Naev, Valyria Tear, Wyrmsun, ReTux

Wymrsun 1.6.0 was recently released (announcement on our forums and on Steam). Wyrmsun is inspired by the original Warcraft games and many reviewers on Steam compare it to Warcraft II. The project continues a steady development pace which is always a good sign so I encourage RTS fans to try it out.

Wyrmsum

Naev 0.6.1 has been released. After a long period without releases until release 0.6.0 appeared in March, this follow up release indicates a return to regular progress for the project. Naev is a 2D space trading and combat game.

I couldn't find a more recent video but here's a bit of a development log of some features for the 0.6.0 release.

Speaking of resurgent projects, Valyria Tear has some news.

The most noticeable change is that I killed a few days ago a very nasty bug that was there from the beginning, making the lua threads never freed from memory. This means the game won't end up anymore swallowing gigs of memory for nothing and crash due to some memory overflow.

Well that does sound like a bit of a killjoy, so good to see it fixed. Other changes are in the blog post.

Onto more things slightly more dubiously open source in nature...

ReTux 0.2 has been released. ReTux is a new Super Tux inspired game. It is a completely rewritten (in Python) codebase although uses many of the assets from the original Super Tux so naturally people will mistake the two despite the significant differences. I already covered the IndieGoGo campaign in a previous article.

ReTux

I'm not really on board with the way the developer Onpon4 is now soliciting $20 for access to the code. I think he's both hurting himself by limiting exposure of the game (you need a password to access the downloads) as well as asking for a fairly significant sum in an age where AAA games are of a similar price a year after release (and regularly on offer, as any Humble Bundle or Steam user will know).

I would say he should just get it on Steam, sell it there, and be open source outside of that. Perhaps have additional levels in the Steam version but accept that charging for the source code is as pointless as it is ineffective.

GameGuardian v8.0.0 APK

GameGuardian
Without it, you are played by games; with it, you play games in your own rules!
“Game Guardian” is a game hack/alteration tool. With it, you can modify money, HP, SP, and much more. You can enjoy the fun part of a game without suffering from its unseasonable design.

Main Features

• Search game value with precise number.
• Search game value with vague instructions, e.g. larger or smaller.
• Lock the game value to a fixed number.
• Save/Load the managed list.
• Touch Guardian sprite to bring up the tool during gaming.
• Change game speed.
• Runs on ARM and x86 devices, including x86 emulators (BlueStacks, Droid4X, Genymotion etc.)
• Supports Android 2.3.3+ (Gingerbread) through Android M.
• Game deceleration and acceleration (ARM devices only)
• Explicit and “fuzzy” numeric searches
• Supports: Dword, Float, XOR, Word, Byte, or Auto data-type searches
• Modify all search results at once
• Filtering of search results (address greater than and less than, value greater than and less than)
• App locale for over 90 languages

What’s New in Version 8.0.0

Major changes:

• Rewritten search engine.
• Rewritten storage engine.

Minor changes:

• Improved root detection.
• Tons of bug fixes.
• Updated translations.
• Better avoiding of detection.
• Allowed search for 0 or -1 as first search.
• Improved in-app text (ie front page text description).

How To Use GameGuardian?

1. Make sure Game Guardian is running (doggy icon will be translucent on screen)
2. Open game and find value you want to change (cash, HP etc)
3. Press icon, search tab and press search and enter the number
4. Go back to the game and change the value in some way (gain money etc)
5. Go back to GG and search again for the new value and your results will be narrowed down
6. If needed, repeat steps 4 and 5 until down to very few results.
7. Long-press on value and enter the desired value. Go back to app and the value will be changed!:)

Screenshots

Requires

• Android: 2.2 and up
• ** ROOT ONLY **
• This tool only works in rooted devices!!

Downloads

GameGuardian v8.0.0 (2.3 MB) | Mirror

A quick look at a signed spam campaign

I noticed the following tweet pass by on Twitter:

Just received my 1st-ever digitally signed piece of spam. The ribbon is bound to entice someone 2 click on the email pic.twitter.com/470TpdaPDE

— Robert (Роберт) (@RobertIdAu) November 9, 2015

The mail received is as follows:

Spam but digitally signed

As Robert correctly notes, since the mail is digitally signed, it may entice people more to open the attachment and get infected. In case you're wondering, the key id of the certificate is as follows:
FE:22:B7:24:E3:4F:27:D9:05:E0:CC:B8:BD:DE:F4:8D:23:FD:2F:D9 (copy of cert on Pastebin)
Issuer: C=IT, O=DigitPA, OU=Ufficio interoperabilita' e cooperazione, CN=DigitPA CA1

Signature details. S/MIME message format

Both first and second mail are coming from: 175.156.221.127 - IPvoid - Whois (DomainTools)

IP location: Singapore (VirusTotal)

On to the attachment (the .xml file is harmless):

"recalculation.zip" attached

Hello
This recalculation of payments for the last month.
I remind you of your debt 3148,48 AUD.
Please pay as soon as possible.

The ZIP file contains 2 files: recalculation_77979.pdf.js & info_9455.txt. The TXT file just contains the name of the first file, which tries to hide as a PDF file but is in fact JavaScript (JS).

Part of the JavaScript

You can find the original JavaScript on Pastebin. You can also find the decoded base64 here and the final obtained JavaScript here. In the final JavaScript, you'll see it downloads a file and renames it to a random filename, then executes it:

Download

Run

It fetches a file from: 203.255.186.156 - IPvoid - Whois (DomainTools)

IP location: Korea (VirusTotal)

The eventual payload may be Andromeda/Gamarue, which will make your machine part of a botnet. Some information on the dropped DLL file (this is all static analysis):

Meta-data
==================================================================
File:    28236726.dll
Size:    495630 bytes
Type:    PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:     934df5b173790da14ef3a817ec1fc422
SHA1:    e90b6e45f255350d0fd4cba361a09ad5d8271af1
ssdeep:  12288:GysxmAb/DC7BfWLc9ivHsegWDhNSKDWrV5rJfT:jo768wAAExDoPr9
Date:    0x429CE7C3 [Tue May 31 22:40:03 2005 UTC]
EP:      0x1000bddb .text 0/5
CRC:     Claimed: 0x0, Actual: 0x83498 [SUSPICIOUS]
Packers: Armadillo v1.xx - v2.xx

Functions in our DLL file

You may also find the file on VirusTotal, SHA1 hash: e90b6e45f255350d0fd4cba361a09ad5d8271af1


There's also an analysis available by Reverse.it (Hybrid Analysis) on Windows 7 32bit & Windows 7 64bit. Feel free to perform any additional research on it, let me know if you find something interesting or should you find out exactly which kind of malware this is.

Just as a note, while all that is happening in the background, a decoy PDF file gets opened as well, as to not raise suspicion:

Decoy PDF document (not malicious)

Prevention

For administrators:

• Sender's end: Create an SPF record, as to prevent sender address forgery. More on SPF here.
• Receiver's end: Turn on SPF checking on your mailserver.
• If possible, turn on full support for DMARC. More on DMARC here.
• Check that only your mailserver may access the WAN (or RED) on port 25. Configure this in your firewall.
• Check that you use strong passwords for your Domain Controller server(s). 
• Check that antivirus is installed, up-to-date and running on all workstations. (if applicable)
• If not needed, you can disable Windows Script Host (WSH), as it's needed for JavaScript to run locally. Read how to do that here. 

For endusers:

• Don't open attachments from unknown senders - ever.
• Install an antivirus and keep it up-to-date and running. Enable the option to scan Compressed Files. 
• Preferably, see that your antivirus has a firewall as well, to prevent unauthorised access.
• Consider disabling Windows Script Host. You can use my tool, Rem-VBSworm with option D for example.
• Alternatively, you can install Analog X's Script Defender, which will block these scripts (JS, VBS, ...) as well.

Some time ago, I did a Q&A on ransomware, which also included several general tips on how to prevent (ransomware and other) malware. You can find and read those tips here.




Disinfection

As usual:

• Look for suspicious Run keys (find locations here) and delete the associated file(s).
  In our case, all files were dropped in the %TEMP% folder. Also, don't forget to look for rundll32.exe processes, as the payload was a DLL file. More information on rundll32 here.
• Run a full scan with your installed antivirus product.
• Run a full scan with another antivirus and/or antimalware product.
• In a company: warn your network administrator immediately!

Conclusion

Now how was that mail sent out? There's no sure way of telling - it's possible the company is compromised (by either malware or an attacker), there's no SPF record, the certificate has been stolen (unlikely but not impossible), .... Most likely, a machine is infected by a spambot.

Note that with PEC (Posta Elettronica Certificata), a user can send a signed message even when the mailserver is not compromised. PEC means the server signs a message to ensure timestamp and sender, not content. More on PEC here (ITA) or here (EN). See also point 2 and 4 in the Prevention tips above.

I've contacted all related parties and hoping I'll get a reply soon, or at the very least they will perform some analysis and cleaning.

Follow the prevention tips above to stay safe. If you're looking for Indicators of Compromise (IOCs), they can be found as usual on AlienVault's OTX.   

Christmas gift ideas 2015: Top 5 best Tech Christmas Gifts for your family, friends

Yes, we know it may a litter early, but we think many people have countdown the days for Christmas. There's 50 days until Christmas holiday. But there are lots of brilliant Tech Christmas gifts to buy for your loved ones, so how do you make the right choice? Here we have round up the top 5 best Tech Christmas Gifts and ideas 2015 for you.


1. Tablets: iPad
According to the survey from BestBuy, iPad is the No. 1 most wanted tech Christmas gift among those American 2,000 consumers. Yes, Apple offer many choices of tablets for us, such as iPad air 2, iPad Mini 4 and even iPad Pro if you love big screen. If you have not got one, you should have a consider. You will love the feeling of Watch Movie, play games and read e-book, etc. on the go.

Other offers are available too, such as Samsung Galaxy Tab 2, Microsoft surface and Amazon Kindle.

2. Wearable Gadgets: Apple Watch, Pepple, Fitbit
Wearable gadgets does not only make your life simple, but also are a way to help people get into shape or give that extra push for competitive types. A lot of Guys use it for sports and fitness.

In 2015, The Apple Watch may be the most popular smartwatch and it has sold about 700 million units until Nov. And if you are new owners of the Apple Watch, you can check our collection of the best third party apple watch bands and straps, including stainless steel and leather bands.

3. Smartphone: iPhone & Android
There is no doubt that the newly iPhone 6s is your best choice if you want update your phone. Or you can also take the iPhone 6 which sells at lower price. Other android phone, like Samsung galaxy Note 5, S6, S6 Edge Plus, LG G4 is the right choice too. All of them have beautiful design and high performance.

4. Bluetooth headsets: Bose, Beats
You really need a good headset if you love music and watch movies on your Smartphone and tablets. There are varieties of different high quality Bluetooth headsets at the market, and beats and Bose enjoy a good reputation. If you don’t mind the cost, then they are your best choice

Or you can also choose bluedio bluetooth headset from our store. It sells well on amazon, Ebay.

5. Action Camera: Gopro
Action Camera Gopro let you capture high-quality photo and video content and its sales have more than doubled every year. The camera maker is a favorite among surfers, bikers, skydivers, pretty much anyone who's looking to strap a camera to her person—or drone—and capture an adventure. So if you are Sports Lover, you can’t miss it.

Also recoomend: Sjcam Waterproof Action Video Camera

We will update this article when we discover other Christmas gifts. And We Welcome Your Comments and Suggestions to let us know your choice.

Source from:  Top 5 best Tech Christmas Gifts and ideas 2015 for your family, friends

Wondershare MirrorGo 1.3.1 Serial Key

Wondershare MirrorGo

A powerful tool for mirroring display Android on your PC. The program performs many more functions than the output of the phone screen on a PC monitor. It is specially optimized for gamers. Use your mouse and keyboard, you can play games for Android in HD-format on your PC, keeping game stats on the PC and on Android. You can easily record the process of the game and take pictures of the screen using MirrorGo. And of course, the transfer of files between the mobile device and the computer has not been so easy – just drag and copy.

Features

• Playing Benefits
• Mirror Competitor
• Emulator Competitor
• Mouse & Keyboard
• Full Screen
• High Definition
• Screen Capture
• Record
• Sync Game Data
• Hot Keys
• See & Play
• Total control beyond your finger tips
• Sync to Play Anywhere
• USB Connection
• WiFi Connection

How to Activate?

1. Download and install software.
2. Download Serial file and use it.
3. Done !!

Downloads

SERIAL.txt (3 KB)