DNS Changer Malware- its effects and how to secure your computer from this

DNSChanger Malware has been infecting computers from November last year.

The roughly half a million devices are still infected with DNSChanger.

Infected machines had their Domain Name System settings altered so websites would redirect to servers controlled by the criminals. The scammers reportedly earned millions in affiliate and referral fees by diverting users through those sites.

Computers affected with this Trojan will not be able to access Internet after 9th July.

If infected machines are not fixed by then, their Internet connections will go dark.

On Google, infected computers will see a warning atop their screen when completing a search (see below). 

  

Read more about this Malware and how to check whether your computer has been infected by this here in FBI’s Publication

http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf

No Major Application implement DEP and ASLR for preventing unauthorized programs for taking over your PC

Big-name Windows applications neglect security

Two important security technologies, Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR), go a long way toward preventing unauthorized programs from taking over a PC. And Secunia Research just published a white paper with a disturbing analysis of popular Windows programs that don't use either. Windows XP Service Pack 2 introduced DEP back in 2004. It's is a technique that uses both hardware and software to keep a PC from executing programs that sit in areas that should be holding data. Historically, one of the easiest and most fruitful ways to take over a PC involves a buffer overflow - where an attack routine sticks a malicious program inside a data area and then tricks Windows into "running" the data. When a program asks Windows for DEP protection, and the hardware supports DEP, buffer overflow attacks are considerably more difficult. Not impossible, mind you, but DEP does pretty well blocking the most common and straightforward attacks.

ASLR arrived with the release of Windows Vista in 2007. When a program tells Windows that it wants to use ASLR, Windows sticks pieces of the program in randomly assigned parts of memory. If an attacker tries to access a specific location in the program, the attacker has to guess the location of the pertinent piece of the program, which can be quite difficult. Together DEP and ASLR aren't invincible, but they're formidable. In Windows 7 (and to a lesser extent Vista), turning on both DEP and ASLR is reasonably easy if the program is written properly and doesn't use certain undesirable coding techniques that fell out of favor years ago. That's why it's so shocking that many of the programs you and your users run every day don't support either or both.

Secunia tested sixteen applications - the most commonly used Windows apps as reported by Secunia's PSI scanning program. Each of the tested programs has been used as the vector in a real attack in the past two years. As of last month, none of these programs use DEP: Sun's Java JRE, Apple's QuickTime, Apple's iTunes (running on Win XP), OpenOffice, Google's Picasa, Foxit Reader, VLC Media Player, AOL's Winamp, and RealPlayer. Secunia determined that if a program doesn't use DEP, there's no reason to check for ASLR - kind of a security crawl-before-you-can-walk situation.

Read full story here : http://www.codeguru.com/daily_news/article.php/405208

WireShark- one of the best network protocol analyzer

Today I came to know one of the best network protocl analyzer called : wireshark.

According to it’s site :

Wireshark is the world's foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.

Features

Wireshark has a rich feature set which includes the following:

• Deep inspection of hundreds of protocols, with more being added all the time
• Live capture and offline analysis
• Standard three-pane packet browser
• Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
• Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
• The most powerful display filters in the industry
• Rich VoIP analysis
• Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
• Capture files compressed with gzip can be decompressed on the fly
• Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
• Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
• Coloring rules can be applied to the packet list for quick, intuitive analysis
• Output can be exported to XML, PostScript®, CSV, or plain text

 

Get the Software from this site: http://www.wireshark.org

Some Hacking / Anti hacking tools

here are some Hacking / Anti hacking tools to download
http://www.foundstone.com/us/resources-free-tools.asp