Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!
Hello world!
1
Nyotron: Worms that Attack Microsoft
While this particular information may be a bit dated, it shows one of the many worm attacks on Microsoft.
Reportedly, April Fool’s Day will not be too amusing for millions of computer users, as the Conficker worm is anticipated to take full effect. The Conficker worm was released to the wild in October 2008. It targets Microsoft Windows machines specifically and its symptoms manifest as network congestion, account lockout policies being reset, disabled automatic updates and error reporting for Windows, slow domain controller response, and for added fun — it blocks security-related sites.
The Conficker worm comes in three versions. Allegedly, it will infect more than 11 million computers. The third version, Conficker.C will switch gears and start polling 50,000 domains on April 1st to pull down a payload that will be executed locally on the infected machine. The intent of the code is unknown at this point. Some experts claim it will connect with other infected computers to cause unnecessary traffic that slows down networks and congests the internet while others claim it may be profit motivated and install a fake virus scan utility that asks the end user to pay to remove malicious software.
A home computer user will have an easier time clearing the worm out of their system by simply running their anti-virus software and downloading all current patches from Microsoft. Unfortunately, a network of users (such as a corporation or organization) will have a much more difficult experience. This is where more “industrial strength” solutions will be required, and supposedly leading the pack in this level of security technology is a product fittingly called Paranoid.
Nyotron describes Paranoid as “a comprehensive security solution designed for monitoring system events on user end points and uses a pure heuristic behavior patterns based technology”. This system specializes in preventing Zero-day attacks, while simultaneously providing protection from exploits, malware, trojans, viruses, and worms. Though we’ve heard that Paranoid was the only security system that detected the previous variant of the Conficker, this previous worm is still not a good example of all that Paranoid can do. Apparently,a worm that random
ly affects the security of a system is much easier to detect versus a targeted/Zero-day attack. Nevertheless, Nir Gaist, CTO and co-founder of Nyotron is taking the responsibility upon himself to find a solution to this threat, “because if something major happens from this worm, that’s our problem,” so he says.
Nir Gaist, CTO Nyotron
Gaist says all other security systems are protecting organizations from the threats that are globally spread and randomly targeted. They don’t, however, protect these networks from the directed threats. This is where Paranoid’s technology holds a competitive advantage. Most security software technology is generally based on signatures. When downloading updates, you’re downloading protections only for viruses that are known and have already attacked tens or hundreds of thousands of users. The chance that the individual end user will be one of those victims is actually small. Paranoid provides protection for networks that are at a high risk from an attack designed specifically against them with a unique signature.
Image, courtesy Nyotron Information Systems
Among Nyotron’s customers are businesses in many sectors, Governmental, Financial, Healthcare, Education, National Security, Critical Networks, Communication, Infrastructure etc. As the Zero-day threat is becoming significantly intimidating to the enterprise network, Nyotron’s solution is reportedly only real solution enabling network security administrator to “detect the undetected,” claim the folks at Nyotron.
Image, courtesy Nyotron Information Systems
“No one yet knows what will happen on April 1st or after,” Gaist says. “It also doesn’t help to detect who is behind this worm, but clearly it took a large investment of time and money to start this.” There are speculations about this worm that range from it turning out to be a prank, a benign test of security systems, or even a way to eliminate pirated versions of the Windows OS (one cannot download patches for it without a valid license). Or, it may be just what it seems, a malignant attack to bring down networks worldwide. Obviously, that’s a risk not many are willing to take, especially in the enterprise space.
The Hack Defined: What is Hacking
Hacking (English verb to hack, singular noun a hack) refers to the re-configuring or re-programming of a system to function in ways not facilitated by the owner, administrator, or designer.
The term(s) have several related meanings in the technology and computer science fields, wherein a “hack” may refer to a clever or quick fix to a computer program problem, or to what may be perceived to be a clumsy or inelegant (but usually relatively quick) solution to a problem, such as a “kludge“.
The terms “hack” and “hacking” are also used to refer to a modification of a program or device to give the user access to features that were otherwise unavailable, such as by circuit bending. It is from this usage that the term “hacking” is often incorrectly used to refer to more nefarious criminal uses such as identity theft, credit card fraud or other actions categorized as computer crime; there being a distinction between security breaking and hacking, a better term for security breaking would be “cracking”.
Hack Origins
The term was used pejoratively by mathematician John Nash. When he became a C.L.E Moore Instructor at Massachusetts Institute of Technology (MIT) in 1951, he brought this put down with him.
The term achieved widespread use in the 1960s and its meaning then evolved to a quick, elaborate and/or bodged solution students devised for a technical obstacle; it was used with hacker, meaning one who discovers and implements a hack. The Jargon File, a glossary of slang from technical cultures at the MIT AI Lab, the Stanford AI Lab, Bolt, Beranek and Newman, Carnegie Mellon University, Worcester Polytechnic Institute, and others gave the tongue-in-cheek derivation “German word meaning ‘someone who makes furniture with an axe’”. This derivation was carried through when the Jargon File was eventually published as “The Hacker’s Dictionary” in 1983 and later republished as “The New Hacker’s Dictionary”. However any student of German will know that the German word ‘Hacker’ (literal translation: “someone who chops”) has nothing to do with making furniture, and that the derivation was intended as a wise-crack.
Over time, the meaning of the word there was expanded, perhaps through contact with the amateur radio community. It came to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. In the term “hack value” it also acquired a meaning of anything that was simultaneously fun and clever.
The initial hacker community at MIT, particularly those associated with the Tech Model Railroad Club, applied this pre-existing local slang to computer programming, producing the variant which first came into common use outside MIT.
Hack History
The term “hack” was first used by US university computing centre staff in the mid-1960s. The context determined whether the complimentary or derogatory meanings were implied. Phrases such as “ugly hack” or “quick hack” generally referred to the latter meaning; phrases such as “cool hack” or “neat hack”, to the former. In modern computer programming, a “hack” can refer to a solution or method which functions correctly but which is “ugly” in its concept, which works outside the accepted structures and norms of the environment, or which is not easily extendable or maintainable (see kludge). The programmer keeps beating on it until a solution is found. The jargon used by hackers is called “Hackish” (see the Jargon file). This should not be confused with “1337″ or “leetspeak.”
In a similar vein, a “hack” may refer to works outside of computer programming. For example, a math hack means a clever solution to a mathematical problem. The GNU General Public License has been described as a copyright hack because it cleverly uses the copyright laws for a purpose the lawmakers did not foresee. All of these uses now also seem to be spreading beyond MIT as well.
On many internet websites and in everyday language the word “hack” can be slang for “copy”, “imitation” or “rip-off.”
We Control The Net Tagged: definition hack hacking history origin
Warez Identified and Broken Down
Welcome to the World of Free Warez
The word warez is intended as a plural of “ware”, short for computer software. Thus it is intended to be pronounced like the word wares, /ˈwɛərz/, but people commonly pronounced the e, /ˈwɑrɛz/, as in the English pronunciation of Juárez.
“Warez” refers primarily to copyrighted works traded in violation of copyright law. The term generally refers to illegal releases by organized groups, as opposed to file sharing between friends or large groups of people with similar interest using a darknet. It usually does not refer to commercial for-profit software counterfeiting. This term was initially coined by members of the various computer underground circles, but has since become commonplace among Internet users and the mass media.
Types of warez
There is generally a distinction made between different sub-types of warez. The unusual spellings shown here were commonly used as directory names within a compromised server, to organize the files rather than having them all thrown together in a single random collection. In many cases, the trailing ‘s’ at the end of a directory is substituted with a ‘z’ as a form of warez branding.
- 0-day warez (pronounced as zero day warez sometimes as “0 days”) – This refers to any copyrighted work that has been released the same day as the original product, or sometimes even before. It was considered a mark of skill among warez distro groups to crack and distribute a program on the same day of its commercial release.
- Apps – Applications: Generally a retail version of a software package.
- Cracks – Cracked applications: A modified executable or more (usually one) and/or a library (usually one) or more and/or a patch designed to turn a trial version of a software package into the full version and/or bypass anti-piracy protections.
- Dox – Computer game add-ons: These include nocds, cracks, trainers, cheat codes etc.
- EBooks (e-books) – Books: These include pirated eBooks, scanned books, scanned comics, etc.
- Games – Games: This scene concentrates on both computer based games, and video game consoles, often released as ISO or other format disk image.
- Keygens – KeyGen software are tools that replicate the registration/activation process of a genuine software product and generate the necessary keys to activate the software.
- Movies – Movies: Pirated movies, can be released while still in theaters or from CDs/DVDs/Blu-ray prior to the actual retail date.
- MP3s – MP3 audio: Pirated albums, singles, or other audio format usually obtained by ripping a CD or a radio broadcast and released in the compressed audio format MP3.
- MVids (Music videos) – Can be ripped from TV, HDTV and DVDs.
- NoCDs, NoDVDs, FixedExes – A file modification that allows an installed program to be run without inserting the CD or DVD into the drive.
- Portables – Similar to RIP, but refers to software or old/low size games (usually under 100 MB). The point of portable software is the fact that it can be placed on removable media (or any place on the local hard drive) and doesn’t need installing; usually it is compressed into one executable file, by using software like VMware ThinApp or MoleBox.
- RIPs – A variant of games/gamez that doesn’t have to be installed, a registry entry can be included as a .reg file. RIP games can be ripped of music and/or video files, or, for console games, ROMs, thus decreasing the size of the download. RIPs with nothing ripped out sometimes are referred to as DP (direct play).
- Scripts – Scripts: These include pirated commercial scripts (such as vBulletin, Invision Power Board, etc) coded by companies in PHP, ASP, and other languages.
- Subs – Subtitles: can be integrated in a TV-Rip or Movie.
- Serials – Refers to a collection of keys made available for the purpose of activating trial software, without payment.
- Templates – Templates: These include pirated commercial website templates coded by companies.
- TV-Rips – Television programs: Television shows or movies, usually with commercials edited out. Can be released within a few hours after airing. DVD Rips of television series fall under this sub-type.
We Control The Net Tagged: cracking piracy warez
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=837d1c89-50e6-469d-8612-5bf66820696f)
What is Malware, Anyway?
***Alert You Have Malware! OMG You’re DOOMED!***
We have all had at least a few of those memories, right? The out of no place warning, impending system DOOM! Ok, enough drama, this is the real question “What the hell is malware anyway?”
Malware, short for malicious software, is software designed to infiltrate a computer system without the owner’s informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term “computer virus” is sometimes used as a catch-all phrase to include all types of malware, including true viruses.
Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, crimeware, most rootkits, and other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several U. S. states, including California and West Virginia.
Malware is not the same as defective software, that is, software that has a legitimate purpose but contains harmful bugs.
Preliminary results from Symantec published in 2008 suggested that “the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications.” According to F-Secure, “As much malware [was] produced in 2007 as in the previous 20 years altogether.” Malware’s most common pathway from criminals to users is through the Internet: primarily by e-mail and the World Wide Web.
The prevalence of malware as a vehicle for organized Internet crime, along with the general inability of traditional anti-malware protection platforms to protect against the continuous stream of unique and newly produced professional malware, has seen the adoption of a new mindset for businesses operating on the Internet – the acknowledgment that some sizable percentage of Internet customers will always be infected for some reason or other, and that they need to continue doing business with infected customers. The result is a greater emphasis on back-office systems designed to spot fraudulent activities associated with advanced malware operating on customers’ computers.
On the 29th March 2010, Symantec Corporation named Shaoxing, China as the world’s malware capital.
Many early infectious programs, including the first Internet Worm and a number of MS-DOS viruses, were written as experiments or pranks generally intended to be harmless or merely annoying rather than to cause serious damage to computers. In some cases the perpetrator did not realize how much harm their creations could do. Young programmers learning about viruses and the techniques wrote them for the sole purpose that they could or to see how far it could spread. As late as 1999, widespread viruses such as the Melissa virus appear to have been written chiefly as pranks.
Hostile intent related to vandalism can be found in programs designed to cause harm or data loss. Many DOS viruses, and the Windows ExploreZip worm, were designed to destroy files on a hard disk, or to corrupt the file system by writing invalid data. Network-borne worms such as the 2001 Code Red worm or the Ramen worm fall into the same category. Designed to vandalize web pages, worms may seem like the online equivalent to graffiti tagging, with the author’s alias or affinity group appearing everywhere the worm goes.
However, since the rise of widespread broadband Internet access, malicious software has come to be designed for a profit motive, either more or less legal (forced advertising) or criminal. For instance, since 2003, the majority of widespread viruses and worms have been designed to take control of users’ computers for black-market exploitation. Infected “zombie computers” are used to send email spam, to host contraband data such as child pornography, or to engage in distributed denial-of-service attacks as a form of extortion.
Another strictly for-profit category of malware has emerged in spyware — programs designed to monitor users’ web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues to the spyware creator. Spyware programs do not spread like viruses; they are, in general, installed by exploiting security holes or are packaged with user-installed software, such as peer-to-peer applications.
We Control The Net Tagged: alert explanation malware warning
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=2c104dfb-7949-47a8-b78c-dd644ee268a0)
Cracking Software: History and Methods Refresher
Software cracking is the modification of software to remove or disable features which are considered undesirable by the person cracking the software, usually related to protection methods: copy protection, trial/demo version, serial number, hardware key, date checks, CD check or software annoyances like nag screens and adware.
The distribution and use of cracked copies is illegal in almost every developed country. There have been many lawsuits over cracking software, but most had to do with the distribution of the duplicated product rather than the process of defeating the protection, due to the difficulty of constructing legally sound proof of individual guilt in the latter instance. In the United States, the Digital Millennium Copyright Act (DMCA) made software cracking, as well as the distribution of information that facilitates software cracking, illegal. However, the law has hardly been tested in U.S. courts in cases of reverse engineering for personal use only. The European Union passed the EU Copyright Directive in May 2001, which makes software copyright infringement illegal as the member states pass legislation pursuant to the directive
Cracking History
The first software copy protection was on early Apple II, Atari 800 and Commodore 64 software. Software publishers, particularly of gaming software, have over time resorted to increasingly complex measures to try to stop unauthorized copying of their software.
On the Apple II, unlike modern computers that use standardized device drivers to manage device communications, the operating system directly controlled the step motor that moves the floppy drive head, and also directly interpreted the raw data (called nibbles) read from each track to find the data sectors. This allowed complex disk-based software copy protection, by storing data on half tracks (0, 1, 2.5, 3.5, 5, 6…), quarter tracks (0, 1, 2.25, 3.75, 5, 6…), and any combination thereof. In addition, tracks did not need to be perfect rings, but could be sectioned so that sectors could be staggered across overlapping offset tracks, the most extreme version being known as spiral tracking. It was also discovered that many floppy drives did not have a fixed upper limit to head movement, and it was sometimes possible to write an additional 36th track above the normal 35 tracks. The standard Apple II copy programs could not read such protected floppy disks, since the standard DOS assumed that all disks had a uniform 35-track, 13- or 16-sector layout. Special nibble-copy programs such as Locksmith and Copy II Plus could sometimes duplicate these disks by using a reference library of known protection methods; when protected programs were cracked they would be completely stripped of the copy protection system, and transferred onto a standard format disk that any normal Apple II copy program could read.
One of the primary routes to hacking these early copy protections was to run a program that simulates the normal CPU operation. The CPU simulator provides a number of extra features to the hacker, such as the ability to single-step through each processor instruction and to examine the CPU registers and modified memory spaces as the simulation runs. The Apple II provided a built-in opcode disassembler, allowing raw memory to be decoded into CPU opcodes, and this would be utilized to examine what the copy-protection was about to do next. Generally there was little to no defense available to the copy protection system, since all its secrets are made visible through the simulation. But because the simulation itself must run on the original CPU, in addition to the software being hacked, the simulation would often run extremely slowly even at maximum speed.
On Atari 8-bit computers, the most common protection method was via "bad sectors". These were sectors on the disk that were intentionally unreadable by the disk drive. The software would look for these sectors when the program was loading and would stop loading if an error code was not returned when accessing these sectors. Special copy programs were available that would copy the disk and remember any bad sectors. The user could then use an application to spin the drive by constantly reading a single sector and display the drive RPM. With the disk drive top removed a small screwdriver could be used to slow the drive RPM below a certain point. Once the drive was slowed down the application could then go and write "bad sectors" where needed. When done the drive RPM was sped up back to normal and an uncracked copy was made. Of course cracking the software to expect good sectors made for readily copied disks without the need to meddle with the disk drive. As time went on more sophisticated methods were developed, but almost all involved some form of malformed disk data, such as a sector that might return different data on separate accesses due to bad data alignment. Products became available (from companies such as Happy Computers) which replaced the controller BIOS in Atari’s "smart" drives. These upgraded drives allowed the user to make exact copies of the original program with copy protections in place on the new disk.
On the Commodore 64, several methods were used to protect software. For software distributed on ROM cartridges, subroutines were included which attempted to write over the program code. If the software was on ROM, nothing would happen, but if the software had been moved to RAM, the software would be disabled. Because of the operation of Commodore floppy drives, some write protection schemes would cause the floppy drive head to bang against the end of its rail, which could cause the drive head to become misaligned. In some cases, cracked versions of software were desirable to avoid this result.
Most of the early software crackers were computer hobbyists who often formed groups that competed against each other in the cracking and spreading of software. Breaking a new copy protection scheme as quickly as possible was often regarded as an opportunity to demonstrate one’s technical superiority rather than a possibility of money-making. Some low skilled hobbyists would take already cracked software and edit various unencrypted strings of text in it to change messages a game would tell a game player, often something not suitable for children. Then pass the altered copy along in the pirate networks, mainly for laughs among adult users. The cracker groups of the 1980s started to advertise themselves and their skills by attaching animated screens known as crack intros in the software programs they cracked and released. Once the technical competition had expanded from the challenges of cracking to the challenges of creating visually stunning intros, the foundations for a new subculture known as demoscene were established. Demoscene started to separate itself from the illegal "warez scene" during the 1990s and is now regarded as a completely different subculture. Many software crackers have later grown into extremely capable software reverse engineers; the deep knowledge of assembly required in order to crack protections enables them to reverse engineer drivers in order to port them from binary-only drivers for Windows to drivers with source code for Linux and other free operating systems.
With the rise of the Internet, software crackers developed secretive online organizations. In the latter half of the nineties, one of the most respected sources of information about "software protection reversing" was Fravia’s website.
Most of the well-known or "elite" cracking groups make software cracks entirely for respect in the "The Scene", not profit. From there, the cracks are eventually leaked onto public Internet sites by people/crackers who use well-protected/secure FTP release archives, which are made into pirated copies and sometimes sold illegally by other parties.
The Scene today is formed of small groups of very talented people, who informally compete to have the best crackers, methods of cracking, and reverse engineering.
Cracking Methods
The most common software crack 
is the modification of an application’s binary to cause or prevent a specific key branch in the program’s execution. This is accomplished by reverse engineering the compiled program code using a debugger such as SoftICE, OllyDbg, GDB, or MacsBug until the software cracker reaches the subroutine that contains the primary method of protecting the software (or by disassembling an executable file with a program such as IDA). The binary is then modified using the debugger or a hex editor in a manner that replaces a prior branching opcode with its complement or a NOP opcode so the key branch will either always execute a specific subroutine or skip over it. Almost all common software cracks are a variation of this type. Proprietary software developers are constantly developing techniques such as code obfuscation, encryption, and self-modifying code to make this modification increasingly difficult.
A specific example of this technique is a crack that removes the expiration period from a time-limited trial of an application. These cracks are usually programs that patch the program executable and sometimes the .dll or .so linked to the application. Similar cracks are available for software that requires a hardware dongle. A company can also break the copy protection of programs that they have legally purchased but that are licensed to particular hardware, so that there is no risk of downtime due to hardware failure (and, of course, no need to restrict oneself to running the software on bought hardware only).
Another method is the use of special software such as CloneCD to scan for the use of a commercial copy protection application. After discovering the software used to protect the application, another tool may be used to remove the copy protection from the CD or DVD. This may enable another program such as Alcohol 120%, CloneDVD, Game Jackal, or Daemon Tools to copy the protected software to a user’s hard disk. Popular commercial copy protection applications which may be scanned for include SafeDisc and StarForce.
In other cases, it might be possible to decompile a program in order to get access to the original source code or code on a level higher than machine code. This is often possible with scripting languages and languages utilizing JIT compilation. An example is cracking (or debugging) on the .NET platform where one might consider manipulating CIL to achieve one’s needs. Java’s bytecode also works in a similar fashion in which there is an intermediate language before the program is compiled to run on the platform dependent machine code.
Advanced reverse engineering for protections such as Securom, Safedisc or StarForce requires a cracker, or many crackers to spend much time studying the protection, eventually finding every flaw within the protection code, and then coding their own tools to "unwrap" the protection automatically from executable (.EXE) and library (.DLL) files.
There are a number of sites on the Internet that let users download cracks for popular games and applications (although at the danger of acquiring malicious software that is sometimes distributed via such sites). Although these cracks are used by legal buyers of software, they can also be used by people who have downloaded or otherwise obtained pirated software (often through P2P networks).
We Control The Net Tagged: crack cracking software warez