Another thing about malware, as I pointed it out in my article about the AV industry, they tend to use the same code with minor modification; to be read as strains. If you’re new to this term (Malware), then I would recommend you an introductive article: Stop malware in it’s tracks.

Following the latest article on F-Secure Downadup has 2,395,963 infections worldwide. Of course this is an optimistic scenario, even for a skeptic person at numbers as I am. You can see now the big threat that malware posses, that’s why we should protect ourselves…

Greasemonkey: Malware Script Detector

Malware Script Detector is a Greasmonkey script which will:

Detect & Alert Malicious JavaScript : XSSProxy, XSS-Shell, AttackAPI, Beef. But No guarantee for full prevention of XSS-Injection threats. Many ways to bypass it such as via iframes but I’m sure it protects you from casual attackers.The main objective of developing Malware Script Detector is that I’m so much afraid of XSSProxy, XSS-Shell, AttackAPI, Beef and I want to detect them. Malicious sites intentionally embed them. Firefox XSS Warning addon can’t check this.

It’s a highly recommended script, because malware scripts can be as dangerous as normal malware. The difference is that normal malware posses little threat if you download software from official sources, and verify the checksum…

Malware Blocker

Malware Blocker is a tool useful before and after infection. The description of the program (as taken from SourceForge):

Malware-Blocker blocks communication from your computer to any server that is known to be a malicious one. It does that by replacing your HOSTS file (deep inside Windows directory) with a blacklist of malicious servers, which are redirected to 0.0.0.0

The projects last update is from February 2005. Although likely outdated it maintains a constant number of downloads, this being the reason I recommend it. Who knows what funky old school malware will you cross upon one day…

MalZilla

This is an unexpected turn, is it? First of all you would probably like to know what MalZilla is. In simple words:

Malzilla is an advanced malware-hunting tool specialized for hunting web-based exploits, decode obfuscated JavaScripts etc.

Although limited only for malware scripts I can guaranty you that its very good at it, giving you all the tools needed for such a task. More information in it’s own pdf file, which comes along with the package.

Most of you can ignore the last application presented, I would think that having the first two installed is more than enough for regular users. And no, it’s not dangerous playing with malware if you got the proper tools.

Adobe Reader oriented attack was also the malicious injection on my last hosting service…

In the recent issue of (in)SECURE Magazine, namely issue 21, there is an article named “Malicious PDF: Get owned without opening” by Didier Stevens which shown an exploit in an Adobe Reader filter which made possible successful exploitation without file opening.

When a PDF document is listed in a Windows Explorer window, the PDF column handler shell extension will be called by Windows Explorer when it needs the additional column info. The PDF column handler will read the PDF document to extract the necessary info, like the Title, Author, etc. (…) Under the right circumstances, a Windows Explorer Shell Extension will read the PDF document to provide extra information, and in doing so, it will execute the buggy code and trigger the vulnerability

Other ways how the exploit could be launched (from the explorer window) where by: selecting the pdf (left click), hovering over it and changing the folder view to “Thumbnail”.


All these previous exploitation scenarios required minimal user interaction, but the author had another card in his pocket. The JBIG2Decode vulnerability could be exploited by the Windows Indexing Service alone, the only difference being that this way the exploit would run with less privileges; namely with Local System ones…

There you have it, another reason to switch to a pdf reader alternative.

UPDATE: a resourceful article about pdf exploitation can be found here.

Another thing about malware, as I pointed it out in my article about the AV industry, they tend to use the same code with minor modification; to be read as strains. If you’re new to this term (Malware), then I would recommend you an introductive article: Stop malware in it’s tracks.

Following the latest article on F-Secure Downadup has 2,395,963 infections worldwide. Of course this is an optimistic scenario, even for a skeptic person at numbers as I am. You can see now the big threat that malware posses, that’s why we should protect ourselves…

Greasemonkey: Malware Script Detector

Malware Script Detector is a Greasmonkey script which will:

Detect & Alert Malicious JavaScript : XSSProxy, XSS-Shell, AttackAPI, Beef. But No guarantee for full prevention of XSS-Injection threats. Many ways to bypass it such as via iframes but I’m sure it protects you from casual attackers.The main objective of developing Malware Script Detector is that I’m so much afraid of XSSProxy, XSS-Shell, AttackAPI, Beef and I want to detect them. Malicious sites intentionally embed them. Firefox XSS Warning addon can’t check this.

It’s a highly recommended script, because malware scripts can be as dangerous as normal malware. The difference is that normal malware posses little threat if you download software from official sources, and verify the checksum…

Malware Blocker

Malware Blocker is a tool useful before and after infection. The description of the program (as taken from SourceForge):

Malware-Blocker blocks communication from your computer to any server that is known to be a malicious one. It does that by replacing your HOSTS file (deep inside Windows directory) with a blacklist of malicious servers, which are redirected to 0.0.0.0

The projects last update is from February 2005. Although likely outdated it maintains a constant number of downloads, this being the reason I recommend it. Who knows what funky old school malware will you cross upon one day…

MalZilla

This is an unexpected turn, is it? First of all you would probably like to know what MalZilla is. In simple words:

Malzilla is an advanced malware-hunting tool specialized for hunting web-based exploits, decode obfuscated JavaScripts etc.

Although limited only for malware scripts I can guaranty you that its very good at it, giving you all the tools needed for such a task. More information in it’s own pdf file, which comes along with the package.

Most of you can ignore the last application presented, I would think that having the first two installed is more than enough for regular users. And no, it’s not dangerous playing with malware if you got the proper tools.

Well put (the above paragraph was taken from the description found on its project page) but for me Angry IP Scanner it a fast and dirty ip scanner.

I bet you all remember your first ‘auditing’ tool, I do. You may guessed it, it is Angry IP Scanner, and it goes almost six years back… Anyway don’t want to bore you with old stories, but you can take it for granted that it is the fastest ip scanner out there.

Project Page: Angry IP Scanner

• DRM (Digital Rights Management) or Digital Restriction Managemenet how we use to call it, and by we I refer to the people behind DefectiveByDesign. Activism of which I am a part myself.
• Null backwards compatibility. This includes notebooks without drivers for lower versions of Windows.
• New standards for operating system sizes started popping up. The home version of a Vista to reach 17Gb? It’s outrageous.

And the list could go on, and on, and on. The point is that Vista may bee the future, and as I have seen Windows 7 is not far of Vista. But it was a radical change, and not in the same well accepted way that XP was.

I only wanted to share the video, and look where that took me.

www.youtube.com/watch?v=-6FnE6y9JIM