Batchography: Embedding an executable file in a Batch script

batchography-good-resIn this blog post, I am going to share with you a recipe from the Batchography book that illustrates and explains in details how to embed executable files in the Batch file script and execute them after they are dropped.

This technique does not rely on using a polyglot Batch file where its first part is actually a Batch script and the other part is a VBS or JScript script. If you want to learn more about how to write polyglot Batch scripts, please refer to Chapter 4 in the Batchography book.

flower separator

Get the book from Amazon: the print editionbtn-buy-on-amazonor the e-book editionbtn-buy-on-amazon

flower separator

Continue reading “Batchography: Embedding an executable file in a Batch script”

More about Yahoo Mail phishing

In a previous post, I explained about how Yahoo Mail accounts can be compromised by phishing.

In this blog post, I am going to be brief and just expose the phishing information and hosts used.

Step 1 – Looking at the email

mail-body

 

 

Lots of red flags here, just by looking at the email:

  1. The email sender’s apparent address is weird
  2. The email’s subject is also unusual
  3. The email’s body is also fishy and not true

Step 2 – Revealing the real sender

Click on the sender to reveal the actual email address:

real-sender

 

 

 

 

 

 

 

Now we can see that the real sender is “jcwod@aol.com”. It could be this is the real malicious user or not, but anyway.

When I search for this email on Facebook, I found this profile:

profile

Which in reality could be nothing.

Step 3 – Investigating the link in the email

In step one, the malicious email sender invited you to click on an address to fix the aforementioned “problem”.

Do not click, instead, hover the mouse over the link and look at your status bar. You will see something like this:

phishing-url-hidden

This is a shortened address. In this case, it is used to hide the malicious web address. Let us use the GetLinkInfo.com to reveal the real address:

link-resolved

The address is, obviously, not related to Yahoo! It is: “http://tuckertownforge.com/perfected01/index.html”.

I don’t advise you to go to that address, there could be a browser exploit or equally the phishing site.

The phishing site is supposed to look like Yahoo mail:
yahoo-phishing

DO NOT enter your user name and password on that FAKE SITE!


You may also like:

PayPal account phishing

Depositphotos.com/fabioberti.it
Depositphotos.com/fabioberti.it

In a previous article, How your Yahoo! Mail account can be hacked with phishing – A real life example, I mentioned how Yahoo email phishing can take place. Phishing can take place with any website especially where hackers have a chance to steal money.

I keep receiving PayPal.com phishing emails. The sender pretends to be from PayPal and asks me to take some action and click a link to remedy the situation: “Warning! Your PayPal account was limited!” Continue reading “PayPal account phishing”

How your Yahoo! Mail account can be hacked with phishing – A real life example explained

Introduction

In this article, I am going to illustrate a real life scenario where an attempt to hack my email account was carried by fooling me into giving my user name / password through a fake website that looks like Yahoo! Mail.

Such attacks, where the victim is lured into entering information in what looks like an innocent website, are called “phishing attacks”. Wikipedia defines “phishing” as the following:

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication

In the subsequent sections I will show you how the attack is carried, how you can inspect such emails by yourself and then conclude by giving you some safety guidelines. Continue reading “How your Yahoo! Mail account can be hacked with phishing – A real life example explained”