[SecurityRatty] tag: torrent

TorrentReactor Compromised, 1.2M Users Database In the Wild

Thu, 16 Oct 2008 10:00:43 +0000

It appears that TorrentReactor.net, a highly popular torrent tracker, got compromised in September, with it's users database concisting of 1.2M users and TorrentReactor's source code stolen.

Despite that the attacker claiming responsibility is citing reputation enhancement as the reason for the attack, sooner or later the personal details will be sold and resold to spammers, with the possibilitity for spear phishing attacks left wide open.

Exchanging e-mails with a pirate

Tue, 14 Oct 2008 20:00:00 +0000

The Pirate Bay (TPB), one of the world's biggest torrent tracker sites, found itself embroiled in controversy last month, when a link to a torrent containing photographs of a grisly child murder in Sweden appeared on the site.

Popular BitTorrent Client Quietly Patched An Old Zero-Day Vulnerability

Thu, 14 Aug 2008 13:29:00 +0000

Popular BitTorrent client µTorrent has silently patched a vulnerability that created a means for hackers to load malware onto PCs of file sharing users by persuading them to open a poisoned Torrent file. The vulnerability has been confirmed in version 1.7.7 of µTorrent. Earlier versions may also be vulnerable. News of the bug emerged in a [...]

dont download DOM-x Media Player

Wed, 30 Jul 2008 19:30:12 +0000

Good advice over at WebToolsandTips.com

clipped from webtoolsandtips.com

DOM-x Media Player - Don’t Download this Malware

If you are not aware, DOM-x Player is a one of the many Rogue Malware programs, which are infecting more and more PCs nowadays. The mechanism of DOM-x Player installation is easy. It is generally spread through the various online file sharing sites like Rapidshare and various Torrent sites like BitTorrent. People who want to make a quick buck disguise a rogue file as a movie file. When you download it and try to run it, this gives you a link and asks you to download DOM-x Media Player. If you get into this trap to download and install DOM-x Media Player, then you may be in trouble.

Thinking out the box

Thu, 22 May 2008 01:50:00 +0000

I am going to predict the future of the WWW and how Information Security will have to adapt in the next few years.

This will take some time to secure and will take some time to get accepted but this is (IMHO) coming so brace yourselves. Life is going to get very interesting, especially for the Information Security guys out there.

This is actually not a new concept - Novell and Sun were working on these ideas about 15 years ago but the world and the Internet were not yet ready. They are now or, at least, they soon will be.

WEB 1.0
This is the Internet as we know it. HTML with some scripting for the pretty factor. Some media added in. Not much interaction. Security is easy here. Make sure that no wiggly things make it from the web onto your network. Make sure that users don't visit sites that waste time and shock people.

Web 2.0
This is the big catchword but I don't think we are where we should be. Web 2.0 is a taste of things to come but we are still chained to web 1.0 thinking. Information is swopped but format and location of information are still king. XML is just starting to come into its own and information is starting to become self-aware. The same information can be represented in totally different ways on different pages but the tools are new and websites are built around specific purposes. Sites with open APIs like Facebook are starting to take hold. Security is starting to become difficult - we have to make sure that internal data doesn't become external data.

Web 3.0
This is the new buzzword but I think it is merely more extreme web 2.0. Early examples of this are Yahoo Pipes, facebook's API etc. Sites with open tools to manage information. Information flows and is not bound to a certain site, location or format. Information Centric Security becomes key here. I think that the tools have not been developed or have not been properly developed.

Web 4.0
Cloud computing. This has been around for a while but it will soon come into its own. Combine GMail, Google Reader and technology like AJAX (of course), Google Gears and Mozilla Prism. I'm sure that Microsoft and Yahoo etc all have their own versions of the above and there will probably be some small niche players too.

Keep all the above free (with advertising) and you get a very useful and smart Office Suite that allows for collaboration and features such as backup and works wherever you are. This is exciting stuff but the assumption is that your data will be safe.

This is a bad assumption. This is Information Security's next headache. The problem with this is that like wireless and portable devices and USBs and the Internet etc etc.. cloud computing will happen. Businesses will need to do it and they will do it. We need to make it secure. Applications such as Microsoft Office etc are already terminally ill, it is just a matter of time...

The next race between Microsoft and Google and Apple will be in this space. I believe that the winner will be the one who can ensure the security of the information stored on their network.

Of course, cloud computing is a walk in the park compared to what will be next:

Web 5.0
This is where it all gets mad. Think Web 4.0 mixed with P2P such as Skype and Bit-torrent. Add in a bit of virtualisation. Your data is hosted on 100 different people's personal machines. In exchange you host 1000 people's data on your machine. A piece of your company's still-to-published annual results are split up between a mac in Japan, an iphone in brazil, 3 pcs in the US and a linux server in the UK. It is xored with Bill Gates's personal phone list and another 6 people have spare copies. If the UK box falls off the Internet then another box picks up where it left off. Processing is done by a further 3 machines, one in Namibia and 2 in China. Each time you access your data the communication takes a different route bouncing off 10 machines between you and all the places that your data is. At any one time you have no idea where your information is. Information Security becomes part of the network - all files have to be encrypted and there are numerous copies of it.

Facing Lawsuits, Pirate Bay Says They Can Pay Monopoly Money

Fri, 09 May 2008 09:54:00 +0000

When it comes to the battle between ninjas and pirates, I’m firmly on the side of swashbuckling, parrot-wielding, striped-sock-wearing pirates. Even when they don’t actually weild parrots or sport socks.

But the brave folks at the Pirate Bay seem to be faced right and left these days with international lawsuits for hosting their torrent trove of pirated treasures.

But they wouldn’t be pirates if they didn’t have witty, snarky come-backs to their pursuers — like the following.

Peter Sunde has reportedly said, in response to the latest lawsuit:

“We might be able to pay in Monopoly money. This proves that they are out of touch with reality. They might as well ask for a billion crowns. This is fear-based propaganda; they’re trying to make it sound serious when we link to things that you download from elsewhere,” Sunde told SvD. “We should send them an invoice instead. All research shows that file-sharing grows the market for the movie industry. I go by research; they make it up as they go.”

A Botnet Master's To-Do List

Sat, 26 Apr 2008 10:36:23 +0000

Directory climbing it all of its simplicity, and OSINT quality, just like it's happened before.

The process of developing malware bots that would either succeed based on the diversification of the spreading and infection vectors used, or end up as a backdoor-ed commodity for experienced botnet masters to sent to novice ones, is entirely up to the coder, or perhaps module copy and paster. Some are going as far as implementing quality assurance approaches to ensure their malware has the lowest possible detection rate, before spreading it, on the anti malware and firewall level, while others are benchmarking and setting strategic objectives to achieve before starting the process itself.

However, there are also wannabe botnet masters whose lack of understanding of the different between project management and "to-do list organization", and of course, setting their directory permissions right, leads us to a a first-hand malware bot's to-do list courtesy of the coder itself. Here's the to-do list itself, with all the static and variable features :

Spreading the malware
- NetAPI spreading
- VNC spreading
- MSN spreading
- ICQ spreading
- Email spreading
- Seeding via torrent (warez)
- Downloading (ftp & http)

DDoS features
- general ddos attacks (udp&tcp)
- tsunami ddos (push +ack flood)

Scanning features
- latest vulnerabilities scan
- exploits scann for homepages (php/perl/cgi scripts (not a priority)

Sniffers and interceptors
- bank sniffer & readers
- paypal
- boa
- egold
- nationwide
- usw.
- game reader
- steam

Misc features
- encrypted config
- better clonning function (with timer based join (no massjoin)) + fixed channel messages
- noise at network sniffer (e.g.: honeypot (tool either shutdown and/or blocked))
- invisible to task manager
- more configuration settings
- melt exe on startup (true/false)
- startup (error) message editable (e.g.: (you need windows vista to run this programm) or (successfully installed))
- undetected source code

And while this wannabe botnet master is trying to achieve self-sufficiency, thereby slowing down the development process, others are not so close minded and are actively building communities around their malware botnets by releasing the source code for free, enjoying the innovation added by third party coders wanting to contribute to the community, where the bottom line is the inevitable localization of the bot to other languages once enough features have been developed to distinguish it among the rest of the commodity malware bots.

From a wannabe botnet master's perspective, the more propagation vectors added, the higher the probability for infection, however, the probability for infection is also proportional with the probability for detection on behalf of researcher's and vendors honeyfarms. And therefore, would less noise would mean slow infection rate, but higher lifecycle due to the less noise generated? The Stormy Wormy people for instance entirely relied on perhaps the most noise generation method - email distribution with malware hosted on IPs, however, their persistence and strategy to put more efforts into ensuring that no matter samples get obtained in the first couple of minutes a campaign is launched, the botnet itself should be harder to shut down.

How the MPAA Might Enforce Copyright on the Internet

Mon, 11 Feb 2008 10:24:03 +0000

Interesting speculation from Nicholas Weaver:

All that is necessary is that the MPAA or their contractor automatically spiders for torrents. When it finds torrents, it connects to each torrent with manipulated clients. The client would first transfer enough content to verify copyright, and then attempt to map the participants in the Torrent.
Now the MPAA has a "map" of the participants, a graph of all clients of a particular stream. Simply send this as an automated message to the ISP saying "This current graph is bad, block it". All the ISP has to do is put in a set of short lived (10 minute) router ACLs which block all pairs that cross its network, killing all traffic for that torrent on the ISP's network. By continuing to spider the Torrent, the MPAA can find new users as they are added and dropped, updating the map to the ISP in near-real-time.

Note that this requires no wiretapping, and nicely minimizes false positives.

Debate on idea here.

NSM-Console and HeX update

Thu, 10 Jan 2008 09:50:00 +0000

While researching the HeX System for the pending February toolsmith, I was extremely pleased to discover NSM-Console, from Matthew Lee Hinman. I've not yet seen such an efficient, useful, all encompassing framework for offline packet analysis. NSM-Console includes modules for:
# aimsnarf
# ngrep (gif/jpg/pdf/exe/pe/ne/elf/3pg/torrent)
# tcpxtract
# tcpflow
# chaosreader
# bro-IDS
# snort
# tcpdstat
# capinfos
# tshark
# argus
# ragator
# racount
# rahosts
# hash (md5 & sha256)
# ra
# honeysnap
# p0f
# pads
# fl0p
# iploc
Consider giving both HeX System and the included NSM-Console an immediate look.

BackTrack 3 Beta is out!

Fri, 14 Dec 2007 14:10:09 +0000

Remote Exploit has done it! Again!The best security Distro, in its leanest, meanest and sexiest form ever.An official announcement is due tomorrow, and until then, the ISO and USB images are available on torrent.