‎pcAnywhere Exploit- More Than 200,000 Windows PCs Can Be Hijacked

‎pcAnywhere Exploit More Than 200,000 Windows PCs Can Be Hijacked 

According to a researcher hackers have made pcAnywhere hackers exploiting bugs in the Symantec software which can hijack as many as 200,000 systems connected to the Internet. Also Rapid7 developer of Metasploit confirmed that an estimated 150,000-to-200,000 PCs are running an as-yet-unpatched copy of the Symantec software, and are thus vulnerable to be hijacked by remote attacks, which could commandeer the machine's keyboard and mouse, and view what's on the screen.This bug has been found just after Symantec took the unprecedented step of telling pcAnywhere users to disable or uninstall the program because attackers had obtained the remote access software's source code. According to an exclusive report of Computer World- 

Credit Card Data at Risk:-
About 2.5% of those vulnerable Windows PCs, or between 3,450 and 5,000 systems, are running a point-of-sale system - Windows PCs are often paired with cash registers by small businesses - potentially putting credit card data at risk, said HD Moore, chief security officer at Rapid7.
Moore reached those conclusions by scanning the internet for the TCP port the software leaves open for incoming commands, running more targeted scans for evidence of the remote access software, then using the number of programs that identify themselves as older than the patched editions to estimate the extent of the problem.
Some of the computers returned queries with replies consistent with specific point-of-sale software, Moore said. Point-of-sale software often relies on pcAnywhere for remote support, not for transmitting credit card data, but by exploiting pcAnywhere, a cybercriminal could control the machine and easily harvest the information. "These point-of-sale systems are an attractive target for break-in," said Moore.

Exploitable Bugs:-
DoS attacks can sometimes be leveraged to execute remote code. The source code leak also ups the risk to pcAnywhere users, Moore maintained, even though Symantec has patched some flaws. With the source code at their disposal and the software's problems highlighted in the media, researchers on both sides of the law will spend time looking for vulnerabilities, he said. And some of that research may result in new, exploitable bugs.
An anonymous researcher has already published findings from his examination of the pcAnywhere source code. Although his description on the InfoSec Institute website did not claim any new vulnerabilities, he noted that the source code also revealed the workings of LiveUpdate, the Symantec service used to update much of its software, including its consumer antivirus programs, such as Norton Antivirus. "We now know how their LiveUpdate system works thanks to the included architecture plans and full source code," said the researcher. Symantec did not immediately reply to a request for comment on Moore's research or Norman's DoS proof-of-concept.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">‎pcAnywhere Exploit- More Than 200,000 Windows PCs Can Be Hijacked"https://www.voiceofgreyhat.com/2012/02/pcanywhere-exploit-more-than-200000.html</a>

Symantec Released pcAnywhere Security Recommendations After Security Breach

After Security Breach Symantec Released pcAnywhere Security Recommendations

Few days ago Norton has confirmed that their Network was breached in 2006 and in that attack hackers have stolen the source code of Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack & pcAnywhere.

Now the company has published a white paperPDF in which it warns against using the remote PC control software at all, since malicious parties could use the source code to identify and exploit security vulnerabilities to compromise PCs that use the program. In addition, an attacker with cryptography knowledge could conduct man-in-the-middle attacks on encrypted connections and create unauthorized connections to remote machines, thereby potentially gaining access to whole networks.
Symantec plans to eradicate the known vulnerabilities in pcAnywhere step by step. A patch was released earlier this week, but it doesn't fix the problem described above. Those who absolutely need the product should make sure to always have the latest updates and follow the security recommendationsPDF in the white paper.

-Source (Symantec, The-H)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Symantec Released pcAnywhere Security Recommendations After Security Breach"https://www.voiceofgreyhat.com/2012/01/symantec-released-pcanywhere-security.html</a>

Symantec Network Was Breached On 2006 & At That Attack The Code Was Stolen

Few days ago a hacker group named The Lords of Dharmaraja has managed to steal the source code of Norton anti-virus. Symantec, the anti-virus maker, has confirmed that hackers have stolen a “segment” of its flagship product. They have also said that some of its code had been lifted from the server of a third party. But after investigation the security firm has found that its network had indeed been compromised. Symantec spokesman Cris Paden said on Tuesday that unknown hackers breached its network back in 2006 and obtained the source code to Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere. 
The only real threat at this time resides with customers using pcAnywhere, Symantec's software that facilitates remote access of PCs. "Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information," the company reports.
Symatec admitted that it previously offered up the source code of its products in compliance with the Indian government so that officials could make sure the software didn't contain spyware or other malicious programs. Save for the firm's current caution with pcAnywhere as revealed on Tuesday, Symantec wasn't too worried about a possible code leak given the stolen software is six years old.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Symantec Network Was Breached On 2006 & At That Attack The Code Was Stolen"https://www.voiceofgreyhat.com/2012/01/symantec-network-was-breached-on-2006.html</a>

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Earlier we haev discussed many times about one of the most famous and widely used exploitation framework named Metasploit. Yet again the Rapid 7 released another updated version of Metasploit. This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. 

Brief About Metasploit:- 

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.

Module Changes:-

•     Novell eDirectory eMBox Unauthenticated File Access

•     JBoss Seam 2 Remote Command Execution

•     NAT-PMP Port Mapper

•     TFTP File Transfer Utility

•     VMWare Power Off Virtual Machine

•     VMWare Power On Virtual Machine

•     VMWare Tag Virtual Machine

•     VMWare Terminate ESX Login Sessions

•     John the Ripper AIX Password Cracker

•     7-Technologies IGSS 9 IGSSdataServer.exe DoS

•     Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion

•     DNS and DNSSEC fuzzer

•     CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure

•     CorpWatch Company ID Information Search

•     CorpWatch Company Name Information Search

•     General Electric D20 Password Recovery

•     NAT-PMP External Address Scanner

•     Shodan Search

•     H.323 Version Scanner

•     Drupal Views Module Users Enumeration

•     Ektron CMS400.NET Default Password Scanner

•     Generic HTTP Directory Traversal Utility

•     Microsoft IIS HTTP Internal IP Disclosure

•     Outlook Web App (OWA) Brute Force Utility

•     Squiz Matrix User Enumeration Scanner

•     Sybase Easerver 6.3 Directory Traversal

•     Yaws Web Server Directory Traversal

•     OKI Printer Default Login Credential Scanner

•     MSSQL Schema Dump

•     MYSQL Schema Dump

•     NAT-PMP External Port Scanner

•     pcAnywhere TCP Service Discovery

•     pcAnywhere UDP Service Discovery

•     Postgres Schema Dump

•     SSH Public Key Acceptance Scanner

•     Telnet Service Encyption Key ID Overflow Detection

•     IpSwitch WhatsUp Gold TFTP Directory Traversal

•     VMWare ESX/ESXi Fingerprint Scanner

•     VMWare Authentication Daemon Login Scanner

•     VMWare Authentication Daemon Version Scanner

•     VMWare Enumerate Permissions

•     VMWare Enumerate Active Sessions

•     VMWare Enumerate User Accounts

•     VMWare Enumerate Virtual Machines

•     VMWare Enumerate Host Details

•     VMWare Web Login Scanner

•     VMWare Screenshot Stealer

•     Capture: HTTP JavaScript Keylogger

•     Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION

•     Asterisk Manager Login Utility

•     FreeBSD Telnet Service Encryption Key ID Buffer Overflow

•     Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow

•     Java Applet Rhino Script Engine Remote Code Execution

•     Family Connections less.php Remote Command Execution

•     Gitorious Arbitrary Command Execution

•     Horde 3.3.12 Backdoor Arbitrary PHP Code Execution

•     OP5 license.php Remote Command Execution

•     OP5 welcome Remote Command Execution

•     Plone and Zope XMLTools Remote Command Execution

•     PmWiki <= 2.2.34 pagelist.php Remote PHP Code Injection Exploit

•     Support Incident Tracker <= 3.65 Remote Command Execution

•     Splunk Search Remote Code Execution

•     Traq admincp/common.php Remote Code Execution

•     vBSEO <= 3.6.0 proc_deutf() Remote PHP Code Injection

•     Mozilla Firefox 3.6.16 mChannel Use-After-Free

•     CTEK SkyRouter 4200 and 4300 Command Execution

•     Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow

•     Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute

•     HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution

•     Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control

•     Java MixerSequencer Object GM_Song Structure Handling Vulnerability

•     MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution

•     MS12-004 midiOutPlayNextPolyEvent Heap Overflow

•     Viscom Software Movie Player Pro SDK ActiveX 6.8

•     Adobe Reader U3D Memory Corruption Vulnerability

•     Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow

•     BS.Player 2.57 Buffer Overflow

•     CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow

•     Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow

•     McAfee SaaS MyCioScan ShowReport Remote Command Execution

•     Mini-Stream RM-MP3 Converter v3.1.2.1 PLS File Stack Buffer Overflow

•     MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow

•     Ability Server 2.34 STOR Command Stack Buffer Overflow

•     AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow

•     Serv-U FTP Server < 4.2 Buffer Overflow

•     HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow

•     XAMPP WebDAV PHP Upload

•     Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow

•     Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow

•     HP Diagnostics Server magentservice.exe Overflow

•     StreamDown 6.8.0 Buffer Overflow

•     Wireshark console.lua Pre-Loading Script Execution

•     Oracle Job Scheduler Named Pipe Command Execution

•     SCADA 3S CoDeSys CmpWebServer <= v3.4 SP4 Patch 2 Stack Buffer Overflow

•     Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57

•     OpenTFTP SP 1.4 Error Packet Overflow

•     AIX Gather Dump Password Hashes

•     Linux Gather Saved mount.cifs/mount.smbfs Credentials

•     Multi Gather VirtualBox VM Enumeration

•     UNIX Gather .fetchmailrc Credentials

•     Multi Gather VMWare VM Identification

•     UNIX Gather .netrc Credentials

•     Multi Gather Mozilla Thunderbird Signon Credential Collection

•     Multiple Linux / Unix Post Sudo Upgrade Shell

•     Windows Escalate SMB Icon LNK dropper

•     Windows Escalate Get System via Administrator

•     Windows Gather RazorSQL Credentials

•     Windows Gather File and Registry Artifacts Enumeration

•     Windows Gather Enumerate Computers

•     Post Windows Gather Forensics Duqu Registry Check

•     Windows Gather Privileges Enumeration

•     Windows Manage Download and/or Execute

•     Windows Manage Create Shadow Copy

•     Windows Manage List Shadow Copies

•     Windows Manage Mount Shadow Copy

•     Windows Manage Set Shadow Copy Storage Space

•     Windows Manage Get Shadow Copy Storage Info

•     Windows Recon Computer Browser Discovery

•     Windows Recon Resolve Hostname

•     Windows Gather Wireless BSS Info

•     Windows Gather Wireless Current Connection Info

•     Windows Disconnect Wireless Connection

•     Windows Gather Wireless Profile

For additional information click Here. To Download Metasploit version 4.2.0 for windows & Linux click Here.

 -Source (rapid7)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage"https://www.voiceofgreyhat.com/2012/02/metasploit-420-released-with-ipv6.html</a>

Anonymous Defaced New York Ironworks Website & Leaked Source Code of Norton

Anonymous Defaced New York Ironworks Website & Leaked Source Code of Norton

The Federal Authorities still unable to dominate the spirit of Anonymous. After a series of arrest by FBI, Interpol, Scotland Yard still the hacktivist are on the high node. As a result New York Ironworks, a supplier of police equipment and tactical gear based in New York City became the victim of cyber attack. Where a hacker collective group named #Antisec (Part of Anonymous) has hacked and defaced the index page of Ironworks with a rambling message from AntiSec. The message expressed support for those who were arrested and anger at fellow hacker "Sabu" whose cooperation with the FBI contributed to this week's arrests. It included a brief diatribe against the FBI, a promise of more hacks Friday.

Meanwhile, Anonymous members also released source code to Symantec's Norton Antivirus 2006 software in apparent tribute to those who were arrested this week. A 1.07GB file that is apparently the source code was published on Pastebin as well as Pirate Bay on Thursday. The release of the code was not unexpected. Last month, hackers named Lords of Dharmaraja affiliated with Anonymous had released source code to Symantec's pcAnywhere after a botched sting operation. That time too, the hackers published the code on The Pirate Bay website. Symantec also confirmed the security breach

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Anonymous Defaced New York Ironworks Website & Leaked Source Code of Norton"https://www.voiceofgreyhat.com/2012/03/anonymous-defaced-new-york-ironworks.html</a>