Darko

Welcome to CP, I hope you enjoy your stay

Welcome aboard, ya don't have to lurk we do not bite.....................too hard

Welcome aboard amigo, enjoy your stay

How can I know where an email really came from? Is there any way to find it out? I've heard about email headers, but I don't know where can I see email them, in Gmail, for instance. Any help? The full email and its headers will open: The headers are to be read chronologically from bottom to top—oldest are at the bottom. Every new server on the way adds its own message—starting with Received. For example: This says that mx.google.com has received the mail from maxipes.logix.cz at Mon, 08 Jul 2013 04:11:00 -0700 (PDT). Now, to find the real sender of your email, you must find the earliest trusted gateway—last when reading the headers from top. Let's start by finding Bill's mail server. For this, query MX record for the domain. You can use online tools like MxToolbox, http://mxtoolbox.com/ or on Linux you can query it on command line (note the real domain name was changed to domain.com): And you'll see the mail server for domain.com is maxipes.logix.cz or broucek.logix.cz. Hence, the last (first chronologically) trusted "hop"—or last trusted "received record" or whatever you call it—is this one: You can trust this because it was recorded by Bill's mail server for domain.com. This server got it from209.86.89.64. This could be, and very often is, the real sender of the email—in this case the scammer! You can check this IP on a blacklist. http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a209.86.89.64&run=toolpage It's listed in three blacklists! There's yet another record below it: But be careful trusting that this is the real source of the email. The blacklist complaint could just be added by the scammer to wipe out his traces and/or lay a false trail. There's still the possibility that the server 209.86.89.64 is innocent and just a relay for the real attacker at 168.62.170.129. In this case, 168.62.170.129 is clean so we can be nearly certain the attack was done from209.86.89.64. Another point to keep in mind is that Alice uses Yahoo! (alice@yahoo.com) and elasmtp-curtail.atl.sa.earthlink.net isn't on the Yahoo! network (you may want to re-check its IP Whois information http://who.is/whois-ip/ip-address/209.86.89.64 ). Therefore we may safely conclude that this email is not from Alice, and we should not send her money to the Philippines. The ShortcutOr, you can paste the headers into SpamCop http://www.spamcop.net/ and let it do all the deciphering for you. They'll even send a SPAM notice to the responsible sysadmin(s) if you wish. Another Shortcut Or, you can also use Google's header analysis tool. https://toolbox.googleapps.com/apps/messageheader/ Why Not Just Respond? Spoofed emails are painfully common—to the point where I commonly advice people who get such e-mails to ask something only the owner of the email addie would know is false. Because You Could Make Yourself A Target Best practice is often to not reply—a reply (or clicking any link, or loading external resources, e.g. images) could provide an indication to mass-spammers that your email address is a valid one, and someone is actually reading it. (Source:Lifehacker)

I just want to say goodbye to everyone. I had a great time sharing with everybody here. I love the feel of Cyberphoenix. It will always be home for me. It is time for me to get on with life. Too much is going on and I need to change directions. I wish everyone has a Happy, Healthy ,and wealthy (not necessarily money wealth) New Year! I wish everyone the very best. Love and Peace, Darko

Has anybody ever seen this before: I am the only user on my rig. I am the Admin. Curious it is. Anybody seen this before?

Hummm, Yeah I had installed Chrome.....................O I C said the blind man. Friggen companies always trying to make life easier and muffiing shiite up along the way. Good information thank you m8y

It does look janky. I have scanned in safe mode nothing showed up

Cool thanx m8!

Anybody know if I can use Windows 2012 Server Essentials as a home media server? I have WHS and she works great for streaming, but I hate that I can only use a 2TB drive. Yes I know I can partition a larger drive so the computer sees it as multiple smaller ones (To much work and well I am too lazy). Can I use Windows 2012 Server Essentials or any other variation of Windows server for a home media stream machine. I also want family to be able to log on and download pictures of the family (Yes I am lazy in my old age). I am afraid if I start reading up on all these different types of servers I will push out some critical info from my mellon to make room for the new (lol like I said I am lazy). Any advice would be appreciated, thanx!

If I read this right you Vista system is corrupt. You most likely do not want to boot it to your new rig. unless you are 120% sure it was not a virus that killed it. Best thing to do it hook it up as a slave drive ánd grab the data you want or need.

LMFARTFO!.........oooopsie

Lov it, but try moving the thing. It weighs a ton

Poweliks: the persistent malware without a file Malware that resides in the registry only – a rare and rather new approach When security researchers talk about malware, they usually refer to files stored on a computer system, which intends to damage a device or steal sensitive data from it. Those files can be scanned by AV engines and can be handled in a classic way. The following analysis is an example of malware which resides in the registry only, is persistent and is not present as a file which can be scanned easily. Executive SummaryWhen security researchers talk about malware, they usually refer to files stored on a computer system, which intends to damage a device or steal sensitive data from it. Those files can be scanned by AV engines and can be handled in a classic way. The following analysis is an example of malware which resides in the registry only, is persistent and is not present as a file which can be scanned easily. This technique is something rarely put into focus. The initial file, which starts all malicious activity on the computer system, holds all code necessary for the attack, crypted and hidden, waiting to be called and executed. To unfold the harmful actions, the attackers work step-by-step deeper into the code. Executing these steps one after the other reminds of the stacking principles of Matryoshka dolls: As the entry point, they exploit a vulnerability in Microsoft Word with the help of a crafted Word document they spread via email. The same approach would work with any other exploit. After that, they make sure that the malicious activities survive system re-boot by creating an encoded autostart registry key. To remain undetected, this key is disguised/hidden. Decoding this key shows two new aspects: Code which makes sure the affected system has Microsoft PowerShell installed and additional code. The additional code is a Base64-encoded PowerShell script, which calls and executes the shellcode (assembly). As a final step, this shellcode executes a Windows binary, the payload. In the case analyzed, the binary tried to connect to hard coded IP addresses to receive further commands, but the attackers could have triggered any other action at this point. All activities are stored in the registry. No file is ever created. So, attackers are able to circumvent classic anti-malware file scan techniques with such an approach and are able to carry out any desired action “when they reach the innermost layer of the Matryoshka doll” – even after a system re-boot! To prevent attacks like this, AV solutions have to either catch the file (the initial Word document) before it is executed (if there is one), preferably before it reached the customer’s email inbox. Or, as a next line of defense, they need to detect the software exploit after the file’s execution, or, as a last step, in-registry surveillance has to detect unusual behavior, block the corresponding processes and alert the user. The analysisThe G DATA SecurityLabs have analyzed persistent malware which resides in the registry only and therefore does not create any file on the infected system. An overview of this mechanism was firstly described quite recently in the KernelMode.info forum. The analyzed sample is dropped by a Microsoft Word document which exploits the vulnerability described in CVE-2012-0158. The document was reported to be found as an attachment of fake Canada Post and/or USPS email which claims to hold information about ordered items for the recipient of the spam. Autostart featureTo start at every boot-up of the system, the malware must create an autostart mechanism. In this case, the malware creates the following registry key: Note that the character used for the key’s name is not an ASCII character. We will come back to this fact, later. The mentioned entry contains: The purpose of this command is to open and execute the encoded content (the tag “jscript.encode” indicates the encoding) of the key: \\HKCU\software\microsoft\windows\currentversion\run\(default) Hide the autostart from the administrator’s toolsAs mentioned, the name of the registry key to start the malware is not an ASCII character. The purpose is to hide the entry from system tools. The following screenshot reveals the registry key’s content, opened with the common Windows tool regedit: Regedit cannot read the non-ASCII character and therefore cannot open the key, as the error message shows. Furthermore, the user cannot see the key either. Malware in a registry value – like Matryoshka dollsThe developer uses a technique which resembles the stacking principle of Matryoshka dolls: initially used code embeds and executes further code and this code then leads to even more code used and so on and so on. The initial code executed is JScript code and then a PowerShell script which finally executes shellcode that contains the malicious code of Poweliks. Step 1 (JScript code)It is no surprise that the content of the executed registry key mentioned above is encoded: This encoding technique was initially created by Microsoft in order to protect source code from being copied or tampered with. However, a security researcher had found a way to decode this kind of data which we can use now. Looking at the decoded key, the following tasks can be identified: The script checks if Windows PowerShell is installed on the system. If it is not installed, the script downloads and installs it; It executes further code, stored in base64; examined in the next paragraph. Once decoded, the stored code is a PowerShell script, which perfectly explains why the malware searched for/installed the software during the previous step. By default, Microsoft Windows has protection to avoid the execution of unknown PowerShell scripts. If we try to execute a PowerShell script, we have the following error message: PS C:\Users\User> .\script.ps1 File script.ps1 cannot be loaded because the execution of scripts is disabled on this system. The attackers circumvent this limitation by making Windows believe that the script runs in interactive mode of PowerShell. Therefore, the script can be executed without a user notification. Step 2 (PowerShell script and its purpose)The PowerShell script contains a variable $p, which contains Base64-encoded shellcode. It uses VirtualProtect() to render the memory executable and CallWindowProcA() to execute the shellcode in $p. Step 3 (ASM shellcode)The shellcode realizes several actions: It allocates memory, using VirtualAlloc(); it copies data, including itself (at the offset 0x1104); It executes the copied code. Have a look at the data copied to the offset 0x1104: We can identify a Microsoft Windows binary (starting with MZ). Furthermore, we can see two other significant strings: MPRESS1 and MPRESS2. Theses strings are added by a packer called MPress , but we will not go into detail about the unpacking at this point. This last payload, the entire MZ, is the actual malicious part; it performs connections to two IPs located in Kazakhstan to receive commands. At the time of analyzing this case, the two IPs were already offline, so we cannot state what attack the authors wanted to launch. As the malware is very powerful and can download any payload; the amount of possible damage is not really measurable. It might install spyware on the infected computer to harvest personal information or business documents. It might also install banking Trojans to steal money or it might install any other form of harmful software that can suit the needs of the attackers. Fellow researchers have suggested that Poweliks is used in botnet structures and to generate immense revenue through ad-fraud. ConclusionThe analysis of this piece of code was uncommon and rather time consuming, with several code layers which were created to prolong the analysts’ work and certainly to hide the malware and to blend it into the usual system use without the user noticing the infection. Poweliks is malware that does survive without any file creation, which is a rather rare and new technique, barely focused on – everything is performed within the memory. It only resides in the registry and executes programs from there. Furthermore, the developers hid the autostart registry key by using a non-ASCII character as the name of the key. This trick prevents a lot of tools from processing this malicious entry at all and it could generate a lot of trouble for incident response teams during the analysis. The mechanism can be used to start any program on the infected system and this makes it very powerful! For fellow researchers:Office documents using CVE-2012-0158: 74e0d21fe9edf7baf489e29697fff8bc4a6af811e6fe3027842fe96f6a00a2d9 88bc64e5717a856b01a04684c7e69114d309d52a885de9fc759e5a99ac20afd5 The Poweliks installer (creates the registry keys): 4727b7ea70d0fc00f96a28de7fa3d97fa9d0b253bd63ae54fbbf0bd0c8b766bb e8d6943742663401e5c44a5fa9cfdd8fad6a9a0dc0f886dc77c065a86c0e10aa Source: https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html

Yeah, he thinks he is a woman. He gets protections. If I thought I was Caesar I would be locked up in a mental ward. Now you tell me how is that not mental

Rule #1: The internets makes you stupid. Rule #2: If it's funny, it came from 4chan or Something Awful. Rule #3: If you are an idiot, you will be made fun of. Rule #4: Nobody cares if you're tough in real life. Rule #5: Anonymous does not forgive. Rule #6: Caps lock is the equivalent of screaming "I'M AN IDIOT" Rule #7: If it exists, you can buy it online somewhere. Rule #8: The internets is serious business. Rule #9: Brazilian girls will do it for 500 dollars. Rule #10: Anything can become the next big thing. Rule #11: You will get viruses from downloading pornography. Rule #12: Lurk moar. Rule #13: It never needed any more cowbell. Rule #14: If the cake is delicious, you must eat it. Rule #15: If a camwhore posts, tits must be shown. If this rule is broken, said camwhore must get the fuck out. Rule #16: You must enjoy your AIDS. Rule #17: You can not have a pony. Rule #18: If someone is better than you, they are hacking. Rule #19: Lens Flare is the only worthy feature in Photoshop. Rule #20: You are doing it wrong. Rule #21: If your girlfriend ends in .jpg, she is not real. Rule #22: There are no girls on the internets. Rule #23: Everyone sees what you did there. Rule #24: Pics or it never happened. Rule #25: Long stories are copypasta. Rule #26: Nobody knows the answer to "What is love?". Rule #27: Loli haets pizza. No exceptions. Rule #28: Sometimes, Loli has to deal with things it haets. Rule #29: Barrel Rolls can evade anything. Rule #30: Mudkips are generally acceptable, and some woule even say they like them. Rule #31: The internets is for porn. Rule #32: There is a market for any kind of porn. Rule #33: It is a trap. Rule #34: If it excists, there is porn of it. No exceptions. Rule #35: If there isn't porn of it, /b/ will make it so. Rule #36: Every time you masturbate, ceiling cat is watching you. Rule #37: Rape is Japanese for "Hello." Rule #38: If you mention candlejack, your post will be cut sho Rule #39: It is a troll. Rule #40: "Corn" is spelled "corm" Rule #41: Everything needs more desu. No exceptions. Rule #42: The picture is never related. Rule #43: It cannot be hugs tiem now. Rule #44: Saturday is known as "Caturday." Rule #45: Lazers must be charged prior to use. Rule #46: Jesus actually excisted in the Mesozoic Era. Rule #47: Shotting web is accepted as a mystery which will never be solved. Rule #48: The GMan always has a wonderful time. Rule #49: One does not simply walk into Mordor. Rule #50: If you die in the game, you die for real. Rule #51: Ass sandwiches are made of ass and poo. No exceptions. Rule #52: Developers, developers, developers, developers. Rule #53: It's awwwwrighttt. Rule #54: Snape killed Dumbledore. Rule #55: "Winner" is actually spelled "WinRar" Rule #56: Furries are only to be posted on Fridays. Rule #57: If balls are touching, it is gay. Rule #58: It's not "down the road", it's not "across the street", it's not "through the jugular", it's "down the road, across the street AND through the jugular." Rule #59: If you kill yourself, don't make a myspace bulletin unless you want to be made fun of. Rule #60: Every day is repost day. Rule #61: Wayne Brady is going to have to choke a bitch. Rule #62: If someone mentions "Weeaboo," raise your paddle and slap your palm. Rule #63: It was the nigga who stole your bike. Rule #64: Nobody likes emos. Rule #65: You will be reported to AOL if you steal pictures. Rule #66: Don't click links. Ever. Rule #67: Shitting dick nipples add to any picture. Rule #68: If someone is in your base, he is most likely killing your doodz. Rule #69: Whenever you do something, it is likely that a challenger will approach. Rule #70: It always needs more sauce. Rule #71: If you fap to it and acheive orgasm, you must tell everyone. Rule #72: Everything on eBaumsworld is stolen. No exceptions. Rule #73: Believe everything you read on the internets. Rule #74: Camwhores must do everything requested of them. Rule #75: There is always a female version of a male character. No exceptions. Rule #76: Duke Nukem Forever must never be released or the whole of the interent will collapse. Rule #77: Wapanese is spelled "Weeaboo." Rule #78: If it excists, it's been cracked and pirated. No exceptions. Rule #79: Someone would masturbate to it. Rule #80: Zidane's headbutt is unrivaled. Rule #81: Nothing is shocking. Rule #82: Upgrading someone's RAM is a sign of goodwill. Rule #83: Mongling cocks will not be accepted. Rule #84: Posting cat torture pictures on Caturday will not be accepted. Rule #85: The warranty will be voided if the seal is broken. Rule #86: If you masturbate on a small figurine, you must post pictures. Rule #87: If you would have sex with it, let everyone know. Rule #88: You are playing the Game. If you think about the Game, you lose the Game. If you lose you must tell everyone about the game. Rule #89: It is a trap. Rule #90: If you actually read all of these rules, you are required to become a hero.

Welcome Aboard

I feel much safer now!

Nicely done. My password is close to 60 characters.

Yeah they get buried under all the new movies. Not sure what happened, they were going to do it according to what it says above.

I will be posting a bunch of aXXo films here soon. I am just collecting all if the .torrent files now. Looks like it will be over 700 movies.

Get a seedbox. Works great for me. Check this company, they have been great. They also allow public torrents. http://www.cyberphoenix.org/forum/topic/257141-really-good-seedbox-20-off-recurring-on-1gbps-plans-hurry/?p=344633 As an added plus you get a VPN with the service. They use Open VPN through there network. Very easy to set up. Install OpenVPN serverOpenVPN server is already installed on all seedboxes. For VPS, if you don't know how to install OpenVPN server please submit ticket and we will do that for you.

Updated prices. They have been a very good seedbox. Best thing is they allow public torrents! As an added plus you get a VPN with the service. They use Open VPN through there network. Very easy to set up. Install OpenVPN server OpenVPN server is already installed on all seedboxes. For VPS, if you don't know how to install OpenVPN server please submit ticket and we will do that for you.

Nice one!