Swedish courts find The Pirate Bay guilty

Swedish courts find The Pirate Bay guilty:
"A Swedish court sentenced on Friday four operators of the well-known file-sharing site The Pirate Bay to a year each in prison, a landmark victory for the music and movie industries."

Electricity Grid in U.S. Penetrated By Spies - WSJ.com

Electricity Grid in U.S. Penetrated By Spies - WSJ.com:

"WASHINGTON -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials."

Behind GhostNet - F-Secure Weblog : News from the Lab

Behind GhostNet - F-Secure Weblog : News from the Lab:

"The GhostNet spy network was built by infecting sensitive computers with backdoor/Remote Administration Tools (RAT). Most of these are modified and obfuscated versions of Poison Ivy (description) or Gh0st RAT.

These tools are open source backdoors, maintained by loose gangs of hackers.

And these gangs operate openly."

I-Hacked.com Taking Advantage Of Technology - Inside Programmable Road Signs

I-Hacked.com Taking Advantage Of Technology - Inside Programmable Road Signs:
"How many times have you driven by an electronic road sign like one of these?"

I-Hacked.com Taking Advantage Of Technology - Twitter Security Cam

I-Hacked.com Taking Advantage Of Technology - Twitter Security Cam:

"The following will walk you through setting up a video-surveillance system that will detect motion, enable your webcam, take pictures of the intruder, and upload the pics online and notify your cell phone via an twitter SMS message."

FOXNews.com - Cyberspies Penetrate U.S. Electrical Grid, Leave Software That Could Disrupt System - Cybersecurity

FOXNews.com - Cyberspies Penetrate U.S. Electrical Grid, Leave Software That Could Disrupt System - Cybersecurity:

"WASHINGTON — Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war."

Tenable Network Security

Tenable Network Security

Using NMAP to detect Conficker infected hosts | The Edge of I-Hacked

Using NMAP to detect Conficker infected hosts | The Edge of I-Hacked

##########################################################
Scanning for Conficker Vulnerability & Infection
##########################################################

=================
**Disclaimer**
This is all pretty ugly, but should help those who find themselves in a pinch.  This little guide comes with no warranties or guarantees effectiveness. 
=================

---------------
Pre-requisites
---------------

This method has been tested using nmap version 5.85BETA5 on Mac OS X.  This should work on any *nix system.

Open the terminal and input the following commands:

svn co --username=guest --password='' svn://svn.insecure.org/nmap
cd nmap
./configure && make
sudo make install

---------------
Running the Scan
---------------

*note that if you already have a version of nmap installed on your machine from another source (Fink for example) you must type ./nmap from within the directory you compiled.  For example, I created a folder on my desktop called svn_nmap where I placed the source and compiled.  Launching from other locations will open an older version.

Type the following from within the nmap directory:

nmap -PN -d -p445 --script=smb-check-vulns --script-args=safe=1 xxx.xxx.xxx.zzz-zzz >> conficker_scan.txt

This will execute the scan on a range of ports and outputs the results to  conficker_scan.txt.  You may want to do small ranges so you keep track of how well the scan is proceeding.  Feel free to use the same output file as >> designates that output will be appended.

--------------
Wading Through the Results
--------------

You should now have a number of text files containing the results of your scan.  In order to pull out information on the infected machines, run the following:

grep -B 7 -A 4 INFECTED  conficker_scan.txt >> infected_machines.txt

To determine if any machines are vulnerable but not yet infected run the following:

grep -B 8 -A 3 VULNERABLE  conficker_scan.txt >> vulnerable_machines.txt

------------
Dealing With the Consequences
------------

At this point I leave you to determine the best course of action once you have identified all the vulnerable/infected machines.

+++++++++++++++++++++++++++
Author:  jur1st - CCCKC
Credit to:  Fyodor, Dan Kaminsky, Felix Leder, Tillmann Werner, Rich Mogull and the Conficker Working Group for the hard work.  All I did was make the info a little more accessible.
+++++++++++++++++++++++++++

PaulDotCom

PaulDotCom

ha.ckers.org web application security lab

ha.ckers.org web application security lab

Conficker - Wikipedia, the free encyclopedia

Conficker - Wikipedia, the free encyclopedia

An Analysis of Conficker C

An Analysis of Conficker C: "Introduction

This addendum provides an evolving snapshot of our understanding of the latest Conficker variant, referred to as Conficker C. The variant was brought to the attention of the Conficker Working Group when one member reported that a compromised Conficker B honeypot was updated with a new dynamically linked library (DLL). Although a network trace for this infection is not available, we suspect that this DLL may have propagated via Conficker's Internet rendezvous point mechanism (Global Network Impact). The infection was found on the morning of Friday, 6 March 2009 (PST), and it was later reported that other working group members had received other DLL reinfections throughout the same day. Since that point, multiple members have reported upgrades of previously infected machines to this latest variant via HTTP-based Internet rendezvous points. We believe this latest outbreak of Conficker variant C began first spreading at roughly 6 p.m. PST, 4 March 2009 (5 March UTC)."

Passwords used by the Conficker worm | Graham Cluley's blog

Passwords used by the Conficker worm | Graham Cluley's blog:

"It's not possible to emphasise enough the importance of using sensible passwords on your network.

Not just on the areas of your network that you don't want your users to traipse through, but also on the default network shares that are present on installations of commonly used operating systems like Windows NT/2000/XP/2003.

One of the ways in which the Conficker worm (also known as Confick or Downadup) uses to spread is to try and batter its way into ADMIN$ shares using a long list of different passwords.

As you can see in the list below, it relies upon computers using poorly chosen passwords such as dictionary words, 'password', 'qwerty' or sequences of letters or repeated numbers:"

Open Source Honeypots: Learning with Honeyd

Open Source Honeypots: Learning with Honeyd:

"Honeypots are an exciting new technology. They allow us to turn the tables on the bad guys, we can take the initiative. In the past several years there has been growing interest in exactly what this technology is and how it works. The purpose of this paper is to introduce you to honeypots and demonstrate their capabilities. We will begin by discussing what a honeypot is and how it works, then go into detail using the OpenSource solution Honeyd."

IDS Logbook [OS3 Website]

IDS Logbook [OS3 Website]:
"1. For information about honeyd the first website to look at would be http://www.honeyd.org. On this website a FAQ can be found which supplies example configurations and scripts. Another useful link is http://www.citi.umich.edu/u/provos/honeyd/honeyd-man.pdf This is the OpenBSD man page. The best source of information on installing honeyd might be the README which is included in the source package."