New Varian Conflicker : WORM_DOWNAD.E

Labels: | 276 comments

Days after the April 1st activation date of Conficker, nothing interesting was seen so far in our Downad/Conficker monitoring system except the continuous checking of dates and times via Internet sites, checking of updates via HTTP, and the increasing P2P communications from the Conficker peer nodes.

Well that was until last night when we saw a new file (119,296 bytes) in the Windows Temp folder. Checking on the file properties reveals that the file was created exactly on April 7, 2009 at 07:41:21.


Checking also on traffic captures show that there was no HTTP download that occurred somewhere around that time frame, which was from April 7, 2009 at 07:40:00 up to April 7, 2009 at 07:42:00. However, we noticed a huge encrypted TCP response (134,880 bytes) from a known Conficker P2P IP node (verified by other independent sources), which was hosted somewhere in Korea.

The size of the encrypted TCP blob pretty much matches the size of the binary that got created in the aforementioned folder. There are some additional bytes, which could be the headers and keys that Conficker/Downadup has been known to use.

Trend now detects this new Conficker variant as WORM_DOWNAD.E. Some interesting things (well at least in our perspective) found are:
  1. (Un)Trigger Date – May 3, 2009, it will stop running
  2. Runs using a random file name and random service name 
  3. Deletes this dropped component afterwards 
  4. Propagates via MS08-067 to external IPs if Internet is available, if no connections, uses local IPs.
  5. Opens port 5114, and serves as an HTTP server by broadcasting via SSDP request
Connects to the following sites:

Myspace.com
msn.com
ebay.com
cnn.com
aol.com


It also does not leave a trace of itself in the host machine. It runs and deletes all traces, no files, no registries etc.

Another interesting thing we also noticed was that the Downad/Conficker box was trying to access a known Waledac domain (goodnewsdigital(dot)com) and download yet another encrypted file. This coincidentally happened just after the creation of the new Downad/Conficker binary described below (07:41:23):
The domain currently resolves to an IP address that is hosting a known Waledac ploy in HTML to download print.exe, which has been verified to be a new Waledac binary.

Two things can be summed up from the events that transpired:
  1. As expected, the P2P communications of the Downad/Conficker botnet may have just been used to serve an update, and not via HTTP. The Conficker/Downad P2P communications is now running in full swing!.
  2. Conficker-Waledac connection? Possible, but we still have to dig deeper into this…

Research and collaboration is currently ongoing in our own labs, as well as within the Conficker Working Group, and will update this blog post for new findings.


Read More......
Bookmark and Share

Posted by MrMKWingzero at 4/16/2009 10:10:00 AM

Conficker P2P Traffic

Labels: | 0 comments

Visualizations can often show researchers details that would otherwise take hours of staring at raw data to find. WORM_DOWNAD.KK has plenty to show us if we look in the right places. This post focuses on the various P2P channels.

The first set of graphs map each IP address (source and destination) found in the source pcap file onto a grid. Each IP address is first split into its 4 octets (A.B.C.D). The octets are plotted as points on each of the four vertical lines. Working from from left to right these lines align to an octet (A.B.C.D). Zero at the top, 255 at the bottom. The points are then connected with a line. The color of the line indicates the value range of the starting octet. Green for 0-64, Blue for 65-128, Pink for 129-192 and Yellow for 193-255. Each Graph shows a 1-hour snapshot of data.

This image shows a 1-hour sample taken from an uninfected LAN carrying normal office traffic. You can see a number of addresses and even follow most of the lines. Multiple appearances of the same address are plotted as one line:

Figure 1. 1 hour of normal LAN traffic
Things get more interesting when we plot WORM_DOWNAD.KK traffic. This graph is 1-hour traffic from a single system infected with WORM_DOWNAD.KK. Note the difference between the first and second graph. We can clearly see that the IP selection algorithm generates a complex distribution that provides thorough coverage of each IP octet:

 
 Figure 2. 1 hour of WORM_DOWNAD.KK P2P traffic)
It is interesting see the IP space that WORM_DOWNAD.KK is programmed to avoid. We know WORM_DOWNAD.KK contains a black-list of /8 CIDR ranges that it will not transmit P2P traffic to. (/8 indicating that only the first octet “A” is significant). The /8s not scanned by the P2P protocol are 0, 1, 2, 5, 10, 14, 23, 27, 31, 36, 37, 39, 42, 46, 49, 50,100-109,127, 175-185, 191, 197, and 223 – 255. You can clearly see 4 gaps on the “A” line. These gaps match very well with the known list, 0-5 at the top, 100-109 (Blue) 175-185 (Pink) and 223-255 at the bottom. If you zoom in you will also see that the Green section (0- 64) is more spotty than the other colors, which tends to agree with what we know about the blocklist.

Read More......
Bookmark and Share

Posted by MrMKWingzero at 4/16/2009 10:06:00 AM

VmWare Fusion 1.1.1 Available Download

Labels: | 1 comments



VmWare Fusion 1.1.1

Get the best of both the Mac and PC worlds with VMware Fusion. With an intuitive Mac-native interface and a wide array of powerful features, VMware Fusion provides the most seamless way to run Windows applications on your Mac.


Seamlessly run Windows, Linux and other PC operating systems on your Intel-based Mac. VMware Fusion gives you the freedom to:


Unite Windows and Mac OS X

Seamlessly run Windows applications alongside Mac applications with the Unity features in VMware Fusion. Find and launch Windows applications quickly with the VMware Fusion launcher. Switch between Windows and Mac applications quickly with Exposé. Minimize Windows applications to the Mac OS X Dock.

Get the most out of your Mac

Play Windows games on your Mac. Create powerful multi-core virtual machines and run 32- and 64-bit operating systems with ease. Use your iSight camera in Windows and gain access to Windows-only USB 2.0 devices.

Create virtual machines with ease
VMware Fusion makes it easy to install Windows as a virtual machine on your Intel-based Mac, and makes a perfect complement to Apple Boot Camp. Use your existing Boot Camp partition as a virtual machine, or use the built-in Windows Easy Install to install a fresh copy of Windows on a new virtual machine.

Turn back time on the PC
Use Snapshots to save the state of your virtual machine, and revert back to that state if your PC crashes or becomes corrupted.


Download Link
I've test this link is active when i post this

Read More......
Bookmark and Share

Posted by MrMKWingzero at 4/02/2009 08:49:00 PM

Mac OS X Leopard for AMD And Intel 10.5.1

Labels: | 0 comments



Mac OS X Leopard for AMD and Intel 10.5.1

HowTo OSX

DISK IS PREPATCHED this is ISO Format so burn image to a disk and your ready to install simply.

Install Leopard

Now lets install Leopard.
Code:

1. Optional but Highly recommend: install Tiger first. This can be done by inserting Tiger DVD on
your computer and make sure you boot from it. Usually that’s done if you press F8 or F12 or
whatever key combination to give you the option to choose what disk/cd drive you want to boot
from. Or you can always change boot device in BIOS setup. Select your CD/DVD drive. And


Select your language and when the welcome screen shows up

1. Select Utilities -> Disk Utility
2. Select your partition that you want to be OSX and go to the Erase tab
3. For Volume Format, select Mac OS Extended (Journaled), set volume name as “Leopard“
(no quotes, case sensitive)
4. Click Erase. Now the partition should not be grey, it should be black to indicate that it is active.
5. Close out of the Disk Utility and move onwards with installation.

Use “Customize” option and unselect all packages there. Just install base system. By installing Tiger first, the partition would be properly formatted and activated, which eliminate any potential problem. Now reboot and remove the Tiger DVD.

2. Install Leopard.

Insert Leopard DVD, and make sure to select booting from DVD. The installer will load(it will take a while, be patient). If you have Tiger installed, don’t format the partition, just install it over the Tiger partition. Otherwise, same approach as Tiger installation, use Disk Utility to setup the partition.

Important: Use Customize… button and unselect all packages there. Then proceed to installation. When it’s done, reboot. And make sure that your USB/Pen Drive is connected to your PC.

Patch Leopard Installation

After the reboot, also make sure you do the same step above: Press whatever key combination to give you the option to choose your boot device: Now Select your CD/DVD drive.

Once the setup is loaded(again, long wait, be patient), select your language. When the welcome screens shows up, select UTILITIES-TERMINAL. The terminal will now open. We will now browse to our Thumb Drive;

In the command line, type:

cd /Volumes/123/files

Lets now run the script. This will patch the installation so it will boot properly:

./9a581PostPatch.sh

Let it run. You can answer yes when removing the ACPUPowerManagement.kext

Reboot.


Download rapidshare, but download fisrt list of link download Mac OS X Amd and Intel in here:
Download

Read More......
Bookmark and Share

Posted by MrMKWingzero at 4/02/2009 07:56:00 PM

VM Ware Converter v3 Available Donwload

Labels: | 0 comments



VMWare Converter v3

Use the intuitive wizard-driven interface of VMware Converter to convert your physical machines to virtual machines. VMware Converter quickly converts Microsoft Windows based physical machines and third party image formats to VMware virtual machines. It also converts virtual machines between VMware platforms. Automate and simplify physical to virtual machine conversions as well as conversions between virtual machine formats with VMware Converter.

Convert Microsoft Windows based physical machines and third party image formats to VMware virtual machines.
Complete multiple conversions simultaneously with a centralized management console.
Easy to use wizards to minimize the number of steps to conversion.
VMware Converter can be run on a wide variety of hardware and supports most commonly used versions of the Microsoft Windows operating systems. With this robust, enterprise class migration tool you can:

Quickly and reliably convert local and remote physical machines into virtual machines without any disruption or downtime.
Complete multiple conversions simultaneously with a centralized management console and an intuitive conversion wizard.
Convert other virtual machine formats such as Microsoft Virtual PC and Microsoft Virtual Server or backup images of physical machines such as Symantec Backup Exec System Recovery or Norton Ghost 12 to VMware virtual machines.
Restore VMware Consolidated Backup (VCB) images of virtual machines to running virtual machines.
Clone and backup physical machines to virtual machines as part of your disaster recovery plan.


Download link is active when i posted (95572 KB)

Read More......
Bookmark and Share

Posted by MrMKWingzero at 4/02/2009 07:25:00 PM

NEED FOR SPEED UNDERCOVER

Labels: | 0 comments




MINIMUM SYSTEM REQUIREMENTS
OS : Windows XP/Vista
CPU: Pentium 4 3.2 Ghz or AMD Athlon 64 3500+
RAM: 1GB MB RAM or higher (Windows Vista requires 2 GB RAM)
HDD: 10 GB free disk space or more
DVD-Drive: 8x
Graphics: 256 MB or higher (Pixel Shader 3.0, PCIe only) *
DirectX: Version 9.0c or DirectX Nov 2007 edition (included)
Multiplayer: To play online a network card is required for broadband connectivity


RECOMMENDED REQUIREMENTS
OS: Windows XP/Vista
CPU: Intel Core 2 Duo, AMD 64 X2 5200+ or AMD Phenom
RAM: 2GB MB RAM or higher (Windows Vista requires 3 GB RAM)
HDD: 10 GB free disk space or more
Graphics: 512 MB or higher (Pixel Shader 3.0, PCIe only) *
DirectX: Version 9.0c or DirectX Nov 2007 edition (included)
Multiplayer: To play online a network card is required for broadband connectivity

Support Graphic Card (VGA)

ATI

Radeon X1600 series; Radeon X1800 series; Radeon X1900 series; Radeon HD 2400 series
Radeon HD 2600 series; Radeon HD 2900 series; Radeon HD 3000 series; Radeon HD 4000 series

NVIDIA

GeForce 7300 series; GeForce 7600 series; GeForce 7800 series; GeForce 7900 series
GeForce 8500 series; GeForce 8600 series; GeForce 8800 series; GeForce 9500 series
GeForce 9600 series; GeForce 9800 series; GeForce 200 series


***NOTE: Laptop versions of these chipsets may work, but are not officially supported.
NVIDIA GeForce 6000 series not supported


Image Preview





You wanna this, you can download it and happy fun

Download for PC (43 Part in rapidshare server)

SERIAL NUMBER: NFSUC


45XP-A7C4-7D9S-68DZ-HBJB

ZDUL-HXC2-KS6G-AN55-HTXN

NJ9R-6ZVY-A96L-Q82W-WK72

XX6E-EMEQ-UH6T-KCUK-EBPN

Z4DV-2QS2-HRAB-BZZA-5ZH7

AKYY-LGY2-FUPK-FBFB-BV4C

CRACK NFSUC

Donwload this crack file is save from virus and trojan Copy paste in folder NFSUC in programefile and replace exciting file nfsuc.

file size: (8.69 MB)

password : just4rslinks.org

NFS Undercover Patches

Here you can find the patches for Need for Speed Undercover:
Playstation 3 and Xbox360 users are being informed of the new patch when starting the game. PC users can download the patch here:

NFS Undercover Patch v1.0.1.17 EN-US
English, French & Mexican

NFS Undercover Patch v1.0.1.17 FR/GER/ITAL-EU
French, German & Italian
NFS Undercover Patch v1.0.1.17 EU Other
English, Russian, Danish, Spanish, Finnish, Czech, Dutch, Hungarian, Polish, Norwegian


Cheat Game

Here you can find several downloads and programs for NFS Undercover, which help you playing the game.

Attention: Please note that some of the following tools (especially trainers and programs, which edit the game files) may conflict with PunkBuster. NFS-Planet cannot be made responsible for any problems or damages the use of these programs may cause.


Name: FS-TexEd 0.7.6 Beta 2
Size : 459 KB
Author : nfsu360
Deskription: NFS-TexEd it a texture archive viewer/editor for:
NFS Undercover, ProStreet, Carbon, Most Wanted, Underground 2, Underground.






This program is a public beta, so it may not function as expected.
Please ensure you make backups of all files you edit before you save.
Download: Download

Name: NFS Undercover Save Editor v1.2 (CoDe RiPPeR)
Size: 219 KB
Author: CoDe RiPPeR
Description: This program allows you to modify some fields of the database (DB), which is stored in your save game file. The current version can change:
- money amount
- unlock access to all shops, thus making all cars, parts, customizations etc. available for buying
- unlock access to all career races and jobs
- mark all types of races completed
- driver skills
There are also some optional features, for advanced users, such as:
- DB export and import
- checksum fixing
Download: Download

Name: NFS Multimedia Converter v1.5.1
Size: 370 KB
Author: CTPAX-X
Description: With this tool you can export the music of Need for Speed Undercover into MP3- or WAV-files! Unfortunately video-converting is only supported with older NFS games.
MUSIC:
Music can be converted into WAV or MP3 format.
List of supported games:
  • Undercover
  • ProStreet
  • Carbon
  • Most Wanted
  • Underground 2
  • Underground
  • Hot Pursuit 2
Warning!
Converting of interactive music from NFS Most Wanted, Carbon, ProStreet and Undercover is not supported.

VIDEO:
Video can be converted only into AVI format.
For correct playing you need to download and install VP6 codec. You can get it from official web site: http://www.on2.com/cms-data/downloads/vp6_decoder.exe
List of supported games:
  • Carbon
  • Most Wanted
  • Underground 2
Download: Download

Undercover Cheat Codes

Offficial EA Cheat Codes

CodeDescription
S1D3K1CK $15,000 in-game currency by T-Mobile
NeedForSpeedShelbyTerlingua Gives you access to the Bonus Shelby Terlingua

Unofficial NFSNation Cheat Codes

These are unofficial "compatible" cheat codes that were generated by NFSNation using a bit of mathematical analysis. They were not released by EA and are unique to NFSNation. We're presuming that the official EA version of these codes would be longer and more readable :).

There's more cheats available but we had a hard time finding compatible codes for them... so you'd have to wait till the official codes come out.

Enter either Code 1 or Code 2 (you pick!) exactly as shown in Options -> Secret Codes

Code 1Code 2Description
$EDSOC%%$3/"$10,000 in-game currency
-KJ3=E.+)3>$NeedforSpeed.com Lotus Elise Bonus car
0;5M2;0;6,2;Die-Cast Lexus IS F Bonus Car
?P:COL@/;#/+Die-Cast Nissan 240SX (S13) Bonus Car
!2ODBJ:>!3/$"):Die-Cast Volkwagen R32 Bonus Car
)B7@B=*!7A!=Die-Cast BMW M3 E92 Bonus Car
22<@/<&Die-Cast Mitsubishi Lancer EVOLUTION Bonus Car
>8P:I;>9/;(;Die-Cast Porsche 911 Turbo Bonus Car
"9:G3IF "9;&4)% Die-Cast Audi R8 Bonus Car
!K?MMF0 "*@--%0 Die-Cast Chevrolet Camaro Concept Bonus Car
!C6;C>E ""6<"?$ Die-Cast Dodge Viper SRT10 Bonus Car
yp}jwa "90=*6@ Die Cast Nissan GT-R (R35) Police Version Bonus Car
!7I3JMI !8(4*-( Die-Cast Lexus IS F (alternate color) Bonus Car

Verified to work on PC

Verified to work on PC + XBOX 360

Verified to work on PC + PS3

Verified to work on PC + XBOX 360 + PS3

Note: Code1 mostly contains the LETTER "O" except 0;5M2; and !K?MMF0 which have the NUMBER "0". Code2 contains the NUMBER "0" only.

For more info about NFS go to NFS-PLANET

Read More......
Bookmark and Share

Posted by MrMKWingzero at 4/01/2009 10:23:00 AM

Subscribe to: Posts (Atom)

MKwingzero Fans Visitor