ThE HaCkEr NeWs || MuKeSh JoOn

2011 has been labeled the "Year of the Hack” or “Epic #Fail 2011”. Hacking has become much easier over the years, which is why 2011 had a lot of hacking for good and for bad. Hackers are coming up with tools as well as finding new methods for hacking faster then companies can increase their security.  Every year there are always forward advancements in the tools and programs that can be used by the hackers.

At the end of year 2011 we decided to give "The Hacker News Awards 2011". The Hacker News Awards will be an annual awards ceremony celebrating the achievements and failures of security researchers and the Hacking community. The THN Award is judged by a panel of respected security researchers and Editors at The Hacker News.

Year 2011 came to an end following Operation Payback and Antisec, which targeted companies refusing to accept payments to WikiLeak's, such as, Visa and Amazon. Those attacks were carried out by Anonymous & Lulzsec. This year corporations, international agencies, and governments are now experiencing a flood of what is called Advanced Persistent Threats. APTs refer to a group of well-funded, highly capable hackers pursuing a specific agenda, often organized by a nation or State. Sony somehow pissed off the hacking group LulzSec, which downloaded information for millions of users, while posting to Sony's system: "LulzSec was here you sexy bastards! Stupid Sony, so very stupid."

The Hacker News Awards Categories & Winners

1.) Person of the Year : Julian Paul Assange

He is, of course, the lean, tall, and pale 39-year-old Australian master hacker at the white-hot center of the whistle-blowing website WikiLeaks and, after revealing thousands of secret Afghan battlefield reports this week, the subject of investigation by U.S. authorities. 2011 could also be called the “Age of WikiLeaks”. Assange described himself in a private conversation as "the heart and soul of this organisation, its founder, philosopher, spokesperson, original coder, organizer, financier, and all the rest". Wikileaks celebrate its 5th Birthday on 4th October 2011, for being only 5 years old they have done a remarkable and outstanding job of serving the people. The one thing most governments in the world have left off their agenda’s. Keep up the good work Wikileaks and we stand in support and behind you.

2.) Best Hacking Group of the Year 2011 : ANONYMOUS

DECK THE HALLS AND BATTON DOWN THE SECURITY SYSTEMS…..THEY AIN’T GOIN AWAY!

Anonymous hackers have gained world wide attention because of their hacktivism. Anonymous is not an organization. Anonymous has no leaders, no gurus, no ideologists. Anonymous has performed many operations like Attack on HBGary Federal, 2011 Bank of America document release, Operation Sony, Operation Anti-Security and lots more. Complete Coverage on all Anonymous related news is here.

3.) Best Whitehat hacker of the Year 2011 : CHARLIE MILLER

CHARLIE SHOWS TUNA ISN’T THE ONLY THING TO PROFIT FROM!

Charlie Miller is a former hacker who has become an information security consultant now working with the Department of Defense (DOD) and helping out with cyber security. He spent five years working for the National Security Agency. Miller demonstrated his hacks publicly on products manufactured by Apple. In 2008 he won a $10,000 cash prize at the hacker conference Pwn2Own in Vancouver Canada for being the first to find a critical bug in the ultrathin MacBook Air. The next year, he won $5,000 for cracking Safari. In 2009 he also demonstrated an SMS processing vulnerability that allowed for complete compromise of the Apple iPhone and denial-of-service attacks on other phones. In 2011 he found a security hole in an iPhone's or iPad's security. Charlie Miller gets a kick of out defeating Apple’s security mechanisms, using his hacking skills to break into Macbooks and iPhones.

4.) Best Leak of the year 2011 : HBGARY FEDERAL EMAILS LEAKED BY ANONYMOUS

GEE GREG, YOU THOUGHT WE JUST PLAYED WITH MATEL COMPUTERS!  NOT!!!!!

HBGary Federal who was helping the federal government track down cyber activists was itself hacked by the very same activists!  Gotta love these guys.  Through an elegant but by the numbers social engineering effort those fun fellas at Anonymous,  hacked and publicly shamed poor little HBGary Federal. Massive reputation damage and tons of turn-over in executive leadership resulted. Anonymous released 27,000 emails from the server of Greg Hoglund, chief executive of the software security firm HBGary. They posted 50,000 emails of Aaron Barr from the CEO of its sister organization, HBGary Federal. They obtained the emails by hacking into Hoglund’s email.

5.) Best Defacement of the Year 2011 : DNS HIJACKING OF HIGH PROFILE SITES BY TURKGUVENLIGI

TURKGUVENLIGI……..THE GIFT THAT KEEPS ON GIVING!!

Turkguvenligi also known by the name "TG Hacker' hacked some very high profile sites using DNS Hijacking.  Sites included, Theregister.co.uk , Vodafone, Telegraph, Acer, National Geographic. He diverted visitors to a page declaring it was “World Hackers Day”. TurkGuvenligi has claimed credit for dozens of similar defacement attacks since late 2008. 

6.) Craziest Hack of the year: INMOTION HOSTING (Over 700,000 Websites Hacked)

BEWARE OF TIGER’S IN MOTION…….COMING TO YOUR WEBSITE SOON!

InMotion's data center got hit by the hacker that calls himself TiGER-M@TE, leaving a few hundred thousand website owners with nonfunctional pages and 700,000 web Pages defaced . He is also the one responsible for the attack carried out on Google Bangladesh.  In our humble opinion, this is the craziest hack of the year. 

7.) Malware of Year 2011 : DuQu

ALAH CAN’T HELP IRAN…….NOT WITH DuQu ON THE LOOSE!

This year was really hot on malware discovery and analysis. DuQu  became the first known network modular rootkit.   DuQu has flexibility for hackers to help remove and add new features quickly and without special effort. Some experts have doubts on relation between the Stuxnet and DuQu creators as they both aim for stealing and collecting data related to Iranian agencies activities.

8.) Best Hacking Tool of the Year 2011 - ANTI (Android Network Toolkit)

HEY CYBER WORLD, STICK THIS IN YOUR TOOL BELT!

ANTI is the smallest but most powerful hacking tool developed by the company Zimperium. Anti-Android Network Toolkit is an app that uses WiFi scanning tools to scan networks. You can scan a network that you have the phone connected to or you can scan any other nearby open networks. Security admins can use Anti to test network host vulnerabilities for DoS attacks and other threats. Features : OS detection, traceroute, port connect, Wi-Fi monitor, HTTP server, man-in-the-middle threats, remote exploits, Password Cracker and DoS attack and plugins.

9.) High Profile Hacker of the Year 2011 : LULZSEC

LULZSEC KEEPS US LAUGHING ALL THROUGH 2011!

Lulz Security, commonly abbreviated as LulzSec, is a computer hacker group that claims responsibility for several high profile attacks, including the compromise of user accounts from Sony Pictures in 2011. The group also claimed responsibility for taking the CIA website offline. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. The group's first recorded attack was against Fox.com's website. LulzSec does not appear to hack for financial profit. The group's claimed main motivation is to have fun by causing mayhem. They do things "for the lulz" and focus on the possible comedic and entertainment value of attacking targets.

10.) Biggest Victim of the Year 2011 : SONY

SONY SHINES AS THE BIGGEST VICTIM OF ALL!

Sony gets the Most Epic fail award so we want to give the Best Victim of the year award to Sony. Almost all Sony’s websites including Indonesia, Japan, Thailand, Greece, Canada, Netherlands, Europe, Russia, Portugal & Sony PlayStation Network were Hacked. Defacement of various domains of Sony and Personal information of 77 million people, including customer names, addresses, e-mail addresses, birthdays, PlayStation Network and Qriocity passwords, user names, online handles and possibly credit cards were exposed. Sony expects the hack of the PlayStation Network and cost at ¥14 billion (US$170 million) .

11.) Most Spamy Social Network : FACEBOOK

FACEBOOK OUTTA FACE IT……..IT’S A RIPE TARGET FOR 2012

Social network sites such as Facebook, Google+ or Twitter are gaining popularity. But the 'Web 2.0' presents new dangers. The wave of pornographic and violent images, Spam messages, Virus and various Worms that flooded Facebook over the past year, make it the Most Spamy Social Network of the Year. Social media is the new frontier for all of this spam. The attack tricked users into clicking on a story they thought would bring them a related video or picture. Instead, Facebook members were taken to websites that attacked their browsers with malicious software and posted violent and disturbing images to their news feeds. 

12.) Most Vulnerable Mobile OS of Year 2011 : ANDROIDS

MALWARE GETS A FREE RIDE ON MOBILE DEVICES!

Mobile devices are seeing a record number of Malware attacks, with Androids leading the way as the mobile operating systems are the  most likely to be targeted. Android’s vulnerability to malicious content including third-party apps, SMS Trojan viruses and unexpected bugs distributed through free Wi-Fi connections has risen by 45% in 2011. This year we have seen record-breaking numbers of Malware, especially on mobile devices, where the uptake is in direct correlation to popularity. 

13.) Best Hacking Book of the Year: BACKTRACK 5 WIRELESS PENETRATION TESTING

ATTENTION CLASS, VIVEK RAMACHANDRAN HAS ENTERED THE ROOM!

Vivek Ramachandran is a world renowned security researcher and evangelist, who is well known for his discovery of the Wireless Caffe Latte attack, and author of the most amazing book “BackTrack 5 Wireless Penetration Testing. This book is written completely from a practical perspective. The book wastes no time in delving into a hands-on session with wireless networking. All the way through there are lots of screengrabs, so you can see what should be happening on your screen.

14.) Most Innovative Hack : DIGITAL CERTIFICATES SPOOFING BY COMODO HACKER

COMODOHACKER BRINGS OUT THE DRAGON IN CYBER SECURITY CONCERNS

The name "Comodohacker" gets the most Innovative Hacker award from THN for the breach of the Internet's trust system arising from an outmoded method for assuring that a Web site is authentic.  A breach that let a hacker spoof digital certificates for Google.com, Yahoo.com, and other Web sites is prompting browser makers to rethink security. A 21-year-old Iranian patriot took credit saying he was protesting US policy and retaliating against the US for its alleged involvement with last year’s Stuxnet, which experts say was designed to target Iran’s nuclear program.

15.) Biggest hack of the Year 2011 : SONY PLAYSTATION

SONY, SONY, WE PLAY YOUR LEAKS ON OUR OWN STATIONS!

The PlayStation Network is an online multiplayer gaming and digital media delivery service owned and run by Sony Computer Entertainment .On April 26, 2011 Sony Playstation announced its network and Qriocity had both been compromised by hackers between April 17 and April 19 allowing access to 70 million user accounts. 

“TRUTH IS THE MOST POWERFUL WEAPON AGAINST INJUSTICE”

For additional information, please contact us at: mukesh.joon@gmail.com

Download Hacking Tools

• Sendrawpdu : iPhone SMS spoofing tool Released
• OllyDbg 2.01 Beta 2 Released
• ESSPEE - Penetration Testing & Forensics
• Nishang - Use PowerShell for Penetration Testing
• Uniscan 6.2 released
• WiFite v2.0 r85 - WPS hacking support Added
• Phemail.py: Phishing EMail Social Engineering Tool
• jNetPort ? Active monitoring tool
• Pentoo - Security focused livecd
• BBQSQL - A Rapid Blind SQL Injection Exploitation Tool
• Etherwall v1.0 Beta 3 - Prevents Man in The Middle (MITM) Attack
• Smartphone Pentest Framework v0.1.1 Released
• NmapSi4 v 0.3.2 - Easy Gui version of Nmap
• Anehta V-0.6 - Web Application Security Audit Tool
• NetworkMiner 1.4 Released
• Wireshark 1.8.2 Released
• Junkie The network sniffer v 2.2.0
• ASEF : Android Security Evaluation Framework
• WATOBO version 0.9.10 0 - Transparent Proxy Mode and SQLMap plugin Added
• Backtrack 5 R3 Released

Read more ...

Chat with Friends through Command Prompt

Hello friends Now U Can Chat With Command Prompt THrough So Here IS A Trick.....

---

1) All you need is your friend's IP Address and your Command Prompt.

2) Open Notepad and write this code as it is.....!

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A


3) Now save this as "Messenger.Bat".

4) Open Command Prompt.

5) Drag this file (.bat file) over to Command Prompt and press Enter.

6) You would then see something like this:

 
7) Now, type the IP Address of the computer you want to contact and press enter
You will see something like this:
 

8) Now all you need to do is type your message and press Enter.
Start Chatting.......!

DONE....ENJOY.~!! :)

Read more ...

Computer Forensic Tools And Tricks

To Find The USB Logs

Go to Run Then Enter Code _|
For window 7 -->
C:\Windows\inf\setupapi.dev.log

For window Xp -->
C:\Windows\inf\setupapi.log

For Ram Analysis

Open Source Tools from ForensicZone

Download Link

Read more ...

Proxy Server

Proxy servers:-

Its allow for you to configure your browser to route your browser traffic through that machine, which then makes a request for a page on your behalf, and then sends you the results. These are usually used at no cost to the user. Since they are accessible to the public these are often quite slow. Please see instructions for using a proxy server.

There are a variety of types of these proxy servers:

* Transparent Proxy - This type of proxy server identifies itself as a proxy server and also makes the original IP address available through the http headers. These are generally used for their ability to cache websites and do not effectively provide any anonymity to those who use them. However, the use of a transparent proxy will get you around simple IP bans. They are transparent in the terms that your IP address is exposed, not transparent in the terms that you do not know that you are using it (your system is not specifically configured to use it.) This type of proxy server does not hide your IP address.

* Anonymous Proxy - This type of proxy server identifies itself as a proxy server, but does not make the original IP address available. This type of proxy server is detectable, but provides reasonable anonymity for most users. This type of proxy server will hide your IP address.

* Distorting Proxy - This type of proxy server identifies itself as a proxy server, but make an incorrect original IP address available through the http headers. This type of proxy server will hide your IP address.

* High Anonymity Proxy - This type of proxy server does not identify itself as a proxy server and does not make available the original IP address. This type of proxy server will hide your IP address.

 Proxy browser:-

A proxy server acts as a security barrier between your internal network and the Internet, keeping others on the Internet from being able to obtain access to information that is located on your internal network.........and your browser is become like invible........its hide your ip. like you use china country proxy den open google.com now google will open in china language form............!~

How to change proxy settings in Browsers

@ Mozilla Firefox

1. Open Mozilla Firefox.

2. Click on Tools then click on Options….

3. Click on the Advance tab, then click on the Network sub-tab and finally on the Settings… button.

4. Tick the Manual Proxy Configuration: radio button.

5. In the HTTP Proxy: box, type the IP address of the proxy server.

6. In the Port: box, type the in the port number that is used by the proxy server.

7. Click OK to close the Connection Settings window.

8. Click OK to close the Options window.

9. DONE

@ Internet Explorer
1. On the Tools menu in Internet Explorer, click Internet Options, click the Connections tab, and then click LAN Settings.
2. Under Proxy server, click to select the Use a proxy server for your LAN check box.
3. In the Address box, type the IP address of the proxy server.
4. In the Port box, type the port number that is used by the proxy server for client connections (by default, 8080).
5. You can click to select the Bypass proxy server for local addresses check box if you do not want the proxy server computer to be used when you connect to a computer on the local network (this may speed up performance).
6. Click OK to close the LAN Settings dialog box.
7. Click OK again to close the Internet Options dialog box.

@ proxy settings In Google Chrome.

* To change proxy settings: Click "Customize and control Google Chrome" icon right under the "window close" button.
* A popup menu will be dipslayed. Click "Options".
* Select the "Under the Hood" tab.
* Scroll down and Click "change proxy settings" button.
* A popup dialog will be display. Select the Connections tab on this dialg.
* If you are using LAN, click "LAN Settings" button. If you are using Dial-up or Virtual Private Network connection, select necessary connection and click "Settings" button.
* Make sure the "automatically detect proxy settings" and "use a proxy automatic configuration script" options are not checked.
* In the "Proxy Server" area, click the check box next to Use a proxy server for this connection.
* If nessesary, enable "bypass proxy server for local addresses".
* Click the "Advanced" button and set Proxy Server address (proxy IP), proxy server port.
* Click OK.

*done

@ proxy settings in Safari.
* To change proxy settings: Open Safari
* Click Safari on top of the screen.
* Click "Preferences".
* In the menu bar at the top of the window, Click "Advanced".
* Click on the "Change Settings" button next to the Proxies label
* Click on the check box button next to Web Proxy (HTTP)
* Enter proxy server and port information
* Select "Apply Now" to save settings.
* Done.

                                        Anti-Spam SMTP Proxy Server

The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open source platform-independent SMTP Proxy server which implements auto-whitelists, self learning Bayesian, Greylisting, DNSBL, DNSWL, URIBL, SPF, SRS, Backscatter, Virus scanning, attachment blocking, Senderbase and multiple other filter methods. Click 'Browse all files' to download the professional version 2.2.1 build 12221.

• Multiple Weighted DNSBLs
• Multiple Weighted URIBLs
• Greylisting
• Weighted Regular Expression Filtering
• Bayesian
• Penalty Box
• SenderBase
• SSL/TLS
• SPF/SRS
• Attachment Blocking
• ClamAV and FileScan
• Blocking Reporting
• LDAP support
• Backscatter Detection

Download

                                                       WEB PROXY SITES:

www.meebo.com/   www.freeproxyserver.ca/   www.ninjacloak.com/   www.anonymizer.ru/  

www.kproxy.com/

www.iloveim.com/

www.the-cloak.com/

  

www.cantblock.me

www.mb35.info

www.cloaking.me

www.proxybrowsing.com

www.behidden.com

www.yourfreedom.net

www.hujiko.com

www.anonymizer.ru

www.schoolproxylists.cn/

www.xysurfing.com/

www.googlefaker.com/

www.internetoxy.com/Facebook Proxy

---

If Facebook are block in your offices, college and home then don't worry Click at below link

and access your FB Account.

EnjoY..!!

http://www.f1.proxymice.com/
http://www.f2.proxymice.com/
http://www.f3.proxymice.com/   standalone proxyserver ultrasurf DOWNLOAD http://ultrasurf.us/download/u.zip   hotspotsecurityshild   super hide ip   VPN Securitykiss VPN Tool

Secure your Internet connection with SecurityKISS Tunnel.
We are a leading VPN provider to protect privacy, ensure anonymity and bypass Internet restrictions.

 DOWNLOAD http://www.securitykiss.com/resources/download/windows/    PROXPN  DOWNLOAD  http://www.proxypn.com
ULTRAVPN  DOWNLOAD http://www.ultravpnsoftonic.com   CYBER GHOST DOWNLOAD  http://www.cyberghostvpn.com/files/download.php   MACROVPN  DOWNLOAD http://www.macrovpn.com 

To Protect Your Privacy..!!

---

JonDo

JonDos publishes a new version of the JonDo-Software, an IP changer and IP anonymization program, that you can use for anonymous surfing in the Internet with high security anonymous proxy servers.

What is JonDo?
JonDo is an open source and free-of-charge program for Windows, Linux and MacOS X.
It hides the user's IP adress behind an anonymous IP address. In contrast to other anonymizers (VPNs, anonymous proxy servers), the user's anonymity stays protected even against the providers (operators) of the anonymous IP address.

Download

---

TOR

Tor is very useful for online anonymity, its protect your privacy, defend against a form
 of network traffic analysis. Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic
allows others to track your behavior and interests.

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create
new communication tools with built-in privacy features.

Tor to keep websites from tracking them and their family members, or to connect to
news sites, instant messaging services, or the like when these are blocked by their
local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site.

Video Tutorial: http://youtu.be/azSaqhdQ7Uo

Download    

ProXPN helps to upgrades your internet connection with VPN encryption secures all types of connections from DSL and cable to 3G gives you 100% private access to the internet get an IP address in the USA, UK, or NL.
It Protects websites you visit, hijack your passwords, credit cards, or banking details intercept and spy on your email, IMs, calls, or anything else, record your web,history, run traces to find out where you live.

Video Tutorial: http://youtu.be/Qh43CkVH9Qg

Download

---

UltraVPN - A Free VPN

UltraVPN is a simple user interface to connect or disconnect to our VPN servers.

To use UltraVPN, you need to right click on a traybar icon (on the bottom right of your screen) that looks like a computer with a red screen. After right clicking on it, choose "connect".

It can be used by any individual who simply wants to protect his privacy, either on a LAN or a public hotspot.

Features:
You can connect or log in into MSN if it's blocked.
For use VoIP software like Skype if it's blocked.
UltraVPN protect your email and browsing privacy.

How can you download UltraVPN?
Download the software client and create account. You are now able to connect to the VPN.

Video Tutorial:
http://youtu.be/3_zXns8xbgU  

Read more ...

Phising Attack

Here we tells about PHISHING & How can we protect from it.~!

 WHAT IS PHISHING:-

The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surroundering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

 

>>MOBILE PHISHING:

Phishing scams are not limited to the internet. Some phishers use the telephone to make requests for information. If you get a call from your banking institution asking for personal information, hang up and call your bank directly. Your bank will have your social security number and account information on file and should only ask you to verify a few digits.

like Iphone,Apple ,iTunes n more...By SMS

EXAMPLE:-

>>Congratulations! Your mobile phone has won US$ 10 Million prize money. To claim your money, call this number XXXXXXXX,give your permanent address,pin number,account number or credit card number...

The phisher can ask like it They want your personal Information.

 Some people do the reply to phisher then after he/she can be target of Phisher... so never be reply these type of Messages or Mail.

 

In a phishing attack, the attacker creates a situation wherein people believe that they are dealing with an authorized party, like their bank or another service provider. The attacker will ask the victim for sensitive information such as credit card information.



>>Phishing attacks generally target:

    * Bank information – e.g. VISA and PayPal accounts.
    * Username and password information.
    * Social Security numbers.
    * Information which can be used to retrieve forgotten or lost credentials.

>>Follow the tips below to protect yourself against these threats:

· Your bank will never ask you to divulge account information or passwords via email. Never give out this information, especially via email.

· Don’t open emails that come from untrusted sources.

· Don’t run files that you receive via email without making sure of their origin.

· Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.

· Keep your computer protected. Install a security solution and keep it up-to-date.


>>Protect yourself from Phishing scams that could lead to identity theft. I cannot stress this enough. Phishing scams are a hot topic lately that have grown with the popularity of online banking and social networking sites like MySpace, Facebook and Friendster.

The term Phishing comes from the analogy to "fishing". The phisher uses a bait to lure victims into giving out personal information like passwords and credit card numbers. The bait is typically and urgent plea from one of the victims friends or trusted websites, asking for information to resolve some sort of problem with their account.


>>Anti-phishing software is a must for anyone that accesses the internet. Most of the internet service providers have some safety measures included as part of their online security software. Most web browsers also have add-ons that can detect most phishing scams. Unfortunately, these measures are not enough. Some of the more clever phishers have found ways to trick the anti-phishing software so you need to be cautious of suspicious emails and messages.

Read more ...

Social Engineering

Social Engineering

Social Engineering:-  To Hack The Human Mind :)

This has become one of the hottest topics today and it seems to work out most of the times. Social Engineering doesn’t deal with the network security issues, vulnerabilities, exploits, etc. It just deals with simple psychological tricks that help to get the information we want. This really works!! But it requires a lot of patience.
We are all talking about network security and fixing the vulnerabilities in networks. But what happens if some internal person of a network accidentally gives out the passwords. After all we are all humans; we are also vulnerable and can be easily exploited and compromised than the computers.
Social Engineering attacks have become most common during the chat sessions. With the increase in use of Instant Messengers, any anonymous person may have a chat with another any where in the world. The most crucial part of this attack is to win the trust of the victim.
                                  
It may take a long time (may be in minutes, hours, days or months) for this to happen. But after you are being trusted by the victim he will say you every thing about him. Most of the times his person information will be useful to crack his web accounts like e-mail ids, etc. Even some people are so vulnerable to this attack that they even give their credit card numbers to the strangers (social engineers).
Some social engineers stepped one more forward and they send some keyloggers or Trojans to the victims claimed to be as screensavers or pics. These keyloggers when executed gets installed and send back information to the attacker. So be careful with such attacks.

Prevention:
1) Don’t believe everyone you meet on the net and tell them every  thing about you. Don’t even accidentally say answers to the questions like “What’s you pet’s name?”, “What is your mothermaiden’s name?”, etc. which are particularly used by your web account providers to remind your passwords.

2) Don’t give your credit card details to even your chating through instant messengers. Remember, it’s not a hard deal for an attacker to crack an e-mail id and chat with you like your friend. Also data through IMs can be easily sniffed.

3) Don’t accept executable files (like *.exe, *.bat, *.vbs, *.scr, etc.) from unknown persons you meet on the net. They might be viruses or Trojans.
Please act carefully, use security software and ask professionals for help.

---

Social Engineering Toolkits are as follows :

SET :- The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of pentesting. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing Metasploit payloads and Java-based attacks by setting up a malicious website (which you can clone whatever one you want) that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open- relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is  to bring awareness to the often forgotten attack vector of social-engineering. Download SET Video Tutorial Of Social Engineering With SET: http://youtu.be/9f2ANmI2-RI

MALTEGO :- Maltego is a program that can be used to determine the relationships and real world links between: People, Groups of people (social networks), Companies, Organizations, Web sites, Internet infrastructure such as: Domains, DNS names, Netblocks, IP addresses, Phrases, Affiliations, Documents and files These entities are linked using open source intelligence. Maltego is easy and quick to install - it uses Java, so it runs on Windows, Mac and Linux. Maltego provides you with a graphical interface that makes seeing these relationships instant and accurate - making it possible to see hidden connections. Using the graphical user interface (GUI) you can see relationships easily - even if they are three or four degrees of separation away. Maltego is unique because it uses a powerful, flexible framework that makes customizing possible. As such, Maltego can be adapted to your own, unique requirements. Screenshot Download Maltego Video Tutorial Of Social Engineering With MALTEGO: http://youtu.be/qiv4-wy3mxo

Read more ...