Creating NTFS Alternate Data Streams is not complicated at all. You can use the “type” command to do that. To fork the file virus.exe into calc.exe you would use the command type virus.exe > calc.exe:virus:exe if they are in the same directory. Add the path if they are not. The size of the calculator does not change, the only indicator is that the file changed stamp is altered.

But executing those files must be harder, right ? Wrong again. To execute virus.exe you use the command “start”, in our example it would be start calc.exe:virus:exe.

A software like Stream Explorer can find those NTFS Alternate Data Streams on your hard drive. An alternative is List Alternate Data Streams

Related posts

• Stream Explorer (0)
• Introduction to new phishing techniques (0)
• Hide Information in Files (0)
• Windows XP exFAT File System Driver (21)
• Which Programs Should I Run To Scan A Computer For Malicious Software? (13)

Anti-Phishing toolbars and implementations in the major browsers are useful but can, as you will see, give the user a false sense of security. This can be attributed to the fact that databases that contain the information are not updated in real time. Someone has to report a phishing website before it will be added to the database, it would be more than difficulty to create a automatic solution for this problem.

A second difficulty are new techniques used by hackers that are not detected by ant-phishing toolbars and implementations.

Flash Phishing

Anti-Phishing toolbars do check the page content for signs of phishing but do not analyze flash objects at all. Hackers know this and tend to use this to their advantage by using flash to emulate the original website. Users tend to believe that the site is “clean” because their anti-phishing toolbar did not react to it.

It is however relatively easy to find out if the current website is fake.

1. You need to take a look at the url in the address bar. If it is not the original address leave it immediately.
2. Check if it is using https instead of http. If it is using http leave the site immediately.
3. If it is using https check the certificate.
4. If the site is only using flash leave it.
5. Never follow links in emails (unless you know the person)
6. Never follow links in chats (unless you know the person)

You should immediately contact the supposed owner of the website and ask for advice.

Social Phishing

Phishers use other means of getting sensitive data from users. We all know that we should contact the company if we have doubts about a website. What if you would receive a mail from your bank asking you to call them back because there was a security breach ? Would you call them back ?

What if the number was redirecting you to someone in China speaking fluent English ? Would you give him the information he would be asking for to verify´that you are the customer ? Sir, we need to make sure that you are indeed our customer. Could you please supply your credit card information so that I can verify your identity ?

This is not a huge market yet but it will grow over time.

Related posts

• NTFS Alternate Data Streams (3)
• Help the fight against phishing with Phishtank (1)
• Web of Trust: collaborative online security (7)
• Weak Passwords (12)
• User Data Stolen from The Pirate Bay (0)

After explaining various netstat -commands ports are explained which might help you identify suspicious connections to your computer. It is a good idea to know the standard basic ports like 80 for a http connection and 21 for a ftp connection. This does not mean that every connection on port 80 for instance is harmless but it is a good indicator to leave those ports alone for the beginning and concentrate on more “suspicious ports first. Ok, so we know about netstat and ports, next in the line is tracert which lets you trace a connection to its beginning. If the hacker is not using a proxy to mask his real ip you find out about his internet service provider this way.

After that reverse dns querries and dns are explained. The last chapter lists common ports that are often used by trojans and the like. All in all a very good article for everyone who wants to know more about his computer. This is of course aimed at beginners and a good starting point for them. Its easy to use google for further information.

Related posts

• how to trace a hacker (14)
• Yahoo marks dangerous search results (4)
• Wordpress Remote Admin Password Reset Vulnerability (13)
• Wireless Hotspot Hacks (1)
• Windows Worms Door Cleaner (2)

It explains the netstat command which shows all connections to your computer and how to interpretate them. After that the tracert command is explained which traces a connection. Finally it gives information on dns, how to lookup a ip and get the host of the connection.

It´s a useful tutorial that everyone who does not understand this concepts should read. It does not explain proxies which most hackers nowadays use. A tracert would lead to the proxy but not to the hacker himself.

Related posts

• Tracing a Hacker (0)
• How to build a data safe (5)
• Home Pc Firewall Guide (0)
• 20 Minute Guide to Pc Security (0)
• Zombie City Tactics (0)