Tuesday, September 30, 2014

Ello Down Due To DDOS Attack:

Ello is an ad free social network. And it is widely dubbed as rivalry for facebook. Imagine a social network site without ad, then you feel like a house in under construction. Ello looks the same but it is promising in social network.

If you read the Ello's privacy report: get clear idea...


Your Privacy is Important

As an ad-free network that does not sell data about its users to third parties, Ello has also taken unique steps that help you control how much information about you is shared when you use Ello.
Please read this document in its entirety and take it seriously. It explains Ello's privacy practices, and what information we collect when you use our web site, mobile apps, services, products, and other content; and also how you can opt-out of sharing some of this information."

Ello's privacy reports shows that they are clean and in purpose. Now we see the DDos attack.
Ello site faced a DDOS attack and appeared to be down. Ello takes corrective measures by blocking the Ip. 

In our opinion, Ello is growing more popular, so only it started facing these challenges.

Post made by 

Monday, September 29, 2014

A Codeless PE Binary File That Runs!!!

Recently, I came across article written in alex lonescu's blog. Its about the PE tricks that PE binary which having no codes.
As per his words:

the challenge is - "Write a portable executable (PE/EXE) file which can be spawned through a standard CreateProcess call and will result in STATUS_SUCCESS being returned as well as a valid Process Handle, but will not
  • Contain any actual x86/x64 assembly code section (i.e.: the whole PE should be read-only, no +X section)
  • Run a single instruction of what could be construed as x86 assembly code, which is part of the file itself (i.e.: random R/O data should not somehow be forced into being executed as machine code)
  • Crash or make any sort of interactive/visible notice to the user, event log entry, or other error condition."

He did it. 

Check the solution here: http://www.alex-ionescu.com/?cat=2

Post by newWorld

Malicious App - Windseeker (Advanced Injection And Hooking Technique)

 Very recently, our friends in Lacoon mobile security discovered a malicious app which implements the advanced injection and hooking techniques. It rise the eye brows, because they try to make in the same way of malicious routines in the PC based malware for this mobile based malware.

Eavesdrop :

The main function of this windseeker is to eavesdrop on Chinese Instant Messenger (IM) chats. The targeted device is rooted android platforms.

Threats :

Reach of the instant chat in the hand held devices such as Android phones, are now in pinnacle. These threat actors now targeting these device users with instant chat.

Lacoon quoted as follows- 
"Windseeker runs on rooted Android devices and enables the remote monitoring of two popular Instant Messaging (IM) apps, developed by Tencent (one of the largest Chinese Internet service portals):
  1. WeChat – A globally-used messaging apps boasting 100,000,000-500,000,000 downloads in the Google’s Play Store.
  2.  QQ – Mainly a Chinese-regional messaging app boasting ~800,000,000 users (a total of all mobile platforms, not just Android).
While this tool is intended for use in China due to the intended targets as Chinese instant messaging apps (WeChat and QQ) and monitored chats being in Chinese, it’s important to understand that this type of threat could be implemented anywhere."

 How this windseeker works?                                                                                                     
Using the process monitor threads, it will identify the whether instant messenger is running or not. Then it will indulge in hooking activity by injecting the malicious codes in to the process. Then it starts to spy on the IM chats. An api is called by app, and that api is already hooked which results in the spying. This is the overall picture of this windseeker malicious activity.

All in the hands of the users to aware what they installed in the devices, otherwise their privacy at risk.


Setting up breakpoints in VirtualAlloc and VirtualProtect during malware analysis:

 Malware analysts add breakpoints in functions like `VirtualProtect` and `VirtualAlloc` for several key reasons: Understanding Malware Behav...