, and so on), we can expect payloads to become cross-platform, because the bad guy can at least infect and exploit within the hosting browser environment. I expect a future headline within a year or two to announce the arrival of popular cross-platform malware.”

This story, “Why Mac users should care about Windows malware,” was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.

Article source:

View full post on National Cyber Security » Virus/Malware/Worms

Macs Crawling With Windows Malware, Study Finds

One in five Mac computers is carrying malware that could spread to PCs, according to a new research from security vendor Sophos. The security team ran its Mac antivirus software on 100,000 Mac computers. It found that most of the malware found is directed at Windows PCs, so Macs harboring the infections don't show any symptoms.

View full post on malware — Yahoo! News Search Results

View full post on National Cyber Security » Virus/Malware/Worms

Macs more likely to carry Windows malware than Mac malware, Sophos says

IDG News Service – One in five Mac computers is likely to carry Windows malware, but only one in 36 is likely to be infected with malware specifically designed for the Mac OS X, according to study performed by antivirus firm Sophos.

Sophos collected malware detection statistics from 100,000 Mac computers that run its free antivirus product and found that 20% of them contained one or more types of Windows malware.

When stored on a Mac, Windows malware is inactive and can’t do any harm, unless that computer has Windows installed as a secondary OS.

However, such malicious files can still be transferred unknowingly by Mac users to Windows machines via file sharing, USB memory sticks, external hard disk drives and other removable media devices.

Sophos’ analysis also revealed that 2.7% of the 100,000 scanned Macs were actually infected with Mac OS X malware and a large part of those infections, 75%, were with the Flashback Trojan.

Flashback is a family of Mac OS X malware distributed through social engineering and automated Web exploits. Sophos’ products detect applications from this malware family as OSX/Flshplyr.

A recent Flashback variant that appeared at the end of March and spread by exploiting a vulnerability in the Java browser plug-in, managed to infect almost 700,000 Mac computers.

Around 650,000 Macs are still infected with it, despite Apple releasing a patch for the Java vulnerability and a Flashback removal tool, according to a report released on Friday by antivirus firm Doctor Web.

The second most common type of malware detected by Sophos’ Mac antivirus product was OSX/FakeAV, with 18% of the total. OSX/FakeAV is a family of Mac OS X scareware applications that includes fake antivirus programs like Mac Defender, which first appeared in May 2011.

OSX/RSPlug, a Mac OS X version of the DNSChanger computer Trojan, was the third most common detection and accounted for 5.5% of the total. This malware forces infected computers to use rogue DNS (Domain Name System) servers controlled by attackers.

The rogue DNS servers used by the DNSChanger botnet were seized by the FBI last year and were temporarily replaced with good ones, to allow the malware’s victims to clean their computers.

The replacement servers are scheduled to be shut down on July 9, but according to the FBI, there are still 350,000 computers infected with the malware. If the servers are shut down, those computers will no longer be able to access the Internet.

“Some Apple fans might feel relieved that they are seven times more likely to have Windows malware on their Macs than Mac OS X-specific threats, but they shouldn’t be,” said Graham Cluley, a senior technology consultant at Sophos, in a blog post on Tuesday. “What Mac users really need to do is protect their computers now (there really is no excuse, free anti-virus software is available for Mac home users), or risk allowing the malware problem on Macs to become as big as the problem on PCs in the future.”

View full post on National Cyber Security

How To JAILBREAK iPhone 4S & iPad 2 iOS 5.0.1 (Mac & Windows) Greenpois0n ABSINTHE [OFFICIAL]

iPhone 4S Jailbreak! iPad 2 Jailbreak! !!!RELEASED!!! FULL iPHONE 4S & iPAD 2 JAILBREAK TUTORIAL! DOWNLOAD THE JAILBREAK HERE: Absinthe v0.2 (Windows) Download Here: Absinthe v0.1.2-2 (Mac) Download Here: The Jailbreak for iOS 5.0 & 5.0.1 for the iPhone 4S and iPad 2 is FINALLY OUT! The NEW Greenpois0n Absinthe Jailbreak was just released and is vey easy to use. The simple process requires you to connect your iPhone 4S or iPad 2 to your computer and just hit the “Jailbreak” button. After it goes through the entire process, you just have to open up the new “Absinthe” application which will appear on your iPhone 4S or iPad 2. Once it loads completely, your device will reboot and you should have Cydia Installed on your device! That’s all there is to it! Do take note that many people are attempting to Jailbreak currently so you might have to keep trying to access the website and/or application! JUST KEEP TRYING! Linux Version COMING SOON! Social Network: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Forums: Facebook Twitter: Google+: Extra Tags: untether “ios 5.0 untethered” “iOS 5.0.1″ iOS5.0.1 iOS 5.0.1 501 ios5 “iOS 5″ Jailbreak Unlock “iPhone 4″ iPad Tethered untethered Redsn0w redsnow greenpoison EAsy “how to” ultrasn0w ultrasnow mac windows

View full post on National Cyber Security

Microsoft Windows RT tablets will be more security friendly than iPad, Android devices

Microsoft can perform a type of network access control on Windows RT devices as a way to protect corporate networks from harm these devices might inflict if put to corporate use, making them a cut above iPads and Android tablets in this regard.

The newly announced capability can check the devices for compliance with corporate policies surrounding passwords, encrypting data, antivirus, anti-spyware and auto updates, according to the Building Windows 8 blog. This is similar but less comprehensive than what some NAC schemes do in order to keep devices that don’t comply from connecting to networks.

Previously Microsoft had announced four flavors of Windows 8 — Windows 8, Windows 8 Pro, Windows 8 Enterprise and Windows RT — with Windows RT lacking many of the features included in the Enterprise edition that might make the devices more palatable to businesses.

BACKGROUND: Windows RT tablets will add to the BYOD nightmare

TEST YOURSELF: The Windows 8 Quiz

Windows RT is the name Microsoft has given to a Windows 8 operating system that is packaged with ARM-based hardware such as power-efficient tablets. They are expected to ship later this year or early next. The devices don’t support applications that run on standard x86/64 machines, and until now, would accept Metro-style applications designed for Windows 8 only directly from Microsoft.

None of this made Windows RT seem any more BYOD-friendly than Android tablets or iPads.

But a client announced by Microsoft will monitor the security posture of the devices and enable downloading proprietary business applications to them. The client will communicate with an undefined cloud-based management platform that will be announced later by the team working on Microsoft’s System Center.

The client’s main function is to download and install Windows 8 Metro-style applications that are designed to work on both x86/64 and ARM devices. Without the agent, owners of Windows RT devices can only download applications that are stocked in the Windows Store or via Windows Update or Microsoft Update.

But Microsoft recognizes that businesses will create their own Windows 8 Metro apps that they want to deploy to personal Windows RT devices that employees might want to use for work, according to the blog.

The client makes this possible by connecting to the corporate management infrastructure and to a self-service portal, which displays applications that are available for each user to download. This provides a mechanism to download proprietary line-of-business Metro apps to employees without placing them in the public Windows Store. As the blog says, “… there is no reason to broadcast these applications to others or to have their application deployment managed through the Windows Store process.”

If the business or the owner of the device decides to remove it from corporate management, the client wipes out the proprietary apps.

Before users can connect their Windows RT devices to the management service, their Active Directory settings must be changed to allow it and to specify how many devices they are allowed to connect via SSL authentication. The process involves registering the device with the network.

Each user authorized to use the management service must be specified within Active Directory as someone allowed to connect devices. Once connected, the client makes daily maintenance reports about the hardware, applies changes to settings policies on the devices, reports on compliance with those policies and updates the proprietary apps as needed.

The client also informs the management platform whenever users initiate application installation from the self-service portal, the blog says.

Administrators can set security parameters the devices must comply with such as maximum failed logins, lockout after a maximum period of inactivity, requiring passwords of specified length and complexity, imposing enabled and expired dates on passwords and maintaining password history.

The agent can also set up VPN connections automatically to the management infrastructure so users don’t have to do it manually. The client also reports the status of drive encryption, auto update, antivirus and anti-spyware.

“Leveraging this compliance information, IT admins can more effectively control access to corporate resources if a device is determined to be at risk,” the blog says. “Yet once again, the user’s basic experience with the device is left intact and their personal privacy is maintained.”

Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at and follow him on Twitter!/Tim_Greene.

Read more about software in Network World’s Software section.

Article source:

View full post on National Cyber Security » Spyware/ Cyber Snooping

Ransomware prevents Windows from starting

A new ransomware variant prevents infected computers from loading Windows by replacing their master boot record (MBR) and displays a message asking users for money, according to security researchers from Trend Micro.

“Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code,” said Cris Pantanilla, a threat response engineer at Trend Micro, in a blog post. “Right after performing this routine, it automatically restarts the system for the infection take effect.”

The MBR is a piece of code that resides in the first sectors of the hard drive and starts the boot loader. The boot loader then loads the OS.

Instead of starting the Windows boot loader, the rogue MBR installed by the new ransomware displays a message that asks users to deposit a sum of money into a particular account via an online payment service called QIWI, in order to receive an unlock code for their computers.

“This code will supposedly resume operating system to load and remove the infection,” Pantanilla said. “When the unlock code is used, the MBR routine is removed.”

As the name implies, ransomware applications hold something belonging to the victim in ransom until they pay a sum of money. This type of malware is considered the next step in the evolution of scareware, malicious programs that scare users into paying money.

The majority of ransomware applications disable important system functionality or encrypt documents and pictures, but this is the first ransomware program that Trend Micro researchers have seen replacing the MBR to prevent the system from starting.

This represents a serious escalation in ransomware techniques. While users can still run security tools to clean their systems of traditional ransomware applications and even recover some files, if Windows doesn’t start at all, like in this case, the remediation procedure becomes much more difficult.

Repairing the MBR is no trivial matter and usually requires booting from the Windows installation disk, getting into the recovery command console and typing special commands.

Ransomware infections are typically more common throughout Eastern Europe and South America, but this type of malware is slowly gaining traction in other regions of the world as well. Some variants that impersonate law enforcement agencies and ask victims to pay fictitious fines have recently been detected in Western Europe.

“Though overshadowed by other more newsworthy threats, ransomware attacks are definitely not out of picture. In fact, this threat appears to be flourishing, as evidenced by the growth of ransomware infections in other parts of Europe,” Pantanilla said.

Article source:

View full post on National Cyber Security » Computer Hacking

Microsoft issues first Windows 8 patch for Consumer Preview

Microsoft has delivered six security updates to patch 11 vulnerabilities in Windows, Internet Explorer (IE), Office and several other products, including one bug that attackers are already exploiting, while the company also issued the first patch for Windows 8 Consumer Preview, the beta-like build Microsoft released at the end of February.

But it was MS12-027 that got the most attention.

“Things got a bit more interesting,” said Andrew Storms, director of security operations at nCircle Security, “because Microsoft is reporting limited attacks in the wild.”

Flaws that attackers exploit before a patch is available are called “zero-day” vulnerabilities.

The single vulnerability patched in MS12-027 is in an ActiveX control included with every 32-bit version of Office 2003, 2007 and 2010; Microsoft also called out SQL Server, Commerce Server, BizTalk Server, Visual FoxPro and Visual Basic as needing the patch.

Storms, other security experts and Microsoft, too, all identified MS12-027 as the first update users should install.

Word and WordPad vulnerability

Hackers are already using the vulnerability in malformed text documents, which when opened either in Word or WordPad — the latter is a bare bones text editor bundled with every version of Windows, including Windows 7 — can hijack a PC, Microsoft acknowledged in a post to its Security Research Defense (SRD) blog.

“We list MS12-027 as our highest priority security update to deploy this month because we are aware of very limited, targeted attacks taking advantage of the CVE-2012-0158 vulnerability using specially-crafted Office documents,” said Elia Florio, an engineer with the Microsoft Security Response Center.

Microsoft did not disclose when it first became aware of the attacks, or who reported the vulnerability to its security team.

Storms speculated that an individual or company had been attacked, uncovered the bug and notified Microsoft.

Microsoft rarely deploys a patch “out of cycle,” meaning outside its usual second Tuesday of every month schedule. The last such update was shipped in December 2011, and was the first for that year.

Also affected is software written by third-party developers who have bundled the buggy ActiveX control with their code or called it. Those developers will have to provide their own updates to customers.

Drive-by download

“Any developer that has released an ActiveX control should review the information for this security bulletin,” said Jason Miller, manager of research and development at VMware. “These developers may need to release updates to their own software to ensure they are not using a vulnerable file in their ActiveX control.”

Attackers can also exploit this bug using “drive-by download” attacks that automatically trigger the vulnerability when IE users browse to a malicious site, Microsoft admitted.

That means the flaw patched by MS12-027 is a double threat. “There are two attack scenarios. There’s the malicious website scenario and then RTF documents, which are pretty common,” Miller said.

Miller expects to see attackers glom onto the vulnerability once they have a chance to analyze the bug and craft their own exploits. “More and more will jump on this this month,” Miller argued.

Wolfgang Kandek, chief technology officer at Qualys, agreed. “Now that the advisory is published, other malware authors will be looking at it to see what’s there,” Kandek said. “We’re sure to see more attacks against this vulnerability.”


Eight of the 11 bugs patched — including the one in MS12-027 — were rated “critical” by Microsoft, its highest threat ranking. Another was pegged “important,” and the remaining two were tagged as “moderate.”

Microsoft identified MS12-023, a five-patch fix for IE, as the other update to roll out ASAP.

The company typically releases an IE security update in even-numbered months; on those months, security professionals usually recommend that users apply the browser update first.

Not this month.

“MS12-027 trumps the IE update this month,” said Miller.

Storms also remarked on the downgrading of the IE bulletin. “When has there been a month when IE hasn’t been the one to patch first?” Storms asked. “I can’t remember one.”

Two of the five vulnerabilities in MS12-023 were rated critical for IE9, the newest edition of Microsoft’s browser that runs on Windows Vista and Windows 7.

Other bulletins applied to Windows, .NET, Microsoft’s VPN (virtual private networking) tool and Office 2007 and the ancient — and no longer sold — Microsoft Works.

Windows 8 patch

Miller pointed out that MS12-024, which patches a critical vulnerability in all supported versions of Windows, also applies to Windows 8 Consumer Preview.

Although the MS12-024 advisory does not mention Windows 8 Consumer Preview, anyone running that sneak peek will be offered the update, said Miller. Computerworld confirmed that MS12-024 was among several other non-security fixes Microsoft delivered to Windows 8 today.

According to Qualys, the bug in MS12-024 lets hackers hitch a ride inside legitimate software installation packages.

Amol Sarwate, manager of Qualys’ vulnerability research lab, said the vulnerability would be very attractive to purveyors of phony antivirus software, a category often called “scareware” or “rogueware.”

April’s six security updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

Article source:

View full post on National Cyber Security » Computer Hacking

Microsoft Fixes Critical Vulnerability in Windows Common Controls

April’s Patch Tuesday update delivers six bulletins — including a critical fix for a core flaw that affects a long list of Microsoft applications.

View full post on eSecurityPlanet RSS Feed

View full post on National Cyber Security

Page 10 of 18« First...«89101112»...Last »

My Twitter

Gregory D. Evans On Facebook