Skip to main content

Gmail Hacking Apps...??? Beware.....


During the last few months we’ve seen quite a lot of do-it-yourself hacking tools such as the Twitter Botnet Creator or the nifty iStealer password collector. Today’s specialty is an alleged Gmail application designed to “hack other users’ accounts” – an offer too good to refuse, especially if you’re a jealous lover or a control freak.
Gmail Hacker Builder
The application we’re going to dissect is a .NET executable (Visual Basic .NET) which seems to be strikingly similar to the previously mentioned pieces of malware. A closer look at the code reveals that all three creations share the same origin, namely the leaked source code of iStealer. Other similarities include the presence of a bootstrap utility and a stub file that actually contains the payload.
As users pop the utility open, they are prompted to enter their e-mail address and the associated password, which will be used by the application to send them the victims’ passwords. Once the process is complete, a click on the Build button creates an executable file that needs to be distributed to the victim. This custom binary is in fact the stub.exe file with the entered credentials saved in the new file’s overlay.
The Gmail Hacker Builder application
Gmail Hacker Tool error - Google Mail Phishing
Google Custom Hacking Tool

The custom “hacking tool”
The custom Gmail creator is nothing but a phishing tool designed to lure users who’d like to find out their friends’ Gmail passwords into actually disclosing theirs. When run, the application will send the data entered in the outlined fields to the address specified in the Gmail Hacker Builder application. Since it can’t actually hack anything, the application will crash with an ambiguous error:
This kind of pre-created “hacking tools” are blindly thrown on file-sharing hubs and torrent portals in the hope that some unwary victims will actually pick them and try to use them against their friends. These tools are even advertised through how-to hack movies posted on popular video sharing services, along with download links to the bombed binary.
In order to stay safe, don’t forget the following ground rules:
  • Never accept and run so-called hacking tools via IM; the friend who’s sending them might set you up with a nice decoy.
  • Never download this kind of tools; they are useless and pose a huge security risk to your system. E-mail or IM service providers never save users’ passwords in plain text, but rely on various hashing algorithms (with or without “salting”) to ensure that the authentication is done one-way (no one can find out the password, even if they get the hash). Bottom line: these tools will NEVER work as advertised, but will surely snatch your account username and password, along with other damage they may inflict.
  • Never stop your antivirus if it prevents you from accessing a file. If you have any doubt about the alert being a false positive, submit it via the application’s support request system. It will be carefully inspected to see whether it is legit or not. Putting your shield to sleep may get your privacy blown.

Comments

Popular posts from this blog

CIA Triad for- Base of Information security

The essential security principles of confidentiality, integrity, and availability are often  referred to as the  CIA Triad. All security controls must address these principles. These three  security principles serve as common threads throughout the CISSP CBK. Each domain  addresses these principles in unique ways, so it is important to understand them both in  general terms and within each specific domain: Confidentiality is the principle that objects are not disclosed to unauthorized subjects. Integrity is the principle that objects retain their veracity and are intentionally modified by  authorized subjects only. Availability is the principle that authorized subjects are granted timely access to objects  with sufficient bandwidth to perform the desired interaction. Different security mechanisms address these three principles in different ways and offer varying  degrees of support or application of these principl...

List of Company Slogans

·          3M : "Innovation" ·          Agere Systems : "How Communication Happens" ·          Agilent : "Dreams Made Real" ·          Airbus : "Setting the Standards" ·          Amazon.com : "…and You're Done" ·          AMX : "It's Your World. Take Control" ·          Anritsu : "Discover What's Possible ·          AT&T : "Your World. Delivered" ·          ATG Design Services : "Circuit Design for the RF Impaired" ·          ATI Technologies : "Get In the Game" ·          BAE Systems : "Innovatin...

My Article :- હેકર બનવું છે? કઈ રીતે?

મારી ૨ વર્ષ ની કારકિર્દી માં મને કેટલાય  લોકોએ, ખાસ કરીને કોલેજ ના વિદ્યાર્થીઓએ ઘણી વાર પૂછ્યું છે કે "મારે હેકર બનવું છે. તો હું શું કરું? " અને મારા બ્લોગ્સ માં પણ પૂછવામાં આવે છે કે એક સારો હેકર કઈ રીતે બની શકાય? એવું હું શું કરું અથવા તો મારા માં કઈ લાયકત હોવી જોઈએ એક હેકર બનવા માટે? આ પ્રશ્ન નો સંતોષકારક જવાબ આપવા માટે મેં internet પર શોધખોળ કર્યા પછી મને જે કઈ માહિતી મળી તેને હું આજે અહી રજુ કરું છું. મિત્રો, સૌપ્રથમ હેકર કઈ રીતે બનવું એ જાણવા પહેલા એ જાણવું જરૂરી છે કે ખરેખર હેકિંગ શું છે ? અને હેકર કોને કહેવાય. હેકિંગ ની સીધી અને સરળ વ્યાખ્યા નીચે મુજબ છે.  "તમારા કમ્પ્યુટર,નેટવર્ક(ઈન્ટરનેટ કે LAN દ્વારા) કે કોઈ ડીવાઈસ માં (ફોન, ટેબ્લેટ) માં કરવામાં આવતા ગેરકાયદેસર પ્રવેશ અને ઉપયોગ એ હેકિંગ કહેવાય છે."અને હેકિંગ કરતા લોકોને હેકર કહેવાય છે. હવે તમને થશે કે આવું શું કામ કરવું જોઈએ? આ તો ક્રાઈમ છે. તો તમને જણાવી દઉં કે હેકર મુખ્યત્વે ૨ પ્રકારના હોય છે.    વાઈટ હેટ હેકર્સ (એથીકલ હેકર્સ) : ધારો કે તમે તમારો ફેસબુક નો પાસવર્ડ ભૂલી ગયા(ખરેખર ના ભૂલતા ક્યારેય..)કે ત...