Posted by & filed under Home, Releases, Security, Softwares.

The website of Computrace shouts at you: Recover Stolen Laptops, Smartphones and Tablets with Absolute LoJack. That’s good news, you might think: a program that (theoretically at least) can be used to locate a stolen laptop.

 

But all is not well, because the program is pre-installed in the BIOS of millions of laptops, without you knowing about it. According to the manufacturer, Computrace software is disabled in your BIOS when you buy your computer and it is only enabled when you pay and sign up for the Computrace services and then another program, the Persistence Module, is installed.

 

Computrace can be considered malware because it details what your machine is running, what software is installed, and what IP information is allocated to your machine at the time it reports to Absolute’s network.

 

The biggest problem, some security analysts say, is that a malicious hacker can manipulate and control the call-home process. That’s because the technology uses a configuration method that contains the IP address, port and URL, all hard-coded in the Option-ROM. At first run, the configuration method is copied in many places, including the registry and hard-disk inter-partition space. It is very easy to modify the configuration, giving it the ability to point the IP and URL to a malicious site, where un-authenticated payloads, such as RATs, can be directed to your laptop.

 

Because the malware is white-listed by antivirus software, the malicious modifications will go unnoticed.

 

How do you know if your computer in ‘infected’ with Computrace? Simply download and run PhrozenSoft Computrace Detector v1.0.

 

10390534_704329569625688_4477378353377656717_n

 

Download

Posted by & filed under Home, Releases, Security, Softwares.

PhrozenSoft BlackShades Detector is an easy-to-use program especially designed to detect a possible infection with the notorious the BlackShades RAT. Since 2010, that program is – according to law enforcement officials – used by thousands of hackers worldwide to try and remotely control your computer without you ever having an idea that this is happening.

What is BlackShades capable of?

  • Activate your webcam, capture screen and webcam images
  • Remotely control your desktop
  • Keylogging
  • Steal your passwords
  • Play with your computer
  • Browse your files
  • Upload/Download any files to/from your computer or update itself
  • Change the behaviour of some controls
  • Be used to DDoS websites
  • Spread to removable drives (thus helping itself to infect other computers)
  • Kill other bots
  • etc…

In the hands of a capable hacker, a program like the BlackShades RAT can be a extremely dangerous for your computer and your privacy. It can potentially be used to steal your banking credentials and then empty your bank account. And yes, BlackShades RAT can turn your computer into a so-called zombie: your computer is unknowingly used to infect others.

Is it possible to detect BlackShades RAT without an Antivirus program?

Yes, a recent article, published by the FBI (Federal Bureau of Investigation). The article describes how you can detect some of the signs of an infection with the BlackShades RAT.

Because we suspect that the majority of computer users do not have intimate knowledge of the inner workings of Windows, we decided to automate the process of detection. PhrozenSoft BlackShades Detector 1.0 will quickly, easily and safely search for any sign of an infection with the BlackShades RAT.

What does PhrozenSoft BlackShades Detector do?

PhrozenSoft BlackShades Detector is certainly not a full-blown antivirus program and can therefore never replace such a program. It is only a little tool to detect the possible presence of the BlackShades RAT on your computer. If it does find an infection, you will need to install an up-to-date antivirus program on your computer to eradicate this dangerous threat.

PhrozenSoft BlackShades Detector is thus simply the first step in finding a possible infection by the BlackShades RAT.

First, it scans your computer for some registry keys that could betray the presence of the BlackShades RAT. Then the program continues to search for some cached files that are used by the Blackshades RAT to store your banking credentials or other related information that it will eventually send to the hacker at a later date.

Finally, we used the database of the Syrian Malware to search for some packaged viruses, that are used by the Syrian government to illegally spy on their own citizens.

It detects Blackshades + DarkComet macro viruses. We plan to update the program when the Syrian Malware website updates their database.

Few images of the program.

snap1 sshot-1 sshot-2 sshot-3 sshot-4 sshot-5 sshot-6

Download

Posted by & filed under Softwares.

Microsoft recently posted a warning on its Malware Protection Center about Malicious Proxy Auto-Config redirection. The entire post can be read here.

Your Internet banking credentials are a desired target for cybercriminals. In most cases these Internet banking credentials are be targeted with man-in-the-middle attacks or through password stealing trojans such as Fareit, Zbot or Banker.

A lesser known, yet commonly found in South America and to a lesser extent in Russia, method to gain unauthorized access to a user’s banking credentials is through malicious Proxy Auto-Config (PAC) files. Normally, PAC files offer similar functionality to the hosts file, allowing IP/website redirection, but only for the browser. Unfortunately, they can also be used for nefarious purposes.

When a user is infected with a malicious PAC and visits an internet banking website, the browser is usually redirected to a fake website that mimics the intended banking website. This may result in credentials being stolen – or worse, online account hijacking.

Any PAC file installation (legit or otherwise) can be manually checked in Internet Explorer by opening the Tools menu, then selecting Internet Options, clicking the Connection tab, and selecting LAN Settings. If you see something similar to the following picture and you didn’t install a PAC file, then you might be infected. Microsoft advises to delete the file entry in “Use automatic configuration script” (or disabling it) plus the local file referenced. This can help mitigate an attack.

Phrozensoft Auto Config Risk Protector 1.0 will remedy this problem for you.

Download

 

Posted by & filed under Home, Privacy, Security.

No, it is not possible that the FBI can magically turn on your web cam without triggering the light of your web cam. There’s a simple reason for that: most of web cam lights (if not all today) are triggered these days on a hardware level. When you activate the web cam of your computer, electricity will first pass through the LED of the web cam, which means it automatically turns on the light. It should be (or become) a basic sense of security to know when your web cam is capturing some data at any given moment.

The only exception we know of is the old Logitech web cam which has an option to disable its light via Windows registry.

see http://forums.logitech.com/t5/Webcams/Can-I-turn-off-red-LED/m-p/277305#M52816

resume from http://security.stackexchange.com/a/6855 :


Therefore, internal laptop web cam lights are mounted in series with the camera sensor so it can never be hacked.

So, I think you don’t need to be afraid when your hear of read news such as was published lately and we think it might even be a hoax (or bad reporting by a misinformed journalist). But FBI probably does have agreements with large companies to put some backdoors natively on systems to gather some information. However, we doubt they would pre-install backdoors that act like a Remote Access Trojan (RAT), because these would be spotted really quickly by your antivirus.

But if such behaviour is proven beyond any doubt one day, companies like Microsoft might lose a huge amount of users, ourselves included. Because you know what they say: Trust Leaves On Horseback And Returns On Foot .

In conclusion, live your life on Internet as you have always done and do not always believe what the media write. Install a good antivirus program and keep it up-to-date. Set up a firewall and, finally, do not download or execute programs that you do not trust. You should be safe if you follow these simple rules.

Posted by & filed under Home, Softwares, Updates, VirusTotal Uploader.

Just a few days after its initial release, we already have a new version of Phrozen VirusTotal Uploader ready. Overnight, it has become our flagship product that is gaining more popularity (and users) every day.

We finally implemented the file upload limitation that was requested by one of our users. The program now displays a a message-box when the size of the file that is uploaded is bigger than VirusTotal’s API limitation (like requested by GHacks excelent review).

Change log

  1. Some minor bugs fixed.
  2. Better file queue management.
  3. Display a message box if the size of the file to scan is greater than VirusTotal’s API guide limitation (note that this will not concern you if you are using a custom API without size limitation) – This message box can be disabled.
  4. Possibility to limit number of uploads at the same time to avoid consuming to much network.

Feel free to give a feedback. We the advice and suggestions of our users very seriously and often add their ideas to our programs.

Image: Screen of the new Settings Menu.sshot-1

sshot-1

 

 

Older Article Download

 

Posted by & filed under Home, Softwares, Updates, VirusTotal Uploader.

A new version of our Phrozen VirusTotal Uploader is finally out with several fixes and improvements. Because it is one of our most complete and most downloaded product, it now has merited its own official website. You can visit its brand new website at the following address: http://phrozenvtuploader.com/

There are two major updates in this version:

  • Even when it is recommended to have administrative privileges while using the program, it now isn’t mandatory anymore. You can now install and use the uploader using the regular user account. Note that using the regular account will curb the program — some processes/startup ups/services/network application will not be shown if you try to scan a file managed by admin account. You won’t be able to upload and scan the file.
  • Download and Scan module had been fully recoded. Because we always try to listen to the questions, wishes and recommendations of our users, we decided to add the support of multi url “download and scan” and “import url’s from file”. You may also profit from a new unique and user-friendly design to download multiple file at the same time. You can now also decide what the maximum number of asynchronous downloads should be to avoid using to much of your bandwidth.

Full changelog :

  1. User interface optimization finalized using the last Phrozen Software graphic.
  2. Desktop widget design is now optimized.
  3. The design of the notifications is now optimized.
  4. The Download and Scan now supports multi-file download.
  5. The Download and Scan now supports import URL from file (New line separator).
  6. The Download and Scan functions have been entirely recoded.
  7. New Settings panel added for Download and Scan (see picture below for the list of supported Settings).
  8. Now the program doesn’t require administrative privilege to work. You can elevate at any time to have a better scope of your system.
  9. Startup list now supports Userinit startup method listing.
  10. Startup list now supports disabled entries which still exist in the system.
  11. Column size of list views are saved for next program startup.
  12. Some minor bugs fixed. Stability increased.

Read more »

Posted by & filed under Home, Softwares, Updates.

Phrozen Safe USB v2.0 one of our your favorite applications was finally updated to version 2.0 and incorporates the following changes:

  • User interface is now more user friendly: only one click is necessary to change USB mode.
  • User interface is now having our new Phrozen Software graphic.
  • Option to minimize to tray added in settings window.
  • Disable USB Auto Play Dialog added to settings window.
  • Protect application with password added to settings window.
  • Start application with Windows now supports UAC (it requires administration privileges).
  • Application is now portable.

Note: The password protection feature is only useful for administrators who share the computer with others. Since they cannot access to registry editor and Phrozen Safe USB is run by default as Admin, this could let normal users changing USB settings without your authorization which could constitute a risk. It was a feature that was often requested by our users and, as we always listen to our users, we added this function.

Read more »

Posted by & filed under Home, Privacy, Security.

In a previous article we talked about how to secure your mail conversation in a generic way using the well-known and universally trusted Thunderbird mail client configured to work with PGP.

Today we will describe a way to protect your Google Talk/Hangout conversation using a strong asymmetric encryption which will make your conversation impossible to read by Google or whoever may have access to your accounts.

Since Google uses the XMPP protocol for chatting, it is easy to use your google account with any Chat Client which supports the XMPP protocol.

In our case we have decided to use Pidgin, a tiny, open source and cross-platform Instant Messaging Client that is very trusted by community and which has of tons of useful plug-ins to enhance your chat experience and anonymity.

Sans titre

 

When downloaded, run the setup and install using its default options.

Before running and configuring Pidgin you will need to download and install the plug-in for chat encryption called OTR (Off the Record). Like Pidgin, this plug-in is very well-known and open source.
Note: OTR exists for Linux, Mac OSX and Windows.

Read more »

Posted by & filed under Home, Releases, Security, Softwares.

Phrozen Windows File Monitor is a standalone program designed to capture any kind of modification inside the file system of Microsoft Windows. It could be very useful to detect potential unwanted activity in your system. For example, when you execute for the first time a potentially suspicious software, Phrozen Windows File Monitor will detect any suspicious activity in your file system. Phrozen Windows File Monitor has a very user friendly interface and it also incorporates many filters to help you to focus in specific files and paths to detect suspicious files.

In addition of PhrozenSoft VirusTotal Uploader (A new version will be released soon), Phrozen Windows File Monitor is the perfect tool to analyse what is truly happening in your system.

sshot-3

Read more »

Posted by & filed under Home, Security.

Today we publish a very complete tutorial about how to use PGP mail encryption for mails between your friends, colleagues, etc. and we will be using Mozilla’s mail client Thunderbird. Thunderbird is a very efficient mail client, which is also open source, so it has a large community behind it to keep this nice piece of software safe, secure and often updated.

Also because the FireFox web browser is part of the same family, it offers a wide collection of add-ons – called Plugins – to make your mailing experience continiously better. If you still don’t use Thunderbird, we recommend you to get it now from its official website by clicking on the button link below.

 

 

Note that Thunderbird is recommended by Prism-Break website, a website dedicated by the EFF company, the company which is behind the famous onion proxy service Tor.

 

Why is it necessary to encrypt mails nowadays ?

This question has many possible answers. One of the most important would be ‘your privacy’. Suppose you work at a company you are continuously sending and receiving mails that contain sensitive information. But you do not really understand how the mail protocol works. In most cases your mails will be handled your company mail server and that is serviced by your System/Network Administrators. Did you know that they are able to read all your mails? Do you realize that if someone else is reading your mails they could create serious problems if details of your company, of the policies or strategies of your company or even your personal life would become public or be sold to a competitor.

This happened to others and it could happen to you if the people who manage the mail servers are evil but also if they are stupid. Everybody should use IMAP with TLS to grab new mails securely, much like when you should visite a website using HTTPS. For instance: if you connect to a public WIFI-spot or in a private WIFI-spot with a weak security, anybody could grab – via packet sniffing – your mail contents and read them without you noticing.

Another reason to encrypt your mails would be: if someone steals your laptop, he could easily break into your mail client and read all your mails. He could even send incriminating mails to your clients or colleagues.

PGP will also giving proof of your identity to your pen-friend.

Finally, as you already know after the last month’s stories about PRISM, government secret services can get their hands on your mails without any problem. These governments will try to convince you that all they do is within the law and is only done to catch spies or terrorists but that is not really the problem. The problem is that someone is reading your mails and that is invading your sense of privacy. That’s why you should be protecting and securing your mail, because you don’t want a complete stranger to read your personal communication.


When correctly configured, PGP is the perfect solution to protect yourself against such issues. It will encrypt (transform readable data to unreadable version) your mails using a strong encryption method and in addition will proof your identity using signed message function.


Read more »