What I have learned that after Stuxnet cyberattack became known and was described in more-less details, many security professionals have revised the entire approach to the security protection. The common denominator for all opinions is the fact that our commonly accepted approach to IT security is not working anymore due to the new and highly sophisticated penetration tools that were developed recently. No, I am not going to discuss Stuxnet and similar, highly sophisticated software that was discussed on the Internet widely but rater down-to-earth penetration tools that is available today.
The goal of this article is to make more people aware that our poor antivirus programs may protect you from only 20 to 30% of today’s penetration software. Disagree?
Just today, I got an e-mail from “Hakin9 Mewsletter newsletteren@hakin9.org” with the following content. As is (no spell correction):
“Russia Hackers are pleased to announce RH2.5 KIT ver 2011
that people can use to hack & secure computer systems by
knowing exactly how a hacker would break into it.
Collection of Advanced Hacking Guides & Tools.
PDF Guide:
1. Advanced Hacking Guide with MEtasploit 2. Malware Development (RATS, botnets, Rootkits) 3. Convert exe into PDF, XLS, DOC, JPG 4. Exploit development guide 5. Tech Tricks (Spoofing-Sms,email,call) 6. Download any Apple Apps Free of cost |
7. Credit Card HAcking 8. Netbanking Hacking-bypass Virtual KEyboard 9. Spreading guide to Infect 100K/Victims per day 10. Advanced Email Hacking Tricks 11. SET(Social Engineering Toolkit) module 12. Links for other russian hacking sites |
Tools/Services:
{Value more than 1500 USD}
1. Polomorphic Crypter's (to make Files undetectable- bypass all AV Scantime,runtime) 2. Java Driveby FUD (deploy your exe by URL on target) 3. Immunity Canvas (Hack remote pc with IP address) 4. Paid Botnets (Spyeye,etc) 5. IRC Bots(Ganga, niger,etc) 6. Yahoo messenger zeroday exploit (run exe on target) 7. Ice pack Enterprise (execute exe using php script) 8. Bleeding_Life_V2_pack /Other Packs |
Service's: 1. One Linux Based VPS with Root access for Lab Setup (Safe & Secure) 2. VPN Double + Triple Encrypted (Hide your real Ip Address) 3. Fake Emailer with attachment 4. Email Bomber (Send 1 million emails into Inbox) 5. DDOS Attacks Shells |
for Offensive and Defensive services, Internal on-site penetration testing gives
the business the assurance it needs to conduct safely in the Internet and with business partners.
Email at: root@russiahackers.ru or russiahackers@mail.ru
Visit Site”
First of all, I am a subscriber of Hackin9 IT Security Magazine, and I am getting the news about new development in the world of IT Security. Normally, the e-mail address field “FROM” looks like this:
Hakin9 Magazine newsletteren@hakin9.org
This time, it was slightly different:
Hakin9 Mewsletter newsletteren@hakin9.org
As you see above (and I have no doubts considering miss-spells and ignorance of normal technical English) , the content of e-mail was pure advertisement with a link to the live web site that offers the both sets of tools correspondingly for $100 and $250USD.
My guess is that my e-mail account was hacked along with many others, and the Russian hackers e-mailed the information about their “products”.
Let me be honest, I am not so worrying about hacking of my e-mail account but about the “products” offered on the web site.
Let’s review some.
Convert exe into PDF, XLS, DOC, JPG
This one is the most troubling “products”. Just imagine that you are getting the file attached to your e-mail with one of the named above extensions and are trying to open it. The file immediately executes the built-in code, and voila! Your PC is infected. Does anti-virus or firewall can prevent it? I honestly doubt…
Polymorphic Crypters (to make Files undetectable- bypass all AV Scantime, runtime)
No need to give an explanation – this code will bypass all Antimalware programs.
Spreading guide to Infect 100K/Victims per day
Tutorial on how to infect hundreds of thousands of PC users per day!
SET(Social Engineering Toolkit) module
Welcome to infected Facebook and Twitter!
Netbanking Hacking-bypass Virtual Keyboard
Do you use online banking? I do, and most of my friends do, and most of their friends do, too! Now, imagine you have opened one of the infected e-mails (or e-mails with infected attachment), and you will be faced with a nasty surprise: your account has zero balance! It also could happen on-the-fly, while you are logging into your banking account.
Immunity Canvas (Hack remote PC with IP address)
If the hacker knows the IP address of your PC, it can be hacked with this tool. You are no longer a single Administrator of your computer. You will share it with “nasty boys” who can speak not only English but also Russian or Chinese! A simple IP scanner (like free LanSpy) will help to identify your computer’s hardware, operating system, many installed programs, computer domain and NetBios names, MAC address, remote control, time, discs, transports, users, global and local users groups, policy settings, shared resources, sessions, open files, services, registry and event log information. Nothing on the remote computer is hidden from them now…
Welcome to the hacking world!
Should I continue?
You may want to ask “what should I do?” I’d be very much glad and happy if I could give you a definite answer but I don’t have one. The minimum of what you can do is to EDUCATE – yourself, your family and friends, friends of your friends, and, of course, corporate users if you are responsible for secure computing at your organization. So, instead of reading stupid chain e-mails that try to scare you if you don’t resend them immediately to another 10 people (nice way to spread the malware!) your fellow citizens will read and forward the information about how to conduct the secure computing and not to become the victims of cyber-gangsters.
As for the tools that I have suggested in my previous article, they are still vital. It’s better to have some basic protection + knowledge of secure computing than to ignore it completely because those tools do not provide 100% security.
Happy and secure computing in 2011!
