TDL-4 Botnet Trojan

Nowadays, the most popular topic is security. After anonymus hackers now researchers and anti-virus developers examining these issues. So, what is tdl-4 botnet trojan

TDL-4 detects and disables other malware to hide itself

Over the last year, there have been a number of high profile takedowns of botnets. These takedowns lead to a significant reduction in the amount of spam that computer users see in their inbox.

Security researchers are talking about a new botnet called TDL-4 and they say that it is virtually indestructible. The designers of the botnet used some ingenious methods to ensure that their net isn’t as easy to take offline as previous botnets.

Security researcher Sergey Golovanod from Kapersky Labs said in a report on the TDL-4 botnet, “[TDL-4 is] the most sophisticated threat today.” Joe Stewart is a malware researcher at Dell SecureWorks, he said, “I wouldn’t say it’s [TDL-4] perfectly indestructible, but it is pretty much indestructible. It does a very good job of maintaining itself.”

There are several factors that work together to make TDL-4 so robust. One of the factors is that the malware infects the master boot record of the computers HDD it resides on. This is the first sector of the hard drive read when a computer starts and the malware rootkit is installed there. That makes the rootkit invisible to security software and the OS.

The thing that makes the botnet even more robust is the method that it uses to communicate with infected computers from the command and control servers. The TDL-4 botnet uses a public peer-to-peer network called the Kad P2P network for one of the two channels it uses to communicate between infected machines and the C&C servers.

Kapersky researcher Roek Schouwenberg wrote in an email to Computerworld, “The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet. The TDL guys are doing their utmost not to become the next gang to lose their botnet.”

The hackers behind the botnet also use their own encryption algorithm and use the domain names of the C&C servers as the encryption keys. The use of a public network is the key to the robust botnet and helps ensure the TDL-4 network remains online.

Schouwenberg said, “Any attempt to take down the regular C&Cs can effectively be circumvented by the TDL group by updating the list of C&Cs through the P2P network. The fact that TDL has two separate channels for communications will make any take-down very, very tough.”

So far, the TDL-4 botnet is very effective with an estimated 4.5 million Windows computers currently infected. Stewart said, “The 4.5 million is not surprising at all. It [TDL-4] might not have as high an infection rate as other botnets, but its longevity means that as long as they can keep infecting computers and the discovery rate is small, they’ll keep growing it.”

Another key to the longevity of the TDL-4 malware is the fact that it finds and disables other malware on the computer. This is done because the less likely the user is to know of any infection on their computer, the less likely they are to investigate further and potentially discover the TDL-4 malware on the machine.

Golovanov said, “TDL-4 doesn’t delete itself following installation of other malware. At any time [it] can … delete malware it has downloaded.”

Source

Dynamic Object Mapping in GWT

Hello Developers;

To make dynamic object mapping in GWT the best utility is dozer. It works perfectly.  In this post, I will show how to do that.

I have a web service and it returns array of object. Service proxy side and return object is already generated. But its not reachable from client side. To reach this array of object, you must use and GWT RPC service.

import org.dozer.DozerBeanMapper;
import org.dozer.Mapper;

@Override
public ArrayList getGPSObjectList() {

ArrayListmGpsObjectList = new ArrayList();
MGpsObjectClient retObject = null;

try {
GPSServiceService service = new GPSServiceService_Impl();
GPSService port = service.getGPSServicePort();
((Stub)port)._setProperty(javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY, webServiceURL);
MGpsObject[] gpsObjectCollection = port.getGpsObjectList(Long.parseLong(parameterFirst), Long.parseLong(parameterSecond));

for (MGpsObject o : gpsObjectCollection){
Mapper objectMapper = new DozerBeanMapper();
retObject = objectMapper.map(o, MGpsObjectClient.class);
mGpsObjectList.add(retObject);
}

} catch (Exception e) {
System.err.println(e.getMessage());
}

return mGpsObjectList;
}

In code above, MGpsObjectClient is the same as MGpsObject. The main difference is MGpsObjectClient can be manipulate by GWT. Its seriazible and located on client side.

I hope, It helps

Google Web Toolkit

Articles all about gwt  coming soon. 

A kind of penalty in Winter when i was soldier. :)

Reverse Geocoding via Google maps api

In this post, i try to describe how to do reverse geocoding and to get latitude, longitude values from address via google maps api.

How can i get Machine Id from Windows CE Device ?

In this post , I will explain how to get machine id in windows CE devices. To do that, we pass over to windows library that is coredll. The code below explains how to do that. Enjoy it !

using System;
using System.Linq;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;

namespace DeviceSecurity
{
    public class DeviceSecurityTool
    {
        private static Int32 FILE_DEVICE_HAL = 0x00000101;
        private static Int32 FILE_ANY_ACCESS = 0x0;
        private static Int32 METHOD_BUFFERED = 0x0;
        private static Int32 IOCTL_HAL_GET_DEVICEID = ((FILE_DEVICE_HAL) << 16) | ((FILE_ANY_ACCESS) << 14) | ((21) << 2) | (METHOD_BUFFERED);

        [DllImport("coredll.dll")]
        private static extern bool KernelIoControl(
            Int32 IoControlCode,
            IntPtr InputBuffer,
            Int32 InputBufferSize,
            byte[] OutputBuffer,
            Int32 OutputBufferSize,
            ref Int32 BytesReturned);

        public extern IntPtr FindWindow(string ClassName, string WindowName);

        ///
        ///
        ///
        ///
        public  string GetHardwareKey()
        {
            try
            {
                byte[] OutputBuffer = new byte[256];
                Int32 OutputBufferSize, BytesReturned;
                OutputBufferSize = OutputBuffer.Length;
                BytesReturned = 0;

                bool retVal = KernelIoControl(IOCTL_HAL_GET_DEVICEID, IntPtr.Zero, 0, OutputBuffer, OutputBufferSize, ref BytesReturned);

                // If the request failed, exit the method now
                if (retVal == false)
                {
                    return null;
                }

                Int32 PresetIDOffset = BitConverter.ToInt32(OutputBuffer, 4);
                Int32 PlatformIDOffset = BitConverter.ToInt32(OutputBuffer, 0xc);
                Int32 PlatformIDSize = BitConverter.ToInt32(OutputBuffer, 0x10);

                StringBuilder sb = new StringBuilder();
                sb.Append(String.Format("{0:X8}-{1:X4}-{2:X4}-{3:X4}-",
                     BitConverter.ToInt32(OutputBuffer, PresetIDOffset),
                     BitConverter.ToInt16(OutputBuffer, PresetIDOffset + 4),
                     BitConverter.ToInt16(OutputBuffer, PresetIDOffset + 6),
                     BitConverter.ToInt16(OutputBuffer, PresetIDOffset + 8)));

                for (int i = PlatformIDOffset; i < PlatformIDOffset + PlatformIDSize; i++)
                {
                    sb.Append(String.Format("{0:X2}", OutputBuffer[i]));
                }

                return sb.ToString();
            }
            catch
            {
                return "";
            }
        }
    }
}

Windows CE Emulator Download

Windows CE Emulator

http://www.microsoft.com/downloads/details.aspx?FamilyID=A120E012-CA31-4BE9-A3BF-B9BF4F64CE72&displaylang=en