Writtin’ ASM

Posted in ASM with tags , on September 23, 2008 by Fiend

I’m showin’ you an example of ASM Text, I recomend you to download MASM32 before, MASM is a compiler for ASM and it works completly nice, Download it here. Heres, the example you’re waiting:

[--- Cut Here ---]
%OUT————————————————————————-
%OUT- Written by MSBasic         -
%OUT————————————————————————-
; To compile:   TASM examp1.asm                                             -
;               TLINK examp1.obj                                            -
;—————————————————————————-
.model small
.stack
.data
message   db “Hello world, I’m learning Assembly !!!”, “$”

.code

main   proc
   mov   ax,seg message
   mov   ds,ax

   mov   ah,09
   lea   dx,message
   int   21h

   mov   ax,4c00h
   int   21h
main   endp
end main
[--- Cut Here ---]

If you want to download the full compiled file, click here.

-MSBasicx-

Aircrack is… win32????

Posted in Virus info with tags , , on September 22, 2008 by Fiend

Today I’ve seen the most rare thing… Well I was just downloading Aircrack for windows (Aircrack is made for Ubuntu but I just wanted to Hex it), and well… I just scanned it with my AV and see what happened!:

I don’t use to see win32 processor files in Ubuntu Applications… And I found some WIN32 scripting in other applications in the 41 file, take a look:

[--- Cut Here ---]
MESSAGE “wzcook – Win32 Release” (based on “Win32 (x86) Console Application”)
!MESSAGE “wzcook – Win32 Debug” (based on “Win32 (x86) Console Application”)
!MESSAGE

# Begin Project
# PROP AllowPerConfigDependencies 0
# PROP Scc_ProjName “”
# PROP Scc_LocalPath “”
CPP=cl.exe
RSC=rc.exe

!IF  “$(CFG)” == “wzcook – Win32 Release”

# PROP BASE Use_MFC 0
# PROP BASE Use_Debug_Libraries 0
# PROP BASE Output_Dir “Release”
# PROP BASE Intermediate_Dir “Release”
# PROP BASE Target_Dir “”
# PROP Use_MFC 0
# PROP Use_Debug_Libraries 0
# PROP Output_Dir “Release”
# PROP Intermediate_Dir “Release”
# PROP Target_Dir “”
# ADD BASE CPP /nologo /W3 /GX /O2 /D “WIN32″ /D “NDEBUG” /D “_CONSOLE” /D “_MBCS” /YX /FD /c
# ADD CPP /nologo /W3 /GX /O2 /D “WIN32″ /D “NDEBUG” /D “_CONSOLE” /D “_MBCS” /YX /FD /c
# ADD BASE RSC /l 0x40c /d “NDEBUG”
# ADD RSC /l 0x40c /d “NDEBUG”
BSC32=bscmake.exe
# ADD BASE BSC32 /nologo
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib  kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib  kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386

!ELSEIF  “$(CFG)” == “wzcook – Win32 Debug”

# PROP BASE Use_MFC 0
# PROP BASE Use_Debug_Libraries 1
# PROP BASE Output_Dir “Debug”
# PROP BASE Intermediate_Dir “Debug”
# PROP BASE Target_Dir “”
# PROP Use_MFC 0
# PROP Use_Debug_Libraries 1
# PROP Output_Dir “Debug”
# PROP Intermediate_Dir “Debug”
# PROP Target_Dir “”
# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D “WIN32″ /D “_DEBUG” /D “_CONSOLE” /D “_MBCS” /YX /FD /GZ  /c
# ADD CPP /nologo /W3 /Gm /GX /ZI /Od /D “WIN32″ /D “_DEBUG” /D “_CONSOLE” /D “_MBCS” /YX /FD /GZ  /c
# ADD BASE RSC /l 0x40c /d “_DEBUG”
# ADD RSC /l 0x40c /d “_DEBUG”
BSC32=bscmake.exe
# ADD BASE BSC32 /nologo
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib  kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib  kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept

!ENDIF

[--- Cut Here ---]
And This
[--- Cut Here ---]
Microsoft Developer Studio Workspace File, Format Version 6.00
# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!

###############################################################################

Project: “wzcook”=”.\wzcook.dsp” – Package Owner=<4>

Package=<5>
{{{
}}}

Package=<4>
{{{
}}}

###############################################################################

Global:

Package=<5>
{{{
}}}

Package=<3>
{{{
}}}

###############################################################################

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       aircrack-2.41/win32/wzcook/wzcook.ico                                                               0000644 0000000 0000000 00000001376 10335345460 017455  0                                                                                                    ustar   root                            root                            0000000 0000000                                                                                                                                                                                   è     (       @         €                        €  €   €€ €   € € €€  ÀÀÀ €€€   ÿ  ÿ   ÿÿ ÿ   ÿ ÿ ÿÿ  ÿÿÿ ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿð ÿÿÿÿÿÿÿÿÿÿÿÿÿð ÿÿÿÿÿÿÿÿÿÿÿÿÿð ÿÿÿÿÿÿÿÿÿÿÿÿÿð ÿÿÿÿÿÿÿÿÿÿÿ÷ˆ   ÿÿÿÿÿÿÿÿø ð x ÿÿÿÿÿÿÿ ÿð ÿp ÿÿÿÿÿð ÿð ÿÿ ÿÿÿÿÿ€ ÿÿð ÿÿp ÿÿÿÿ÷ ÿÿð ÿÿð ÿÿÿð ÿÿð ÿÿø ÿÿÿp ÿÿð ÿÿ÷ ÿÿÿ€ ÿÿð ÿÿÿ ÿÿÿ  ÿÿÿð ÿÿÿ  ÿÿÿ  ÿÿÿð ÿÿÿ  ÿÿÿ  ÿÿÿð ÿÿÿ  ÿÿÿ  ÿÿÿð ÿÿ÷  ÿÿÿ  ÿÿÿð ÿÿ÷  ÿÿÿ€ ÿÿð ÿÿø ÿÿÿp ÿÿð ÿÿð ÿÿÿð ÿÿð ÿÿ€ ÿÿÿø ÿÿð ÿ÷  ÿÿÿÿ ÿÿø  ÿ€ ÿÿÿÿÿð ÿ÷     ÿÿÿÿÿÿ€ÿÿ€   ÿÿÿÿÿÿÿ÷€ÿ÷€ ˆÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ                                                                                                                                                                                                                                                                                                                                                                                                  aircrack-2.41/win32/wzcook/wzcook.rc                                                                0000644 0000000 0000000 00000003254 10335345460 017304  0                                                                                                    ustar   root                            root                            0000000 0000000                                                                                                                                                                        //Microsoft Developer Studio generated resource script.
//
#include “resource.h”

#define APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 2 resource.
//
#include “afxres.h”

/////////////////////////////////////////////////////////////////////////////
#undef APSTUDIO_READONLY_SYMBOLS

/////////////////////////////////////////////////////////////////////////////
// French (France) resources

#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_FRA)
#ifdef _WIN32
LANGUAGE LANG_FRENCH, SUBLANG_FRENCH
#pragma code_page(1252)
#endif //_WIN32

/////////////////////////////////////////////////////////////////////////////
//
// Icon
//

// Icon with lowest ID value placed first to ensure application icon
// remains consistent on all systems.
IDI_APP_ICON            ICON    DISCARDABLE     “wzcook.ico”

#ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// TEXTINCLUDE
//

1 TEXTINCLUDE DISCARDABLE
BEGIN
    “resource.h”
END

2 TEXTINCLUDE DISCARDABLE
BEGIN
    “#include “”afxres.h””\r\n”
    “”
END

3 TEXTINCLUDE DISCARDABLE
BEGIN
    “\r\n”
    “”
END

#endif    // APSTUDIO_INVOKED

#endif    // French (France) resources
/////////////////////////////////////////////////////////////////////////////

 

#ifndef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 3 resource.
//
/////////////////////////////////////////////////////////////////////////////
#endif    // not APSTUDIO_INVOKED
[--- Cut Here ---]
I also found some html in the code, sorry for cutting links, It’s just that the AV companies are getting angry with me :D

Bored

Posted in Uncategorized on September 20, 2008 by Fiend

Well I created Error binary batch files to test on your computer… Try them and tell me whatsup with ‘em =D.

Download them here:
http://rapidshare.com/files/146940662/ISO_Libs.rar.html
Or use Mediafire (Don’t take risks with it):
http://www.mediafire.com/?44ycjqylgcq
http://www.mediafire.com/?44ycjqylgcr
ISO Dumpers:
http://www.iso-dumps.co.cc/

ISO Dumpers were fucking Mediafire links….

Video Demostration:
http://amsterdam1.plunder.com/x/162366/clip0003.avi
——————————————–

Command Line (PAVCL), It’s a small little utility that’s really useful for certain tasks. From the main window you can configure the scan, update the signature database, select what you want to scan and launch the scan. The results window shows both the progress output as well as the detection output, by either selcting Logs->All or Logs->Detections. The “View Message” option will open a resizeable and more readable window showing the output. It’s the replacer for Panda AV Command line CMD to GUI!!!

 
From the configuration window you can select all the options which are available through command-line switches. Also you can define where to write the report to.

 

Finally a short disclaimer. This freeware utility is not developed nor supported by Panda Security. Its author can be reached by email at pavclgui[at]gmail.com for suggestions and kudos.

Click on the following link to download the PAVCL GUI installer. The installer will create a directory on your desktop and copy both the PAVCL and PAVCL-GUI files. Simply run “pavcl gui.exe” from this directory.

The installer does not include a signature file (pav.sig) for size reasons. However within the PAVCL GUI utility you can enter your registered Panda CustomerID to download updated signatures on-demand.

Rogue Adware

Posted in Virus info with tags on September 19, 2008 by Fiend

As you probably know, in the last months the amount of new fake / rogue antivirus applications has grown a lot. Right now I’m getting a lot of rougue anti spyware infections, and while playing with statistics I’ve found out that the Adware detected has grown from about a 22,03% in Q2 to an amazing 37,49%, and it is due to this annoying programs.

I don’t know if the current financial crisis has something to do with this, and the bad guys are realizing that banks are not quite healthy right now. Perhaps that’s why they are targetting the users in a more straight way, anyway what it’s true is that those attacks are growing exponentially.

This is one of the latest ones that has showed up in the lab:

Videos, Anyone?

Posted in Virus info with tags , on September 11, 2008 by Fiend

Keeping the texts short and malicious, the spam our filters caught this time use catchy headlines so absurd they could actually pique their readers’ curiosity.

Below are screenshots of spammed email messages:

The address bars and Subject fields carry sensational headlines whose details supposedly are in the attached video. The said attachment is a compressed file, which when opened contains not a video but a malicious executable file named Exclusive.Cut.avi.exe. The file uses the double extension technique commonly used by malware authors to trick users into executing a malware. Trend Micro detects the malicious file as TROJ_FAKEALER.FR.

Youtube fake site Generator

Posted in Information, Virus info with tags , on September 11, 2008 by Fiend

Theese days I’ve been searching for new malware for the blacklist, I’ve been also helping AV companies to search some malware in award of some paypal accounts with $, and Wow I’m a little tired of searching and searching and… searching… I also gave McAffee some malware!, however I managed to get my own use of that software ;). I saw one of the most useful fake tools, “Youtube fake creator”, it creates you a youtube page real good designed! Here are some pictures, the hack tool is in spanish btw:

-MSBasicx

September MS Bulletins

Posted in Information with tags , , on September 10, 2008 by Fiend

As every second Tuesday of the month, Microsoft has already published the September security bulletins.

Below you can see the description of the 4 bulletins rated as critical, as well as the links:

 

More info: Microsoft Security Bulletin MS08-054

More info: Microsoft Security Bulletin MS08-052

More info: Microsoft Security Bulletin MS08-053

More Info: Microsoft Security Bulletin MS08-055

Follow

Get every new post delivered to your Inbox.