Why not play a game where we try to make the latest (at time of writing) public java exploit ( CVE-2012-4681 ) undetected by all antivirus and see who will be the last to detect it ?. I think it will be a funny "challenge" because evading antivirus has always his charm. I will not use software obfuscators like proGuard, Allatori, Zelix KlassMaster etc... This because will not be funny. This is not intended to be an analysis or explanation because there are already great post here: http://immunityproducts.blogspot.com.ar/2012/08/java-0day-analysis-cve-2012-4681.html http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html http://www.h-online.com/security/features/The-new-Java-0day-examined-1677789.html Before we start we need to make two considerations: From The Current Web-Delivered Java 0Day :  So while you may see a few links to Virustotal with the inevitable complaining that a scanner is missing a specific chunk of altered code along wi...

In a previous video  Wordpress XSS + Internet Explorer 8 Exploit  i showed you how you can use a Cross-site scripting vulnerability to redirect a victim with Internet Explorer to a malicious site containing an exploit for version 8. Another way, is to use it as cookie grabber. From wikipedia: A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is usually a small piece of data sent from a website and stored in a user's web browser while a user is browsing a website. When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user's previous activity. Basically, when a user visit the "infected" page all cookies of that domain will be sent to a script which will store informations in a file/db or sent via email to the attacker. After selecting our wordpress target (franksite.dot/wordpress) we use a vulnerability scanner called wpscan developed by ethicalhack3r ...

Just a quick post, because i've never seen this type of scam (using google as vector), but i think it's an old technique. I have won a cash price from google, but why gmail moved the email to spam section ? :( Attached pdf. Graphics seems to be created with paint, because is horrible. If they have to convince people to send their credentials, at least make a better template.

A lot of times i have seen Cross-site scripting vulnerabilities classified as low impact or not significant. Thus, this time i want to show you how an attacker can get administration privileges through a simple XSS. A couple of months ago i discovered an XSS vulnerability affecting the uk website of Orange http://www.orange.co.uk . I've emailed them a month ago (and two weeks ago) regarding this vulnerability, but i haven't received any response yet. From wikipedia: Orange is the flagship brand of the France Telecom group for mobile, landline and Internet businesses, with 226 million customers as of December 2011 and, under the brand Orange Business Services, is one of the world. How i found this XSS ? When you read an article, for example this one obesity_levels_could_be_cut_with_20_fat_tax , you can see  the users comments at the bottom of the page. If a user want to leave a comment, he must log in via google, facebook etc.... Once logged, the website create a profil...

Behind this phishing emails there are several people or just one guy ? What i think is that there is only one guy because if you check the title of this script you see the write assembled by ME,  if it was a team should be written Assembled by XYZ team. Where is he from ? His mother language is romanian and i think he lives in Italy. As you can see below there are several files written in romanian and the stolen information are sent to a fastweb email that you cannot made if you don't leave in Italy. I was wrong in the previous article saying that the pisher hacked the webstie because was defaced by FERID23 from anti-armenia.org. I suppose that at the end of September 2011 this phisher found it, uploaded a shell and created several folders in this order: d3b (postepay information stealer) stf   (cartasi, uk paypal, banca intesa, it paypal, postepay, VISA) pastote  (cartasi, paypal, VISA, bancopostaclick) Taking a look to pastote folder we see that ...

In this hours a "new" phishing attack is targetting Poste Italiane and his service called Postepay. In the previous article regarding poste italiane phishing email the phiser to convince the victim to send their account details said that they won a bonus of 250 euro. This time he chose another way that is more credible (in my opinion). The title says we detected irregular activity on your Poste Italiane account  and the content proceed for your protection you must download the attachment and fill the form. If you ignore this email your account will be temporarily suspended . The sender is support@update.com When you open the attachment you get this page with a central form ready to be filled with postepay account details (Username, Password, Credit Card Number, Expiration Date, Security Code). In this file he haven't tried to obfuscated the form code as he did last time, so the address of the server where the data will be sent is easily visible. Th...