U0vd
Security twitter 2011-12-05
U0vd Security Public twitter is available on the net, follow our Public twitter here
http://twitter.com/U0vdSecurity
Any question about our Documents and Researches Please send it to Support team at Support@u0vd.org
Thanks, Support Team
Malcon 2011 2011-12-05
This is Malcon’s 2011 Document and Video Presentation
Find out here
Stuxnet 3.0 Video Presentation - Code Name: The Art of Peace.
http://www.youtube.com/watch?v=_UfrNMF-E5M
Document - Hiding Rootkits & possible Stuxnet 3.0 features!
www.u0vd.org/Docs/Malcon2011.pdf
Conference web: www.malcon.org
Malcon’s
2011 Materials 2011-11-28
Malcon’s 2011 Materials will be available soon at 2011-12-5
Thank you for all friends and also malcon’s team for their support.
Nima Bagheri , CEO of U0vd Security.
Malcon 2011
Conference 2011-11-21
We will be available in next Malcon Conference in Mumbai, India at 25, 26 November 2011
Title of Presentation:
Hiding Rootkits & possible Stuxnet 3.0 features! - Hide Your Rootkit’s Results from Anti Rootkits and Security Programs
Presenter:
Nima Bagheri, CEO & Security Researcher of U0vd Security
More about Malcon find out here www.malcon.org
Tip: this is a Technical Presentation.
Microsoft
Windows shmedia.dll Division By Zero & DOS Exploit 2011-10-26
Past year our team presented a research about antivirus security mechanism at Malcon Conference 2010.
In that research we demonstrated how attackers could exploit windows Explorer modules “shmedia.dll” and any other programs which is used that target DLL.
Watch our Demo here www.u0vd.org/avi.zip
A Security researcher “Rahul Sasi” released some Vulnerability codes based our research on the net.
Vulnerable Systems:
* Microsoft Windows Explorer.exe and any application which is used shmedia.dll on windows
* Windows Versions: 2k SP4, 2k3 SP2, XP SP2, SP3
The shmedia.dll module, serves as shell media extension for Windows, which provides statistics and thumbnails for media files. The dll has also got the ablity to acts as media file property extractor of the Windows shell(explorer.exe) to extract custom attribute information from audio, video, midi, and video thumbnail files including MPEG, MPE, MPG, ASF, ASX, AVI, and WMV.
Find out more about it here http://www.securiteam.com/exploits/5SP360040Q.html
Behrouz Kamalian CEO of Ashiyane.org Banned from Euro 2011-10-22
“Ashiyane” is a Computer Security Group which means “Our Home” founded by Behrouz Kamalian at 2001.This Group is ranked as Number 1 Hacking Groups via Zone-h.org system.
On 10 October 2011, the Foreign Affairs Council of the EU announced the latest measures in a statement contain 29 persons to the list of those targeted by an assets freeze and a visa Ban. Behrouz Kamalian is the only None-Political person in there.
This statement released by British Embassy in Iran here
In 2008 Behrouz had interview with Iranian News Network www.inn.ir about his Security Group and his Group’s connections with iran’s authorities released here
http://www.inn.ir/newsdetail.aspx?id=12795
He said “We tried to contact the Iranian authorities about this problem and gave them a hint. Spent a couple of phone, email sent,... But they did not take seriously.
In the final part of his interview, news reporter asked about his Banned Probability But in other hand He believed,
”Look, we knew all of it, we threatened, they made for us some problems but this is our responsibility to doing something for some people”.
Find out more about Ashiyane Corporation and Ashiyane Security Group
National
ESRA Banned Games in International Digital Media 2011-10-16
Iran’s ESRB (Entertainment Software Rating Board) which is
called “National Foundation for Computer Games” or “ESRA” released advisories
about some Computer Games in Tehran’s Digital Media 2011.
ESRA presents its latest achievements and introduces 13 games
and also for first time published some research about potential Threats in
computer games for Iranian citizens.
ESRA, game rating system is another section of this stall and
it familiarizes the families with the harms of using the games and also the
fact that how should use the games correctly.
Following Games were banned in Iran’s market Centers:
Released Games:
God of War 3 for “The myth of integration”
The Sims 3 for “too much focus on American Lifestyle” (ESRA
Believed Iran’s citizens must learned Iranian Lifestyle not the other countries
lifestyle)
Assassin's Creed: Brotherhood for “The fake end of time and
immortality, History manipulation”
Grand Theft Auto (series) for “Amoralism or Moral nihilism”
Unreleased Games:
Assassin's Creed: Revelations Banned because of History
manipulation
Battlefield 3 Banned because of Political issues
Find out more details and pictures about it here
www.u0vd.org/DigitalMediaFestival.htm
The Fifth International Digital Media Fair is held in Oct,
6th – 15th 2011 in Tehran, IRAN
Steve jobs
never dies 2011-10-06
He was a Great Father for all of us.
I confirmed him as person of the year in 2010 in my article here and of course he is the
person of our decade.
I hope see you some day in our Iranian Paradise you are
deserved http://en.wikipedia.org/wiki/Paradise
We Love you for Ever Steve,
Nima Bagheri, CEO of the u0vd Security
DigiNotar
Compromise Part One 2011-09-04
As you know DigiNotar’s Certificates hijacked by some hackers
so we tested some ICPs
(Internet Connection
Provider) for DigiNotar Compromise results.
Find out in our YouTube Channel
http://www.youtube.com/watch?v=0pXTPVYgOlY
During the test we understood if user used the 4.2.2.4 Public
DNS (Level 3 Communication) as his Preferred DNS Server
he will receive warning (because of Iranian Filtering) but if
he set the ICP’s DNS instead everything will be fine.
We had conversation with ICP’s Support Team; they said they
are under maintenance.
Could be
Computer Games the Next Target of Cyberwars ? 2011-08-07
You could find out our Research and Documents here
We are free security researchers; we have not connection with
any company, any government or any military organization.
This research was
developed only for peace proposes and my advices are just in Position of a
friend.
Good luck,
Nima Bagheri, CEO of the U0vd Security
The Art of
Deception for Stuxnet in IRAN 2011-02-05
Hi all
This is A Report about Stuxnet Activity in IRAN at last year,
All of information I published here available on the net or
was my experience as a security researcher in IRAN.
You can download it from here
www.u0vd.org/Docs/AD_Stuxnet.pdf
File MD5: f7e1fac4dfdb78af901b2a6a91d51591
Tips:
I’m a free security researcher in Iran; I have not connection
with any company, government or any military organization.
This research was developed only for peace proposes.
Good luck, Nima Bagheri
Venak and
Avenak Seven Edition is Ready for Download
2010-12-09
You can download it from here
www.u0vd.org/Demo/VA_Seven_Edition.zip
To running with all capabilities you have to run it on
Administrator Privilege.
Please active the “Privilege Level” on properties windows and
then click on “Run this program as an administrator”
Find out on this figure
www.u0vd.org/img/Seven_Privilege_Setting.JPG
The Malcon
Conference Presentation & Source codes 2010-12-06
You can download Malcon’s Presentation & Source codes
from here
www.u0vd.org/Docs/Malcon_Source_Codes.zip
www.u0vd.org/Docs/Anti_Anti_Virus.pdf
The Password for source codes is “malcon”
Find out conference materials here
http://malcon.org/web/techbrief/malcon-2010-technical-briefings/
http://malcon.org/web/speakers/malcon-speaker-nima-bagheri/
Venak and
Avenak Detection Malware Scanner Support Windows Seven! 2010-11-06
We Plan to update Venak and Avenak Detection Malware Scanner
to support windows Seven.
That version support windows seven kernel and you can
download that after November of 2010.
Download links will be update.
It’s free!
Microsoft AVI
File Exploit Lets Local Users Crash Windows Applications (Even Protected
Programs such as Anti Viruses and Anti Rootkits)
Vulnerability Info:
Type: Crash / Exploit
Risk: High
Fix Available: No
Version(s): 2k SP4, 2k3 SP2, XP SP2, SP3 - Vista and 7 safe.
Description: an AVI file with manipulate data will crash the
windows Programs, when a local user open a Directory form his/her Program to
open the target file contain a manipulate AVI file, Target Program will crash
and terminate.
Also when you click on selected file windows explorer will
crash too.
Impact: A remote or local user could crash the target windows
Programs like windows Explorer or even anti viruses and anti root kits.
Vendor Confirmed: Not yet
Exploit able: yes
We demonstrate some Video for Anti Viruses and Anti Rootkits
here:
·
AVG_9.0
·
Avira Antivir
·
BitDefender_2009
·
Kaspersky_Inernet_Security_2010
·
Rootkit_Unhooker_LE_V3.8
You can download Vulnerability Video here
Watch this video www.u0vd.org/avi.zip
Venak and
Avenak Detection Malware Scanner going to Free Version!
You can download MPS Version on download.com
http://download.cnet.com/Venak-and-Avenak-MPS-Edition/3000-2239_4-10647015.html?cdlPid=11004459
The Reasons of this free edition are Upgrade to new Version
will coming after fall 2009!
Hope you guys use it and enjoy
Any idea Please send it to Idea@U0vd.org
New
Capability Video!
You can download and see on following links:
Some capability of this version contains:
·
Fast Scanning
·
Finding Most Unknown Rootkits on windows
·
Vista Capability Updates
·
Blocking USB Startup & Exploits
·
Running On CD & DVD
http://www.u0vd.org/Demo/Ultra_Rootkits.wmv
http://www.u0vd.org/Demo/Ultra_Rootkits2.wmv
http://www.u0vd.org/Demo/Internet_Worms.wmv
http://www.u0vd.org/Demo/P2P_Worms.wmv
You can Download it on here
http://download.cnet.com/Venak-and-Avenak-MPS-Edition/3000-2239_4-10647015.html?cdlPid=11004459
New Venak
and Avenak Detection Malware Scanner MPS Edition Standard version Video !
This is some new Video of Venak and Avenak Detection Malware
Scanner MPS Edition Standard version.
http://www.u0vd.org/Demo/Rootkit
Detection.wmv
http://www.u0vd.org/Demo/Explorer
Viruses.wmv
http://www.u0vd.org/Demo/New
Folder Viruses.wmv
http://www.u0vd.org/Demo/Internet
Worms.wmv
How Works
MPS ?
The New Article called “How works?” it is about MPS and VA
capabilities and guide you to know the threats carefully and how you can
configure VA to find Threats better.
Download it from following link
http://www.u0vd.org/Docs/How_Works_MPS.pdf
In this article you will see how MPS will show you threats
and error types of them.
Venak and Avenak Detection Malware Scanner , Trial Version Is
Ready For Download
You can download from following link
http://download.cnet.com/Venak-and-Avenak-MPS-Edition/3000-2239_4-10647015.html?cdlPid=11004459
Some Software Tips:
Do not use this program for home or business purposes.
This program made only for show MPS (Main Protection System)
capabilities.
You can not
use with features and tool boxes.
In Trial
version the MPS do not Freeze threats automatically
Good Luck
Venak and
Avenak MPS Edition First Public Demo
In this Demo You see how VA with using MPS can find Unknown
Threats likes Worms.
These threats try access to resource for keep alive but VA
defeat with them.
Also MPS send them to freeze
if these threats be dangerous.
You can download from here
http://www.u0vd.org/Demo/MPS_Demo.wmv
Please Send Your Ideas to our E-mail Idea AT U0vd.org
New Security
Model, New Anti Malware Vision
You can download White Paper from following Links:
http://www.u0vd.org/Docs/White_Paper.pdf
VA uses new technology called "Main Protection
System" or MPS. MPS mainly is a method to find out threats on your
computer.
In fact VA is kind of a virus's scanner with new vision. VA
can detect many threats for examples include computer rootkits, viruses, worms,
Trojans, and spyware.
After stating the MPS, MPS start to parse on your processes
and looking for non-standard processes and rate them.
These rates are based on process's access to resource for
example includes Drivers, Services, Registry keys and many other security
features.
In fact VA tries to tell you about Processes malicious
activity. The mechanism likes a biometric/Robot technology start to prevent
attack from automatic application.
Today computer security is big problem of companies and home
users. The most important capability of VA is defeat with Metamorphic Malware;
Metamorphism is the ability of malware to transform its code.
This ability was first introduced in viruses and was later
used by worms, Trojans, and other malware.
There now exist several metamorphic engines/programs that
implement only the logic for transforming code—that can simply be linked to any
program to make it metamorphic.