Monday, August 24, 2009

Bypass bandwidth management

Last week, i was informed that video streaming from the "trailers" in "Movies.yahoo.com" was fast even though the bandwidth for media streaming was "cramped".

I initally suspect that they might be streaming with low-resolution videos or by downloading and play the video on local drive. But after checking the HTML codes and sniffing the traffic, they were actually using SSL traffic. As the content were encrypted, bandwidth management device was not able to detect these traffic.

Wireshark

Many malware, Botnet, Remote access, File sharing, P2P and more these days, uses SSL to hide their presence and circumvent the detection of security devices such as firewall. SSL is a double-edge sword. It protect our sensitive traffic such as Online banking but also been used by "bad" guys to bypass security detection.

Companies should be careful in allowing SSL traffic in and out of their network. You never know what activity is happening under the cover of SSL.

Posted by w01f at 3:47 PM 0 comments
Labels: ,

Thursday, August 20, 2009

More MSN Spam

MSN Spam messageI receive some new Spam again. It was nothing new, coz i have post on MSN Spam since May (MSN spam or malicious link??).

This time around, they "recommend" slimming product and the message as follows:
- "Woah those acai berry pills are no joke I just lost like 23 pounds in two weeks, I am living proof that they work with no special diet or nothing, they only cost me five dollars over at www.towndesk.com"

The website "www.towndesk.com" (shown below) is actually selling the diet pills. But don't be easily fool by the webpage, it may contains malicious links or capture user information such as credit card numbers.

www.towndesk.com

w01f advise: If you notice, Spam messages always send when your friend's account is "offline". Be careful on message that were send when "offline", especially those that contains URL links. Make sure you check with your friend on the message/link before clicking it. It may contains malicious script for all you know.

Posted by w01f at 12:29 PM 0 comments
Labels: ,

Wednesday, August 12, 2009

Fake Antivirus... Beware!

Antivirus System PRO
Receive a suspicious file last week and did a simple behaviour analysis. It is a fake antivirus program that will claim to "scan" and "detect" several virus in your system. It will trick the user to purchase the full license by having various spyware and virus pop ups.

Major AV vendor such as McAfee, Symantec, TrendMicro were not able to detect it.

For more details on my findings, visit W01f Labs - Malware Analysis: Antivirus System PRO

Posted by w01f at 5:18 PM 0 comments
Labels: ,
Subscribe to: Posts (Atom)