» megapanzer

Fraudsters hone their attacks with spear phishing

carrumba — Wed, 03 Mar 2010 19:52:00 +0000

Nice article I’ve found on Infoworld.com about the evaluation of phishing and its latest appearance in form of spear phishing (the method Megapanzer is used).

Fraudsters hone their attacks with spear phishing

In my previous column, I said that the No. 1 way to reduce IT security risks in your organization is to “simply” prevent end-users from installing stuff they shouldn’t. This, of course, is much easier said than done.

Although infected innocent Web sites results in a large percentage of security breaches, fraudulent emails still abound. Unfortunately, long gone are the days when it was easy to identify malicious phishing email by their strange subject lines and horrible grammar.

Today’s phishers, at the very least, are grammatically correct. The ones without enough education or experience to use language correctly naturally made less money and fell out of the criminal business early on; either that, or they hired smarter people.

The next generation of phishing messages, which is still prevalent today, strongly resembles legitimate messages from our banks, cable companies, online electronic payment services, and credit card companies. Everything in the emails looks legitimate, including the graphics that originate from the real company’s Website. (The ones that included a notice to watch out for fake phishing messages always made me giggle.) The only thing that’s fake in the entire message is the link that victims are required to click to complete the requested action.

This form of phishing is pretty effective, but the messages at least contain a small clue (the bogus URL link) to users that they should evaluate the legitimacy of the request. Today’s browsers, with antiphishing features, might even warn an end-user against loading the bogus site.

But now end-users are being targeted by a new form of phishing, called “spear phishing,” which specifically targets a user or company. Spear-phishing emails look more authentic than the aforementioned breed, often including the user’s complete name or referring to a real project that the user is working on. Spear phishers often gather this information by doing tactical research or even breaking into a database, and it’s effective enough to fool even the savviest end-users.

One year Megapanzer.com !!!

carrumba — Mon, 08 Feb 2010 22:28:07 +0000

After 260 posts, 265 days, 12 months, whatever, Megapanzer turned 1 year today. Thanks for your regular visits, your messages and the chats on facebook your feedback, inputs, sources … It was an exciting first year and I hope the next one will be even better. There are still many tools and sources on my todo list but my agenda looks much better for this year. I will definitely find more time for research, coding and publishing. School kept me busy the last year. I think you understand …

Ruben

Swiss Big Brother Award 2009

carrumba — Thu, 29 Oct 2009 15:30:51 +0000

Find here some pictures from the Swiss Big Brother Award. This event took place last weekend (24. october) in Zürich. Me and two other groups were nominated in the category “creditable behaviour”. We were the only nominees who wanted to receive the award personally. unfortunately Swisscom, Berufsbildungsschule Winterthur, the ÜPF and Deltavista were unable to attend the award.

Megapanzer shop and two new forums.

carrumba — Sun, 04 Oct 2009 16:36:09 +0000

There are two smaller but newsworthy changes on the page. The first one are two new groups in the forum. I noticed people are a little afraid of using the forum an hesitate talking about their thoughs and problems with their computers in the public. I created a place where people can introduce themselves, telling something about their person, interests, skills, programming languages they know, their personal projects, etc. I hope this makes it a little easier to make the people start and participate discussions and mainly to dare their first post in the forum.
The second forum in installed is about programmin in general. If you have questions to a specific problem you don’t know how to solve or want to know something about a specific programming language this would be the right place to start a thread.

The megapanzer shop is up. I decided to create a new logo as you probably noticed and I was using these logos also for a basic sortiment in the shop. If I have some time spare I will extend the choice of products.

At the moment I’m strugling with bug fixing Minipanzer. Some minor things have to be improved to make it run more smoothly and it doesn’t crash anymore. The SkypeTrojan doesn’t compile as several people already told me. I will fix the bugs until at least the compiler doesn’t complain anymore. How to use it is not part of the project anymore.

Also several older codes unexpectedly reappeared. I’ve found them while browsing through an old hard disk and stumbled across an old backup file containing the old SkypeTrojan Rootkit, an audio surveillance tool, a keylogger and an SSL tool. As already announced I’ll release these codes soon, too.

Megapanzer video removed by the Vimeo law enforcement

carrumba — Tue, 25 Aug 2009 15:00:02 +0000

Well, obviously the Megapanzer video is too hot for Vimeo.com too. They’ve decided to remove it from their servers as Youtube did one week ago. It violates their Upload rules. I try to fix it within the next hours.
Once again sorry for the inconvenience :/

How to plunder a bank account with Megapanzer 0.1

carrumba — Mon, 17 Aug 2009 12:04:04 +0000

Months after the announcement, and weeks in production, the Megapanzer video is finally here, cut, processed and uploaded to youtube!

The video shows in seven simple steps how to take over an ebanking session of a victim and which tools you need to accomplish this stunt.
The weakest link in the chain is (obviously) not the bank itself but the trustful user, who executed the trojan horse he received by a patient attacker. Once an attacker is on the victim system, he has full control and power to deceive the victim and make him believe everything is just fine. Hostnames are redirected to the attackers proxy server and SSL certificates are injected in the certificate store. So in reality, nothing is just fine!

In the following video, the ebanking server was not hacked. Only my machine was infected which allowed me to intercept the encrypted data. Everyhing you see happened inside my local network and no foreign machines were affected.

Here the link to Rapidshare to download the video : Megapanzer 0.1

Both Youtube and Vimeo removed the video after some time so the next place to see for how long the video will stay online is Metacafe. But the quality is rather bad and probably it’s me who will move it to an other video portal.

The image problem of a malware homepage

carrumba — Wed, 18 Mar 2009 13:04:11 +0000

The question that kept me busy and made me feel uncertain from time to time once was what the final goal of all this will be or what direction shall I walk. Because, frankly, running a webpage with focus on a topic that is punishable in the most countries and publishing posts about the ways how to commit crime and how to do it even more efficiently (because one wants to distinguish from other sites of its kind), that doesn’t arise the impression the person is driven by his virtues in a positive way.

OK, it looks like I have an image problem that has to be solved. So, first of all I have to make sure, if selling rifles, they look clean, shiny and harmless, easy to use, unerring, irresistible. But I think this is exactly the point where the whole thing should be different and distinguish from other sites. Selling guns is idiotic, makes people appear in a strange light that will attract other strange people and sooner or later will cause harm. But standing on the other side of the front, contemplating and analyzing the whole thing and explore what exactly it is, how it works under which circumstances and finding ways to stop it, that sounds more trustworthy, more honorable, less painful to me (at leas now it does) and requires more or less the same skills and knowledge. It seems to be the better side for the same challenge.
To say it in som fewer words: I need some more time till I’ve finished that piece of panzer, to find and present some further ways how to face it and its kind. I’ve already implemented a tool to stop MITM malware attacks on online banking session but I’ve not yet fixed all the bugs.

Megapanzer screenshots

carrumba — Sun, 08 Mar 2009 22:02:28 +0000

I think it is important to give you an idea of how Megapanzer looks like (more or less because it’s still under heavy development and its “look and feel” will change over time) and mainly to offer some kind of proof it really exists and I’m not just hallucinating.

Clarification of the goal behind megapanzer

carrumba — Fri, 27 Feb 2009 21:44:00 +0000

I guess it is necessary to add some further clearing words about the purpose of all this here to avoid confusion …

The last year many of the sites that hosted source code, documentation and discussion boards about malware were urged to close down. None of them reappeared and only some few of the same kind replaced the old abandoned ones. Mainly they had to close the doors because besides being accused of conspirative behavior the maintainer of the sites offered working, undetectable and harmful programs ready to download and ready to use. There were even people that were sent to prison because they not only shared information but also released malware into the wild.

If we would follow the same concept and obstinately ignore the signs we saw in the past probably we would encounter the same fate and had to close this place soon, too. What you will find here is documentation about malware with background information and if you want to leave comments on all the publications you can use the comments form (comments are moderated). And to state it explicitly : we don’t offer precompiled binaries you can download and distribute.

About megapanzer

carrumba — Thu, 26 Feb 2009 09:37:45 +0000

The idea behind Megapanzer was originally to create a prototype backdoor that proves the feasibility to connect inside a corporate network through firewalls and proxies to a machine outside the protected zone in the internet. Simple and straightforward and eventually successful.

With the time more and more features were added and once a simple prototype Megapanzer grew to a system to observe, control computers and to intercept e-banking sessions. I got in contact with people from banks and tried to explain the ways how to circumvent their protection mechanisms and howto transfer money from one of their customers account to an other bank account. The result was rather amazing. After confirming these vulnerabilities exist and it is a real world scenario they also explained it is illegal to test such kind of circumvention against their systems according their contracts (I’ve never subscribed a contract and I’ve never seen an agreement on the ebanking test servers). No interest from their side even if possible cures to their vulnerability were suggested.