Friday, June 13, 2015 - [[[[[[[[[[[[[[[[[[[[[[ National Whistleblower Center ]]]]]]]]]]]]]]]]]]]]]]

Friday, June 13, 2015 - [[[[[[[[[[[[[[[[[[[[[[ National Whistleblower Center ]]]]]]]]]]]]]]]]]]]]]]
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[ Disseminate Widely ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

Monday, August 11, 2014 - [[[[[[[[[[[[[[[[[[[[[[[[[ Project - N.N.O.M.Y ]]]]]]]]]]]]]]]]]]]]]]]]]]

Monday, August 11, 2014 - [[[[[[[[[[[[[[[[[[[[[[[[[ Project - N.N.O.M.Y ]]]]]]]]]]]]]]]]]]]]]]]]]]
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[ The National Network Opposing The Militarization of Youth ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

Monday, August 11, 2014 - [[[[[[[[[[[[[[[[[[[[[[[[[[ Project - Y.A.N:D ]]]]]]]]]]]]]]]]]]]]]]]]]]]

Monday, August 11, 2014 - [[[[[[[[[[[[[[[[[[[[[[[[[[ Project - Y.A.N:D ]]]]]]]]]]]]]]]]]]]]]]]]]]]
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[ The National Network Opposing The Militarization of Youth ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

Sunday, July 13, 2014 - [[[[[[[[[[[[[[[[[[[[[ One Nation Under Surveillance ]]]]]]]]]]]]]]]]]]]]]]

Sunday, July 13, 2014 - [[[[[[[[[[[[[[[[[[[[[ One Nation Under Surveillance ]]]]]]]]]]]]]]]]]]]]]]
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[ Disseminate Widely ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

Saturday, January 18, 2014 - [[[[[[[[[[[[[[[[[[[ Nullify The NSA - OFFNOW.org ]]]]]]]]]]]]]]]]]]]]

Saturday, January 18, 2014 - [[[[[[[[[[[[[[[[[[[ Nullify The NSA - OFFNOW.org ]]]]]]]]]]]]]]]]]]]]
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[ Disseminate Widely ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

Saturday, January 18, 2014 - [[[[[[[[[[[ Whatis Taxed.com - Income Tax Research ]]]]]]]]]]]]

Saturday, January 18, 2014 - [[[[[[[[[[[ Whatis Taxed.com - Income Tax Research ]]]]]]]]]]]]
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[ Stop Funding Criminal Government - Disseminate Widely ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

Thursday, Sept 11, 2014 - [[[[[[[[[[[[[[[[[[[[ The Lone Gladio By Sibel Edmonds ]]]]]]]]]]]]]]]]]]]

Thursday, Sept 11, 2014 - [[[[[[[[[[[[[[[[[[[[ The Lone Gladio By Sibel Edmonds ]]]]]]]]]]]]]]]]]]]
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[ Disseminate Widely ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

Thursday, Sept 11, 2014 - [[[[[[[ Bin Laden Worked With U.S. Government After 9/11 ]]]]]]

Thursday, Sept 11, 2014 - [[[[[[[ Bin Laden Worked With U.S. Government After 9/11 ]]]]]]
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[ Disseminate Widely ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

Thursday, Sept 11, 2014 - [[[[[[ U.S. Government 'Directly Involved' In Terror Plots ]]]]]

Thursday, Sept 11, 2014 - [[[[[[ U.S. Government 'Directly Involved' In Terror Plots ]]]]]
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[ Disseminate Widely ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

Thursday, October 12, 2015 - [[[[[[[[[[[[[[ The Attacks Will Be Spectacular ]]]]]]]]]]]]]]

Thursday, October 12, 2015 - [[[[[[[[[[[[[[ The Attacks Will Be Spectacular ]]]]]]]]]]]]]]
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[ Disseminate Widely ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

Thursday, Sept 11, 2014 - [[[[[[[[[[[ Reality Check More Americans Rethinking 9/11 ]]]]]]]]]]

Thursday, Sept 11, 2014 - [[[[[[[[[[[ Reality Check More Americans Rethinking 9/11 ]]]]]]]]]]

Thursday, Sept 11, 2014 - [[[[[[[[[[[[[[[[[[[[[[[[ We Will N.E.V.E.R. Forget ]]]]]]]]]]]]]]]]]]]]]]

Thursday, Sept 11, 2014 - [[[[[[[[[[[[[[[[[[[[[[[[ We Will N.E.V.E.R. Forget ]]]]]]]]]]]]]]]]]]]]]]
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[ N.E.V.E.R. Forget ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

Cost of War to the United States

Wednesday, October 19, 2011

Federal Trojan's Got A "Big Brother" -- Trojan Update-Button

By Tillmann Werner - Posting #171 - Countermeasure #1

About two weeks ago, the German Chaos Computer Club (CCC) has published an analysis report of a backdoor trojan that they claim had been used by German police during investigations in order to capture VoIP and IM communication on a suspect's PC.

Our friends over at F-Secure published a blog post last week where they wrote about another file that, according to them, seemed to be the dropper component of the trojan. They were kind enough to share the MD5 hash of the file, so we could pull it from our collection. Stefan and I took a closer look.

The dropper carries five other binaries in its resource table, so there are six components in total – each with a different purpose – all of which have been analyzed by us. Amongst the new things we found in there are two rather interesting ones: firstly, this version is not only capable of running on 32 bit systems; it also includes support for 64 bit versions of Windows. Secondly, the list of target processes to monitor is longer than the one mentioned in the CCC report. The number of applications infected by the various components is 15 in total.

Target Applications

Previous discussions of R2D2 mention Skype as a target application that is monitored by the trojan. The version analyzed by us indicates that Skype is targeted as well, but also all common web browsers, various instant messaging applications and voice-over-ip software, such as ICQ, MSN Messenger, Low-Rate Voip, paltalk, SimpPro, sipgate X-Lite, VoipBuster and Yahoo! Messenger. The list of process names is:

* explorer.exe
* firefox.exe

* icqlite.exe

* lowratevoip.exe
* msnmsgr.exe

* opera.exe

* paltalk.exe

* simplite-icq-aim.exe
* simppro.exe

* sipgatexlite.exe

* skype.exe

* skypepm.exe

* voipbuster.exe

* x-lite.exe
* yahoomessenger.exe


Code injection into target processes is carried out by the dropper, two user-mode components and also a 32 bit kernel driver with extended functionality compared to the version previously analyzed, which only provided an interface for registry and file system modifications.

All target processes we found in the different user-mode components are also covered by the driver.

There are two different DLL injection methods implemented. One works by registering the user-mode library in the Windows registry as an AppInit DLL so that it gets loaded during process creation. The second creates a remote thread in already running processes and injects a piece of position-independent code that maps the mfc42ul.dll file, one of the user-mode modules, into the target process memory.

64 bit Kernel Driver

When the dropper installs the kernel-mode component, it derives the resource name from the architecture (either 32 or 64 bit) and installs an appropriate driver:

Contrary to the 32 bit version, the 64 bit driver does not contain any process infection functionality but only provides a rudimentary privilege escalation interface through file system and registry access. Similar to its brother, it creates a device and implements a basic protocol for communicating with user-mode applications.

It is well known that 64 bit kernel modules must carry a valid digital signature that can be checked by the operating system, or loading the driver fails. The driver that comes with the rootkit contains a 1024 bit RSA certificate (fingerprint e5445e4a 9c7d24c8 43f0c669 e2a8d3a1 78cf7fa8), issued by Goose Cert on April 11, 2010. However, the certificate must be installed and the trustworthiness must be confirmed in order to make the driver load.

All components are detected by Kaspersky as variants of the R2D2 trojan/rootkit. The dropper was previously heuristically detected and blocked by us as an invasive program.

"And Ye Shall Know The Truth And The Truth Shall Set You Free"

WAKE UP AMERICA....ITs OUR COUNTRY!!!

Love "Light" and Energy

_Don

References: Facebook Worm Found to Serve ZeuS - No Smit!

Apple iTunes “Flaw” Allowed Government Spying for 3 Years - Woooo Hoooo

Surveillance Company Says It Sent Fake iTunes, Flash Updates LOL LOL LOL

As Washington Renews Military Threats Against Iran, Cyber Attacks Escalate

Cuba says U.S. behind illegal wireless networks

Anonymous' Fawkes Virus Found on Facebook LOL LOL LOL

Microsoft Issues [Fix it or Unfix it] for Duqu 0-Day Vulnerability in Windows Kernel

China: Don't blame us for U.S. satellite hacks :o

600,000 hacks a day, welcome to Facebook LOL LOL LOL

Example: What happens when ya hit that trojan-update button!

'Government and companies NSA/SAIC/DIA routinely abuse data privacy'

Using Stuxnet and Duqu as Words of Mass Disruption

NSA Open Sources Google Database Mimic

Federal Trojan

Magic Lantern

DODs New Stuxnet 2.0 'Cyber-Surveillance' Malware Threat - :o TOP

Exploit Kits – A Different View

Chaos Computer Club analyzes government malware

More Info on German State Backdoor: Case R2D2

Mass Injection Attack Targets ASP.NET Sites

Widespread LizaMoon Web Attacks Push Rogue Antivirus

No comments:

TOPs Blogger Role