The Fall

Good day. I am not sure how many people will be reading this, or who even cares. Truth is, this website/community has been pretty much inactive for at least a year now.

The decline in the amount of phishing websites has played its part, as we would try to let you know about as many phishing sites as we could. I have not seen nor heard of one such website in the last six months.

Therefore I have decided to retire the website for now, and make anti-hackers.co.uk officially inactive, until I can decide what to do with it. The Steam Community group still remains the centre of attention in the community, and is where most of the fun happens. I shall keep this website online of course, as there is still a fair amount of useful security tips and information on here, for people to read.

I will – of course – continue to post articles. The only difference is that it will be on my own personal blog, and not here.

Thanks anyway,

Lewis (Delta_301)

Posted in Off Topic | Leave a comment

Vulnerability in Microsoft Word

Today’s issue is with Microsoft Word being used as a email attachment previewer.

Read the issue in the quotes:

[quote]
Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Applying the Microsoft Fix it solution, “Disable opening RTF content in Microsoft Word,” prevents the exploitation of this issue through Microsoft Word. See the Suggested Actions section of this advisory for more information.

The vulnerability is a remote code execution vulnerability. The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code. The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer. Note that by default, Microsoft Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013.

On completion of investigation for this vulnerability, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to offer information that they can use to provide additional protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections.

Microsoft continues to encourage customers to follow the guidance in the Microsoft Safety & Security Center of enabling a firewall, applying all software updates, and installing antimalware software.

Mitigating Factors:

An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
In a web-based attack scenario, an attacker could host a website that contains a webpage that contains a specially crafted RTF file that is used to attempt to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.[/quote]

Technically that would allow attackers get onto your machine and take control of it through an exploit caused by Microsoft Word. If you’re using Microsoft’s program as an email attachment previewer, we recommend that you suspend the use of it, until the issue gets fixed. In the mean time you can use Outlook’s own website.
[url=http://technet.microsoft.com/en-us/security/advisory/2953095]Link here.[/url]

Thanks for att,
[b]KernCore[/b]

Posted in Important Articles, Other Hacks/scams | Leave a comment

New – http://steamgifts4free.hyperphp.com/

Name in Browser: Free Steam Gifts
URL: http://steamgifts4free.hyperphp.com/
Aliases: N/A

Okay. So. On an informal note I almost burst out laughing seeing this site and how unconvincing it looks with the many issues that can be spotted with this.
It’s spread through the very same old trick that has existed a little bit after the dawn of phishing scams on Steam, after the VAC trick – “FREE GAMES IN THIS TOTALLY-NOT-BOGUS LINK! WE PROMISE!”

This website uses a different layout from the others, the only similarities being the background colour and the toolbar at the top. Should one turn their attention to the heel of the website, they will see this: “© 2012 – Free Steam Gifts. All rights reserved.” Above the Valve logo – talk about breach of copyright! The players-online and players-in-game counters are also inaccurate, as they (as far as I can see) don’t exist anymore. In addition, there are three hyperlinks at the very tip of the website: Steam groups, YouTube and Twitter, which shouldn’t be there.

Should one proceed to click a game on the list, they will be taken to a login screen which is the same old story (Username, password, and email “adress”). To this day, I still wonder when they added “adress” to the English Dictionary.

Stay safe,
Jakeman

Credit to Kronos for this report.

Posted in Phishing Websites | Leave a comment

Three new sites (1 unconfirmed.)

Site 1: http://getfreesteamgames.net/index.php?id=78549 
Name in Browser: Free Steam Games
URL: http://getfreesteamgames.net/
Aliases: N/A

Description: This phishing (possibly) website appears to use a “points” system in which the user gives this link to their Steam friends. Should that friend then proceed to click on the link, this will add a point. On first glance, it doesn’t appear to hold a threat. But since this website logs IP addresses, the owner of the website, provided they have malicious intentions could hack the user’s computer.

This site is unconfirmed, so if I have made an error and this website is completely harmless, please let me know.

Site 2: http://zalil.ru/34132204 
Name in Browser: Хранение файла, бесплатно закачать и скачать, файлообменник (I’m not even going to try to pronounce that.)
URL: http://zalil.ru/
Aliases: N/A

Ok. So what this does is initiate a download. Using Google Translate (With it’s 60.3% accuracy rate.) gave me the name for this download: Besplatnye_akkaunty_steam.exe
Besplatnye_akkaunty_steam.exe is probably a cracked version of Steam. Now, what are cracked exes likely to hold? Viruses. This “virus” is probably not a virus at all. More like spyware/keyloggers. Probably a badly-coded one that runs around in circles around my drive like a little child if I downloaded this.

Well. They tried. Horribly.

Site 3: http://mrjevvazquez.wix.com/1keyadayandsave?_escaped_fragment_=#!home|mainPage 
Name In Browser: 1keyadayandsave | Wix.com
URL: www.wix.com
Aliases: N/A

Hmph. A phishing site based around TF2. What are the odds?
Ok. So. At first glance, this looks convincing. It looks like “Hey, these guys are trying to help us out.” Right? WRONG. If you continue to analyse the page a bit more, it asks you for your account name, email and email password. Now, they’ve done an error in the fact that if one keeps scrolling down the page, there is no Email/Acc. name/Email password prompt. If you turn your attention to the heel, the website ends abruptly there by the host, advertising a free site. Above it is images and posters of items that one can buy from the store. Save the earbuds.

This website logs your IP address though (They kindly clarify this in small text under the key image.), so if one does visit this page, be careful.

Credit goes to marccost3, R4D_GUY and d0k3r # FREEEPLE SHOT (The latter probably being the creator of the download site. His comment is about seizing accounts. Wow. Failure.) for reporting these sites.

Stay safe,
Jakeman.

Posted in Phishing Websites | 4 Comments

Merry Christmas Everyone!

Just took the time to wish you all a very happy Christmas! Whether you got a raspberry pi or a bottle of jack daniels (or both!), I’m hoping you’re pleased and having a good time! Have a safe new year, and don’t get drunk enough to give away your passwords!

Cheers, and Happy Christmas!
-Delta

Posted in Off Topic | Leave a comment

New – http://steamfreegames.ministerievaninternet.nl/

Name in Browser: Steam Community
URL: http://steamfreegames.ministerievaninternet.nl/
Aliases: N/A

Description: Another phishing link. Apparently these guys didn’t get the memo that TF2 is free now either, but we can’t expect much intelligence from these black-hats anyway.
Basically, the numbers are inconsistent and shift your eyes to the bottom of the page. No copyright date. Plus, “Email adress.” – is that even a word? There are so many flaws in this link that I can’t even start.

I swear I’ve seen this link before.

Stay safe,
Jakeman.

Credit goes to DarkWatcher for aiding in finding some flaws on this page. I’m not sure if anyone did report this link, but if someone did, I’ll be sure to add you.

Posted in Phishing Websites | Leave a comment

Skype security – a little exploit to beware of

In a blog post, it has been highlighted that Skype users can have their accounts stolen from them, if the person knows the email address they signed up to Skype with.

http://pixus-ru.blogspot.co.uk/2012/11/hack-any-skype-account-in-6-easy-steps.

It goes on to tell you a way in which you can secure your account. If you don’t understand or can’t follow the page for some reason, you basically change your email address associated with Skype to something that nobody knows. So if you want to make extra sure, then you should create a new email address for Skype or something.

Obviously, this tutorial is just for educational purposes. If you go and break into someone’s Skype account and get caught, then you’ll be looking at a looong time in prison. No word of a lie. Don’t do it.

I really hope they do something to fix this, it’s so easy once you see it. And everybody uses Skype these days, so it’s easy for a malicious hacker to target almost anybody he likes.

Cheers
-Delta

Posted in Important Articles, Other Hacks/scams | Leave a comment

New Site: http://free55games.ohost.de/steam/

In-Browser name: Steam Community
URL: http://free55games.ohost.de/steam/
Aliases: http://free55games.ohost.de/

This, like most of the other phishing sites, just immitates the login page of the steam community. Note that the Login is a combination of Accountname, E-Mail and Password aswell as a dropdown list for games. As the site Jakeman has announced this one doesn’t have a year on its copyright notice. It is also not really up to date with the actual steam community site as it is outdated.

Credit for this find goes to DarkWatcher20.

P.S.: As always, stay safe and alert for sites like these.

Cheers,
Trixity & Delta_301

Posted in Off Topic | Leave a comment

New – http://steamcustom.gegahost.net/

Name in Browser: Steam Community
URL: http://steamcustom.gegahost.net/
Aliases: N/A

Ahem. Your typical Steam phishing site. It appears to be either new or well-updated. Although I need to point out one thing: Turn your attention to the login panel. It doesn’t ask for your username and password and just your email address and password, and that’s somewhat nice because they can’t access my account and only manage to get a glimpse at my account name. It has no free-to-play-already games and a checkbox-style list. There is something wrong here, though. There are no numbers as there should be and there is no install steam hyperlink. Hmph.

Long story short: Your typical phishing website without an account name & password prompt and the checkbox-style phishing website of old. Other than that, there’s nothing really remarkable about it.

Stay safe,
Jakeman.

P.S. Look at the bottom of the page, at the copyright. There’s no date!
Credit goes to Darkwatcher for reporting this page.

Posted in Phishing Websites | Leave a comment

WordPress Users – Be Careful!

If you are a user of WordPress, you’re probably on the right track. It’s the best, most elegant and powerful Content Management System I’ve seen. That’s why I use it!

Recently I got an email sent to my junk folder, supposedly an automated email from a WP website, asking me to moderate a comment. Had I only had one email address, I may have actually clicked on it. But it was my personal email address, which I do not associate with Anti-Hackers.

It would be pretty easy for black hats to spoof the WordPress login page’s format, but have it send your details.. elsewhere. WordPress is Open Source and can be changed as much as you like.

So if you run a WordPress (or any CMS for that matter) powered website, just be careful, and think twice. If it’s in your junkmail folder then it’s probably junk.

Cheers
-Delta.

Posted in Off Topic | Tagged | 1 Comment