Can you build a WIFI Jammer?

I have previously blog on portable WIFI jammer and receive several feedback asking whether it is possible to build a WIFI jammer using device that transmit with frequency of 2.4GHz.

As most people know, common WIFI network such as 802.11b and 802.11g uses the frequency of 2.4 GHz. Many articles in the internet claims that it is possible to build a WIFI jammer. Some even claim that you can build your own WIFI jammer using a 2.4GHz cordless phone.

I happens to have a AV transmitter that uses 2.4GHz and decided to do this simple video to see if it can jam a WIFI connection.

How Secure is your forum login?

After doing a video on sidejacking, i received comments and feedbacks asking on bypassing other web login that does not use SSL(HTTPS). So i decided to do a simple video to show how easy to collect user's login credential on unsecured website. The most common unsecured login is Internet forum.

In this video, i will sniffed the web traffic and extracted the username and password. This particular forum uses MD5 hash to protect the password. But common hash values can be search from the Internet. Even if the hash value cannot be found(due to strong password), you can still use the captured login data to login as the user via a webproxy.

Malicious links or pop-up

Someone submitted this malicious link "http://jjxp22.cn/a/iqq.html" to me . It seems to be a pop-up or hidden link from some compromised sites.

It contains obfuscated Javascript that embed malicious Shockwave Flash, which compromise the Integer overflow vulnerbility in Adobe Flash Player 9.0.115.0 and earlier (CVE-2007-0071), which allows remote attackers to execute arbitrary code.

One of the Sample Flash file info
#######################

Filename: i16.swf
Size: 17897
MD5: 426969FD0D7324EE170D6F46BDB203B6
Virus Found: Bloodhound.Exploit.193 (Symantec)

On the VirusTotal website, 13 out of 39 AV detected it - Link.

For more details of my finding, visit W01f Labs

w01f advise: Patch up your Shockwave Flash Player and be careful on suspicious and hidden links.

You can check your Flash Player version by going to this website or to the link below -
http://www.adobe.com/software/flash/about/

MSN spam or malicious link??

I recently receive a Spam MSN message. Besides the standard URL links, they include some messages to "trick" the victim to believe that it is from your friend and click the link.

The messages i got were as follows:

- "damn, saw naked pics of yours or maybe the one in pic is similar to you :) .... crazy lol"

- "omg omg i cant belive you could be so cheap +0( lol ..."

I have try to do a quick check on the suspicious link. It will load a Flash (yet to do an analysis on it) and provide a MSN login.

Besides that, no malicious script was found on the website. I guess it is likely to be using the MSN login to harvest victim's username and password.



New updates! - 02 June 2009

I receive new spam MSN message. The message as follows:

- "WTF NO WAY did u upload these of yourself?? :s"

The link seems to be similar to the previous website, which uses the MSN login to harvest victim's username and password.





w01f advise: Make sure you check with your friend on the link before clicking it. They may contains malicious script like those that i have analysed in W01f Labs previously

W01f Labs @ work

I have just finish the behaviour analysis of a malware (collected). Below are the summary of my findings -

Filename: ~.exe
MD5: 3A03A20BFEFE3FDD01659D47D2ED76C8
Virus Found: W32/Sality (McAfee)

On the VirusTotal website, 36 out of 40 AV detected it - Link

The registry key -
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Owner\Desktop\~.exe: "C:\Documents and Settings\Owner\Desktop\~.exe:*:Enabled:ipsec" was add, which add the malware path in to the Windows firewall rules and name it as "ipsec".

The malware is also trying to connect and download more malicious payload from "peskostruikaz.com" and "shopatforgetmenot.com".

For more details of my finding, visit W01f Labs

Do feel free to submit any malware or suspicious file to me. I will share the findings in my blog.

To submit malware sample,
1> Please password protect zip the file with the password "werew01f"
2> Email me at "hack.werew01f[at]gmail[dot]com" with the subject "Malware Sample"