Welcome to cissp CISSP training Certified Information Systems Security Professional
Search
Nickname Password Security Code Security Code Type Security Code  

CompTIA Security+ Tutorial CBT quiz cram

Become a Cyber Warrior get the CEH V8 now

Rated #1 Training

Best hacking and penetration testing  magazine in the world

Surveys

Where do you find the best price for books?

Amazon.Com
Bookpool.Com
The ISC2 webstore
CISSPS.COM
Cheapbooks.com
Ecampus.com
Other (Please leave a comment with name of site)



Results
Polls

Votes 2103

Who's Online

There are currently, 73 guest(s) and 1 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
cissp CISSP training Certified Information Systems Security Professional: Virus

Search on This Topic:   
[ Go to Home | Select a New Topic ]

Sykipot variant hijacks DOD and Windows smart cards
Posted by boss on Monday, 23 January 2012 @ 08:49:17 CET (1916 reads)
Topic Virus

cdupuis writes "
January 12th, 2012 | Posted by jaime.blasco 

Defenses of any sort, virtual or physical, are a means of forcing your attacker to attack you on your terms, not theirs. As we build more elaborate defenses within information security, we force our attacker’s hand. For instance, in many cases, implementing multi-factor authentication systems just forces the attacker to go after that system directly to achieve their goals. Take the breach at RSA, for example. It has been attributed to attackers who needed the SecurID information to go after their real targets in the defense industry.

Recently, our lab has been talking about Sykipot:

 

As we discussed, this malware has been used to launch targeted attacks via “spear phishing” campaigns against targets mainly in the US, since around 2007. According to our research, these attacks originate from servers in China with what appears to be the purpose of obtaining information from the defense sector: the same sector that makes extensive use of PC/SC x509 Smartcards for authentication.

Smartcards have a long history of usage in the Defense Sector, for both physical and information access management, and historically have merely forced attackers to route around the smartcard authentication system through other, more vulnerable attack vectors.

It should come as no surprise, then, that we recently discovered a variant of Sykipot with some new, interesting features that allow it to effectively hijack DOD and Windows smart cards. This variant, which appears to have been compiled in March 2011, has been seen in dozens of attack samples from the past year.

Like we have shown with previous Sykipot attacks, the attackers use a spear phishing campaign to get their targets to open a PDF attachment which then deposits the Sykipot malware onto their machine (the attackers here took advantage of a zero-day exploit in Adobe). Then, unlike previous strains, the malware uses a keylogger to steal PINs for the cards. When a card is inserted into the reader, the malware then acts as the authenticated user and can access sensitive information. The malware is controlled by the attackers from the command & control center.

Click Here to get a whole lot more details on the attack

"

(Read More... | Score: 0)


Microsoft Standalone System Sweeper Beta
Posted by boss on Tuesday, 07 June 2011 @ 19:47:31 CEST (3370 reads)
Topic Virus

cdupuis writes "

 

NOTE FROM CLEMENT:

Microsoft is coming out with bootable tool to attempt cleaning up your PC if it is infected by malware.  It is presently in beta, see the details below:

Thank you for contacting Microsoft Support. You have been directed here to download and install the beta version of Microsoft Standalone System Sweeper Beta, a recovery tool that can help you start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware. In addition, Microsoft Standalone System Sweeper Beta can be used if you cannot install or start an antivirus solution on your PC, or if the installed solution can’t detect or remove malware on your PC.

Microsoft Standalone System Sweeper Beta is not a replacement for a full antivirus solution providing ongoing protection; it is meant to be used in situations where you cannot start your PC due to a virus or other malware infection. For no-cost, real-time protection that helps guard your home or small business PCs against viruses, spyware, and other malicious software, download Microsoft Security Essentials*.

To get started, please make sure that you have a blank CD, DVD, or USB drive with at least 250 MB of space. Next, download and run the tool – the tool will help you to create the bootable media required to run the software on your PC.

download 32-bit version download 64-bit version


Should I download the 32-bit or 64-bit version?

  1. Whether you download the 32-bit or the 64-bit version of the Microsoft Standalone System Sweeper Beta depends on the architecture (32-bit or 64-bit) of the Windows operating system of the computer infected with a virus or malware. See the Microsoft Help and Support article for instructions on how to determine whether a computer is running a 32-bit version or 64-bit architecture of the Windows operating system.

  2. Ordinarily, the bootable media is created on a computer that is not infected. The architecture of Microsoft Standalone System Sweeper Beta does not have to be the same as the Windows operating system of the computer used to create the bootable media. It does need to be the same architecture (32-bit or the 64-bit) as the Windows operating system of the computer infected with a virus or malware.

* Your PC must run genuine Windows to install Microsoft Security Essentials. Learn more about genuine Windows. Internet access fees may apply.

Read the Microsoft Standalone System Sweeper Beta Privacy Statement and License Agreement.

See the details at:  http://connect.microsoft.com/systemsweeper

"

(Read More... | Score: 0)


Viruses and Digital Signatures
Posted by boss on Saturday, 06 March 2010 @ 07:29:21 CET (1882 reads)
Topic Virus

cdupuis writes "
Recently, Symantec received some malicious files which appeared to be signed by “Adobe Systems Incorporated”. On closer inspection, however, it was seen that the signature was just a ruse used by the malware author to give an air of legitimacy to the files. Virus writers are getting smarter and going that extra mile to digitally sign their files. Using this technique the malware authors could, for example, penetrate an environment where only signed files are allowed but the authenticity of the signature is not checked.
 
Although the files are signed, they are signed using an unauthenticated CA (Certificate Authority) which is masquerading as Verisign. A CA is a trusted third party that issues and signs the certificate and vouches for the authenticity of the file. Each CA should be registered and therefore recognized globally as a trusted signer. The signature on the certificate is verified by the signer’s public key.
 
What the malware authors have tried here is to create their own CA and attempt to use it to sign these malicious files. They chose a misleading name for their CA, namely "Verisign", but their private key used for signing will obviously be different from the authentic Verisign CA key. Therefore this renders their CA untrustworthy so that, while the file still has a valid signature, it is not from the real Verisign CA.
 
Also, although the file is correctly signed by a company called "Adobe Systems Incorporated," that company has been certified by their fake Verisign CA and therefore has no meaning or relation to the real "Adobe Systems Incorporated."
 
Shown below are the real and fake Verisign CA signed files. On the left you can see that the certificate chain is not trusted all the way to the root where as on the right side (a real Adobe file) the certification chain is trusted up to the root.
 
 

 

certificates.jpg

path.jpg

On Windows machines with User Access Control enabled, a warning similar to the one shown below will be displayed (warning that the publisher is unknown).
 
 

warning_1a.jpg

 
So, in a nutshell, creating “authentic-looking” certificates to make malicious files look legitimate is a trick which virus writers are employing to challenge today’s sophisticated security mechanisms. We have written about certificates being abused previously. The following blog article has more information: Phishing Toolkits Attacks are Abusing SSL Certificates
 
So, play safe, and check the authenticity of the signature whenever one is present.

See original article on the Symantec Blog at:  http://www.symantec.com/connect/blogs/viruses-and-digital-signatures
"

(Read More... | Score: 0)


To conficker or not to Conficker
Posted by boss on Thursday, 02 April 2009 @ 17:34:23 CEST (2835 reads)
Topic Virus

cdupuis writes "

The conficker worm has been out there for a long time under difference variants.  Lots of people are asking themselves if they are infected or not.  I have a couple tools listed below that can help you identify if you are infected or not.  Also there is a link below to Open DNS.  I have been using Open DNS lately and I am really amazed at how it can help you protect your system and control what your browser connect to as well. OpenDNS will block the worm when it attempts to connect to other sites, it renders it ineffective and it can protect you against phishing and many other forms of exploitation.   They also provide nice statistic about web surfing habit of your users and sites that were blocked as well.  All of these are FREE and do provide you with nice features.


RESOURCE #1 - THE CONFICKER EYE CHART

This is a simple page created by the Conficker Work Group, the page has images, according to what images can be displyed on the page it can tell you if you are possible infected by Conficker or not. 

The conficker working group is at: http://www.confickerworkinggroup.org/wiki/

From the URL above you can access the test page for the Conficker worm.

INFO ON CONFICKER

Conficker, also known as Downup, Downandup, Conflicker, and Kido, is a computer worm that surfaced November 21st, 2008 with Conficker.A and targets the Microsoft Windows operating system. The worm exploits a known vulnerability (MS08-067) in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, and Windows 7 Beta. The latest variant (Conficker.C) will begin checking for a payload to download on March 31st, 2009. Conficker.A and Conficker.B variants continue to check for payloads each with a distinct domain generation algorithm.

A lot more details can be obtained on the Conficker Working Group web site listed above.

 

RESOURCE #2 - THE OPENDNS SERVICE

HERE IS A DESCRIPTION FROM THEIR WEBSITE:

OpenDNS is a free service that works for networks of all sizes, from home networks to K-12 schools, SMBs and large enterprises. Learn more about how OpenDNS can benefit you by selecting your network type on the left.

Here are just a few reasons millions of people have already made the switch:

Security
  • Industry-leading anti-phishing protects everyone on your network from fraudulent phishing scams.
  • Award-winning Web content filtering gives you the power to block up to 50 categories of content.
  • Detailed statistics empower you to understand your network traffic and spot trends before they become problems.
Infrastructure
  • Our globally distributed network makes Web sites load noticeably faster on your network.
  • Anycast routing technology makes your Internet more reliable, freeing you of intermittent outages.
Navigation
  • Browser Shortcuts let your users map a short term to a long URL via the address bar.
  • Typo correction auto-corrects the most common typos in top-level domains.
  • OpenDNS Guide provides helpful search results when your users try to visit a Web site that isn't resolving.

HOW CAN OPENDNS HELP ME WITH CONFICKER

Here at OpenDNS we’ve spent the past several months working to keep you safe from the Conficker worm. Using the OpenDNS service is widely considered to be one of the easiest and most guaranteed ways to protect your network. And today we roll out a free Conficker detection tool to give you actionable insight into whether or not you have Conficker on your network.

As David mentioned here, we’re in a unique position as your DNS provider of choice to block the worm at the DNS level and prevent it from phoning home. We’re also in a unique position to tell you, based on DNS queries coming from your account, if your network has been infected with Conficker. Log into your OpenDNS account now and you’ll see a banner indicating you either have Conficker or you don’t. This is a tremendously valuable service, and representative of a key innovation on the DNS. If you have friends or colleagues not using OpenDNS yet, we urge you to recommend the service.

Go to the OpenDNS web site at:  http://www.opendns.com/ for more details.

Be safe

Clement

 

 

"

(Read More... | Score: 0)


60 Sites for Free Online Virus, Trojan, Spyware and Malware Scan
Posted by boss on Wednesday, 18 March 2009 @ 15:59:13 CET (4740 reads)
Topic Virus

cdupuis writes "

---------- Forwarded message ----------
From: PrakashP
Subject: 60 Sites for Free Online Virus, Trojan, Spyware and Malware Scan

Hello Team,

Here is the list of 60 Free Online Virus, Trojan, Spyware and Malware Scanners on which you can test any malicious file for virus infection.

Most online virus scanning service requires an ActiveX control to install, but do not require to download any installer or setup executable to install any software program, thus minimizing conflict or interference with existing av security product. It’s also useful when you’re not allowed to install security software, or want to perform multiple engine checks with ease. However, some online virus scanner requires user to upload the file to scanning server, useful if you receive a file sent by friends via email or instant messaging, but unable to perform a full disk scan, check and test on your computer.

Hope Teams working on Antivirus products will find it really useful.


1.        Kaspersky Online Virus Scanner
http://www.kaspersky.com/virusscanner
2.        Panda ActiceScan 2.0
http://www.pandasecurity.com/activescan/index/
3.        Dr.Web Online Link Checker (scan virus infection of files on web page including those linked via scripts and frames without downloading to user’s computer)
http://online.drweb.com/?url=1
4.        CA eTrust Virus Scanner
http://www.ca.com/us/securityadvisor/virusinfo/scan.aspx
5.        Virus Chaser for Web
http://www.viruschaser.com/enwi/4_01.jsp
6.        BitDefender Online Scanner
http://www.bitdefender.com/scan8/ie.html
7.        Trend Micro HouseCall
http://housecall.trendmicro.com/
8.        ESET Online Scanner
http://www.eset.com/onlinescan/
9.        Symantec Security Check (Security Scan and Virus Detection)
http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&plfid=24&pkj=RHLFXZDNNXGEQGGYYFK
10.        ewido (AVG) Online Spyware Scanner with Cleaning or Removal
http://www.ewido.net/en/onlinescan/
11.        a-squared Web Malware Scanner (aka WindowsSecurity Online Trojan Scanner for Trojans, Backdoors, Worms, Dialers, Spyware/Adware, Keyloggers, Rootkits, Hacking Tools, Riskware and TrackingCookies)
http://www.emsisoft.com/en/software/ax/?scan=1
12.        ArcaBit Online Scanner
http://arcaonline.arcabit.com/scanner.html
13.        avast! Online Scanner (one file each time)
http://onlinescan.avast.com/

Click on Read More... below this article to view the whole list

"

(Read More... | 15656 bytes more | Score: 0)


RUBotted (Beta) from Trend Micro
Posted by boss on Saturday, 24 May 2008 @ 10:10:24 CEST (2985 reads)
Topic Virus

cdupuis writes "

Overview

Malicious software called Bots can secretly take control of computers and make them participate in networks called “Botnets.” These networks can harness massive computing power and Internet bandwidth to relay spam, attack web servers, infect more computers, and perform other illicit activities.

Security experts believe that millions of computers have already joined Botnets without the knowledge of their owners. By using remotely-controlled computers, the criminals in charge of the Botnets try to remain anonymous and elude authorities seeking to prosecute them.

RUBotted monitors your computer for suspicious activities and regularly checks with an online service to identify behavior associated with Bots. Upon discovering a potential infection, RUBotted prompts you to scan and clean your computer.

Using RUBotted

To use RUBotted, just make sure that your computer has a working Internet connection. If your computer connects to the Internet through a home network, RUBotted can use your current network settings automatically.


RUBotted system tray icon (Offline)

If your computer connects to the Internet through a proxy server, then click Settings on the main screen of RUBotted to specify the proxy server settings.

Removing Bots

If a Bot infects your computer, the RUBotted system tray icon changes to alert you.


RUBotted system tray icon (Botted)

Because Bots are typically computer worms (malicious software that can propagate from one computer to another), you must scan and clean your computer with an effective antivirus program to remove them.

If you have an antivirus program installed, download the latest update and scan your computer.

To scan and clean your computer for free, visit HouseCall online.

System Requirements Operating System:

  • Windows 2000 Professional (with the latest Service Pack installed)
  • Windows XP Professional or Home Edition (with the latest Service Pack installed)
  • Windows 2003 Server (with the latest Service Pack installed)
  • Windows Vista (32-bit version only, with the latest Service Pack installed)

Hardware:

  • Intel Pentium 350MHZ (minimum)
  • 250MB of free hard drive space
  • IPv4 Internet connection

Note: RUBotted cannot protect computers running Panda Internet Security 2008.

Although Trend Micro does not provide free technical support for Trend Micro RUBotted, you may send your feedback to us . We will do our best to incorporate suggestions into future versions of Trend Micro RUBotted.

See more info at: http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted

"

(Read More... | Score: 5)


Detecting A Suspected Botnet
Posted by boss on Thursday, 24 May 2007 @ 18:02:17 CEST (2695 reads)
Topic Virus

NofinerWeb writes "A college student was complaining this fall about his Windows XP computer at college grinding to a halt and being useless at times. He received warnings that his C drive was full. That couldn't be! He has a 32GB partition for C drive! What the heck? What filled it up?

I walked him over the phone suggesting files he could remove, apps to uninstall, temp and log files to delete. We got it some more breathing room. But it soon filled up again. He brought it to me over break. I checked and even though the properties said C drive had 0 space free, I would check the individual folders and they surely did not add up even close to 32GB's worth.

Browsing the internet got painfully slow and halted at times. Other weird and odd behaviors happened he now recalls. Browsing the web was a futile maneuver. Applications took forever to start up. Something was not right....

I finally searched for all files >1mb in size on C drive, unhiding system files, etc. I deleted tons of unnecessary files. I was able to free up 27GB worth!!! Now, after reboot, the system seemed to be normal operation, not halting. After checking and editing some startup files, checking antivirus and antispyware configuration, etc. I rebooted again. Right away, the system was taking too long to boot up.

Finally, Spy Sweeper popped up a warning that it was blocking activity, a transmission attempt to a very weird internet address. The destination URL was: 80gw6ry3i3x3qbrkwhxhw.032439.com THANK YOU WEBROOT SPY SWEEPER for great detective work! I entered the URL above into a Google search and low and behold, the URL above is known to be a bad site connected with bot-network activity.

See: http://staff.science.uva.nl/~delaat/snb-2005-2006/p12/report.pdf
(Interesting read if you have time....how they are thinking to analyze and put into databases the internet traffic to identified bad sites, observing dns domain name server traffic that is uncommon, anomalies....in a new approach to intrusion detection systems.) Interesting, I recall seeing several dozen large video files, in some legit program directory, that I found I was unable to delete. I was baffled. I now suspect maybe the bot-network had installed these *.avi files...maybe changed to read-only, maybe renamed them to AVI and they maybe were being used in some way? Or maybe this bot-nework had hidden other files somehow. But because I was able to see and delete many files to recover 27 GB, I don't think they were hidden. I am guessing that many files were renamed and placed within legit folders to keep them low key, under the radar.

Some bot-networks use your computer as a transfer station, maybe they are into trafficking video or music files and need a storage server and use your machine for that purpose. In doing clean up, file deletions, disabling some start up file activities....I apparently deleted or interrupted the Trojan or root kit long enough on this PC so that Webroot Spy Sweeper was again active, and at the next reboot, the botnet-bot activity was finally uncovered. CAUGHT YA! He had Webroot Spy Sweeper program loaded and I looked at the activity logs. It recorded events months ago, then nothing appeared for a while. It seems that Spy Sweeper was brought down the whole semester when his computer was attacked and the botnet was installed.

Trying to remove botnets, Trojans and root kits is very difficult, time-consuming and leaves you concerned that it is really clean. I chose to back up his data, reformat the hard drive and reinstall Windows XP from scratch. This was the best way to gain trust again in a compromised system.

User education in using the computer safely, (avoiding peer-to-peer file sharing is one suggestion) was given. In summary, there is great value in using tools like Webroot Spy Sweeper to detect and confirm a suspected and devious threat!

For additional security hardening tips for Windows computers, go to my web site at www.homecomputingsecurity.com
"

(Read More... | Score: 0)


Viruses, Phishing, and Trojans For Profit
Posted by boss on Tuesday, 24 October 2006 @ 18:40:53 CEST (2427 reads)
Topic Virus

cdupuis writes "Hacking for money: An interesting article by Kelly Martin from SecurityFocus on the new trend of hacking for profit. We have to wake up and realize that it is no longer kids doing hacking for fun. Maybe it is time to get a bit more serious about all of this. Read extract below and I encourage you to click on the link to read the full story.

Kelly Martin,

Following the 2006 International Virus Bulletin Conference, Kelly Martin takes a look at the profit motives of the cyber criminals behind modern viruses, targeted trojans, phishing scams and botnet attacks that are stealing millions from organizations and individuals.

Virus Bulletin 2006, the international virus conference, was held in Montreal this year. Just a few weeks ago I was fortunate enough to attend many of the presentations, which ranged from topics of targeted trojan attacks, botnets and new methods of botnet coordination, to the growing criminal element behind viruses. It's sometimes shocking to see how much the virus world has changed in the last few years. I'd wager that if there was just one overall theme of the conference, it was about criminals and the new profit motive behind today's malware. Long gone are the days when viruses were made by hackers just for fun.

My favorite quote taken from the excellent, low-key conference was during a panel discussion on fighting cyber crime: "If anyone in the audience is a member of organized crime, please raise your hand." [laughter]

There's big money on the criminal side of viruses these days. The past two or three years has seen a dramatic rise in for-profit virus activity at every level, from the people running botnets and making money off spyware to widespread phishing attacks and various trojans that encrypt a user's data and request a ransom. There are countless viruses that are used to send out a very large amount of spam, which is quite profitable. There's money laundering and organized crime involved, because the dollar amounts are becoming huge. And then there's the whole range of aggregate identity and credit card theft plus the targeted trojans that can be used to steal millions of dollars from just one company. Money, money, and viruses. The situation is getting pretty grave, indeed.

I'd like to look at the profit motive in some detail, to understand this dangerous new trend. First allow me to lump together the myriad of today's for-profit virus threats into just two camps, for the purpose of this column: those threats that target the Little Guy, like individuals and individual organizations (via targeted trojans, general trojans, rootkits and targeted hacking), and those amalgamated threats that target Big Populations (via botnets, tonnes of spam, and spyware). The virus folks behind both camps seek to steal money, information and identities. But they work in different ways.

Scammers and spammers work on the aggregate

Attacks against Big Populations tend to skim a little bit of money off many people. A teenager or young adult controlling a botnet can make a six figure income, from between just a few hundred dollars to many thousands of dollars each month. They install spyware on the infected machines in the botnet, and sleazy spyware companies pay them real money for it. They also sell access to the botnet for spamming, and they make money from this by the hour. They can also point their botnet at a casino, poker, or porn website and extort money from the owners by threatening to issue a Distributed Denial-of-Service attack, which would take the company offline. Or, they can just log everything on the thousands (or hundreds of thousands, or even millions) of machines in a typical botnet, aggregate the logs up and sell them by the megabyte. Inside those logs might be credit card numbers, online banking passwords, Social Security Numbers, and much more. Many botnet owners don't yet focus on this, as they are more interested in stealing a little bit away from everyone.

I think it's fair to say that the criminals running botnets, until a few years ago, didn't realize the kind of power they had. I'd argue that they still don't, as there is a treasure trove of information on each machine that is not being mined to its fullest. But the day is coming.

Read all about it at:
http://www.securityfocus.com/print/columnists/419

"

(Read More... | Score: 0)


Guidance on Mitigating Risks From Spyware
Posted by cdupuis on Saturday, 06 August 2005 @ 00:00:00 CEST (2529 reads)
Topic Virus

Guidance on Mitigating Risks From Spyware FIL-66-2005
July 22, 2005


Summary:? The FDIC is issuing the attached guidance to financial institutions recommending an effective spyware prevention and detection program based on an institution's risk profile. This guidance and the attached informational supplement discuss the risks associated with spyware from both a bank and consumer perspective and provide recommendations to mitigate these risks.

Highlights:
Spyware refers to software that collects information about a person or organization without their knowledge or informed consent and reports such data back to a third party.
Spyware is designed to collect personal or confidential information, some of which can be used to compromise a bank's systems or to conduct identity theft.
The guidance recommends practices that banks should employ to prevent and detect spyware on their own computers.
The guidance also suggests practices that banks should recommend to customers to ensure the security of the online banking relationship.
Continuation of FIL-66-2005
Distribution:
FDIC-Supervised Banks (Commercial and Savings)

Suggested Routing:
Chief Executive Officer
Chief Information Security Officer

Related Topics:


GLBA, Section 501b
FFIEC Information Security Handbook, issued November 2003
Guidance on Developing an Effective Computer Virus Protection Program (see FIL 62-2004, issued June 7, 2004)
Interagency Informational Brochure on Phishing Scams (see FIL-113-2004, issued September 13, 2004)
Guidance on the Risks Associated with Instant Messaging (see FIL 84-2004, issued July 21, 2004)
Putting an End to Account- Hijacking Identity Theft Study, issued December 2004

Attachment:
Informational Supplement: Spyware Prevention and Detection

Informational Supplement: Spyware Prevention and Detection - PDF 32k (PDF Help)?
http://www.fdic.gov/news/news/financial/2005/fil6605a.pdf


(Read More... | Score: 0)


Anti-Virus Evasion Techniques and Countermeasures
Posted by cdupuis on Wednesday, 08 December 2004 @ 09:59:35 CET (4070 reads)
Topic Virus

Hi all,

This is the announcement for the publication of one of my article called "Anti-Virus Evasion Techniques and Countermeasures" at InfoSecWriters (http://www.infosecwriters.com/).

This article was already released by hackingspirits.com and at the FD list on 3rd Dec, 2004 but I had to uphold the announcement at SecurityFocus since I was planning to make few more enhancement in it but then I decided to write a next version of this article which will have more advance techniques of AV evasions.

The objective of this article is to demonstrate different possible ways that viruses and worms coders use to evade any Anti-Virus products while coding malicious programs and at the same time I also explained about the countermeasures techniques to prevent against such attacks.

This article will also try to educate various kind computer users in the simplest way to deal with viruses and worms and defend against such malicious attacks where the AV engine become helpless when special techniques are used by this malicious codes to prevent detection.

Download "Anti-Virus Evasion Techniques and Countermeasures" from the following link:

http://www.hackingspirits.com/eth-hac/papers/whitepapers.asp

For any comments and feedback, mail me at :
debasis_mty at yahoo dot com
or
debasis at hackingspirits dot com

Thanks & Regards,

Debasis Mohanty
www.hackingspirits.com


(Read More... | Score: 0)


NEW HORIZON failed to deliver on their CISSP Course Promises
Posted by cdupuis on Wednesday, 03 March 2004 @ 10:25:45 CET (5723 reads)
Topic Virus

Anonymous writes "This week a member of CCCure.Org has reported back on his SAD experience using NEW HORIZON as his training provider for a CISSP course.

Hello Clement
Well, sir my course at New Horizons for CISSP came to an abrupt stop. Its seems the course and my instructor was not cutting the mustard.???I could not believe it. Boy was I pissed , after the second day they just canceled the class and sent everyone back to work. I just shelled out $100 for a reschedule fee for my CISSP exam date.

This is really sad to see such thing happening to one of our member, what is even sadder in this case is the training provider not taking his share of responsibility by covering expenses that the students incurred or will have to incur due to their inability to deliver.? The least the provider can do in such a case is to reimburse the students for expenses related to hotel, transportation, meals and also rescheduling fee.? Any training provider that cares about his company name and it's clients would definitively offer some compensation package.? I do hope New Horizon will take their responsibility seriously and cover your financial damage.?

As I have mentioned in the past.? The instructor delivering a course does make a world of difference.? Ask by name who your instructor will be.? As your training provider how many classes were delivered by this instructor for the specific subject you are being trained on.? As them how many years of SECURITY experience the instructor has.? Ask for previous course survey that has been sanitized to see how students were satisfied with their overall experience.? It is your money and it is NOT uncommon to ask those questions.? Do ask them.

Clement

"

(Read More... | Score: 5)


Detailed virus information
Posted by cdupuis on Wednesday, 26 June 2002 @ 20:52:01 CEST (2258 reads)
Topic Virus

22th of June 2002

If you are like me, you probably are tired of subscribing to numerous mailing list to know what is going on with the virus world. You no longer have to, take a look at the Security News block located on the left side of the main page. I have just added a new item called: Virus Information

On one single page you will find what are the most prevalent virus, you will find a list of new virus with their level of threat, you will also find find link to detect if you are a victim of hoax, latest virus signature from Trend Micro and more.

Ensure that you take a couple minutes to click on the ADVANCED VIRUS NEWS at the bottom of the main virus info page. This will take you to a world map where you can track virus according to your specific region of the globe, to specific time frame and a lot more.

A very big Thank You! to the people of www.e-worxs.com for developing this fantastik module.

Cl?ment (cdupuis@cccure.org)


(Read More... | Score: 0)


Recommended Training

Become a Cyber Warrior get the CEH V8 now

Login here

Nickname

Password

Security Code:
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

CCCure Partners

BRAZIL


Logical IT

Best Security Training in Brazil

São Paulo
Rio de Janeiro
Belo Horizonte
Fortaleza
Brasilia


USA


SecureNinja.Com

SecureNinja Dojo


CANADA


CISSP Montreal
CISSP Ottawa
CISSP Toronto
CISSP Quebec City
CISSP Vancouver
CISSP Winnipeg


MIDDLE EAST


CISSP Dubai
CISSP Abu Dhabi
CISSP Qatar
CISSP Kuwait
CISSP Oman

THE OISSG GROUP
The OISSG serving the Middle East security needs


EUROPEAN UNION


CISSP Dublin, Ireland
CISSP London, UK
CISSP Edinburgh, Scotland
ESPION

Best security training you can get in Ireland

 



Kudelski Security
Cyber Academy

CISSP Exam
Preparation Program

Lausanne, Switzerland

Geneva, Switzerland

Kudelski Security


AFRICA


Lagos, Nigeria
CISSP and Security Training
Digital Encode


The best security training in Lagos and Nigeria

Most Active Members

· 1: side_winder
Total points: 15456
· 2: webplu9
Total points: 15228
· 3: Lopezco
Total points: 8514
· 4: cdupuis
Total points: 8214
· 5: cissp_newbie
Total points: 7593
· 6: mikeyoung_fla
Total points: 5536
· 7: Vladimir
Total points: 4613
· 8: damoose
Total points: 3526
· 9: MMM
Total points: 2969
· 10: educk
Total points: 2619

Today's Big Story

There isn't a Biggest Story for Today, yet.

Random Headlines

Past Articles

There isn't content right now for this block.

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2007 by CCCure.Org, and the site maintainers Clement Dupuis and Nathalie Lambert. Reuse is strictly prohibited without written permission of CCCure.Org or it's maintainers.

This web site is not associated directly or indirectly with ISC2, the SANS Institute, ISACA, or other certification authority. The GCFW, CISSP, SSCP, ISSEP, ISSMP, CISA, and CISM are all the property of their respecful owners. The content of this site is provided to you freely due to the generosity of our sponsors.


  • Career
  • Magazines
  • Conferences
  • Study Books
  • Certifications
  • Training
  • Tutorials
  • Quizzes
  • Forums

  • Page Generation: 0.48 Seconds