Philosophically Secure

Eugene Kogan’s blog on all things relevant, especially information security

Archive for March, 2008

Malicious CHM file targets PGP

March 27th, 2008 | Category: hacking, reversing, security

Let’s not forget that CHM files can be dangerous. They can contain embedded executables that get launched automatically when you open them. This post on SANS ISC details a particular malicious CHM file that was sent out via email. After some investigation, it was determined that the program it ran specifically targeted PGP keyrings.

The code searched for these files (.pkr and .skr) and copied them off to the attacker’s system. To really make use of a PGP keyring, you need the passphrase. Well, this is why the malware came bundled with a keylogger, just in case you happened to be using PGP while it was running. The ISC post also notes that it collected .doc files, which could be an attempt to harvest documents that users created to help them keep track of their passphrases.

I’m not sure if I see enough evidence to agree with the conclusion that the attacker was simply trying to map relationships between PGP users, but I guess that is a possibility. Do recent versions of PGP even use these same keyring files?

No comments

G-Archiver is evil

March 12th, 2008 | Category: google, reversing, security

This is a great lesson in why not to blindly trust random software that you find on the Internet. G-Archiver, a program created to help users locally save their Gmail messages, has a piece of code in it that sends your Gmail login and password to the author. You can see a scary screen shot of his inbox, since the guy had his own Gmail credentials hard coded right into the program, which was obviously discovered.

The details are at SANS ISC (source code) and Coding Horror (screen shot).

No comments

Hackers for Charity: AOET.org project

March 05th, 2008 | Category: hacking

I’m happy to say that the new AOET.org website and blog is up and running. I was able to help out only a little bit on this project, but I hope to do much more on future Hackers for Charity initiatives. This is especially true since my PHP and MySQL skills have been improving much over the past couple of months.

AOET is an independent, indigenous non-governmental organization with the prime mandate of providing an education — formal and/or vocational — to desperately poor, neglected and forgotten orphans whose parents have died of AIDS.

I would encourage anyone reading this blog to get involved with Hackers for Charity, even if it’s just making a donation.

No comments