This video shows all 150,966 deaths in ‘Game of Thrones’

As one of the more popular shows on TV, Game of Thrones is certainly no stranger to controversy. Even though the show airs on HBO — a channel were ostensibly anything goes — there have been some vocal critics who have lambasted the show for the way it treats women and its depiction of violence that some argue is gratuitous and a tad over the top. Of course, Game of Thrones author George R.R. Martin has been quick to dismiss such criticisms, noting in the past that “drama comes out of conflict” and that “if you portray a utopia, then you probably wrote a pretty boring book.”

All that said, there’s no denying that death is one of the reasons why GOT is so enthralling and compelling. After all, it takes a special skill to create a character so vile (read: King Joffrey) that viewers are actively hoping for his brutal demise. Individual character deaths aside, GOT is also no stranger to depicting death on a massive scale, often in the form of intricately choreographed scenes of large-scale battles.

All in all, the last six seasons have seen no shortage of death. From popular characters to nameless peasants, no one in the Game of Thrones universe is truly ever safe. In light of that, the YouTube channel Leon Andrew Razon Compilations recently put together a video compilation highlighting every single on-screen death the series has seen since its inception. Taking things an interesting step further, the video also advances a tally of all the deaths the show has seen. The resulting figure is pretty astounding: 150,966 deaths to be precise. Note, though, that the tally does include animals.

Regardless, this video compilation must have taken forever to put together and you can check out the finished result below.


via BGR

New Loki Variant Being Spread via PDF File


The Loki Bot has been observed for years. As you may know, it is designed to steal credentials from installed software on a victim’s machine, such as email clients, browsers, FTP clients, file management clients, and so on. FortiGuard Labs recently captured a PDF sample that is used to spread a new Loki variant. In this blog, we will analyze how this new variant works and what it steals.

The PDF sample

Figure 1. Content of the PDF sample

The PDF sample only contains one page, shown above, which includes some social engineering content to entice users to download and run the malware.

Figure 2. Objects inside the PDF sample

According to the sample content (Figure 2), an annotation object in the sample includes an URI action, where the malware is downloaded.

Add itself to Startup folder

When this malware is executed the very first time, it copies itself to “%AppData%\subfolder”, and renames it as “citrio.exe” in my test enviroment. It then creates a VBS file which can start “citrio.exe”. Figure 3 shows its code. The VBS file is added into the system Start Menu so it can automatically run whenever the system starts. After all these actions are complete, “citrio.exe” is started.


Figure 3. The VBS file in Startup with its code

How the new Loki variant works

All the APIs being called in this malware are hidden, which will be restored before calling. This increases the difficulty for researchers to analyze it. Figure 4 shows an example. After calling the sub_4031E5 function with the hash(C5FA88F1h) and DLL number (0Ah), eax points to the API “CommandLineToArgvW”.

Figure 4. Restoring the hidden API

The author of the malware has written a number of functions for stealing credentials from a victim’s machine.  There is an array that is used to store the function pointers. Figure 5 shows part of the function pointers.

Figure 5. Array with function pointers

As you may have noticed, I added the comment behind each function to show you which software it steals credentials from. The malware calls those functions one by one in a loop. Here is the list of most of the software whose credentials can be stolen.

Browser software:

Mozilla Firefox, IceDragon, Safari, K-Meleon, Mozilla SeaMonkey, Mozilla Flock, NETGATE Black Hawk, Lunascape, Comodo Dragon, Opera Next, QtWeb, QupZilla, Internet Explorer, Opera, 8pecxstudios, Mozilla Pale Moon, Mozilla Waterfox.

IM software:


FTP software:

FTPShell, NppFTP, oZone3D MyFTP, FTPBox, sherrod FTP, FTP Now, NetSarang xftp, EasyFTP, SftpNetDrive, AbleFTP, JaSFtp, Automize, Cyberduck, FTPInfo, LinasFTP, FileZilla, Staff-FTP, BlazeFtp, FTPGetter, WSFTP, GoFTP, Estsoft ALFTP, DeluxeFTP, Fastream NETFile, ExpanDrive, Steed, FlashFXP, NovaFTP, NetDrive, SmartFTP, UltraFXP, FTP Now, FreshFTP, BitKinex, Odin Secure FTP Expert, NCH Software Fling, NCH Software ClassicFTP, WinFtp Client, WinSCP, 32BitFtp, FTP Navigator.

Game software:

Full Tilt Poker, PokerStars.

File manager software:

NexusFile, FullSync, FAR Manager, Syncovery, VanDyke SecureFX, Mikrotik Winbox.

SSH/VNC client software:

SuperPutty, Bitvise BvSshClient, VNC, KiTTY.

Password manager software:

mSecure, KeePass, EnPass, RoboForm, 1Password.

Email client software:

Mozilla Thunderbird, foxmail, Pocomail, IncrediMail, Gmail Notifier Pro, DeskSoft CheckMail, Softwarenetz Mailing, Opera Mail, Postbox  email, Mozilla FossaMail, Internet Mail, MS Office Outlook, WinChips, yMail2, Trojita, TrulyMail.

Notes/Todo list software:

To-Do DeskList, Stickies, NoteFly, Conceptworld Notezilla, Microsoft StickyNotes.

Stealing Microsoft Outlook Credentials and Stickies Pictures

From the above analysis, it is clear that this new Loki variant is capable of stealing credentials from more than 100 different software tools (if installed.) In this section, we are going to present how it steals the credentials of Microsoft Outlook and pictures from Stickies.

To do this, It goes through three sub-keys (for three different versions) in the system registry to get saved email accounts, email addresses, username, password, SMTP, POP3, IMAP related information, and so on.

The three sub-keys are:

Figure 6. Microsoft Outlook saves credentials in the registry


Figure 7. Copying sub-key “POP3 Password”

What you can see in the above figures are the Outlook credentials in the system registry of my test enviroment. The malware is able to read them from here by calling the API “SHQueryValueExW”. All stolen information is stored in a global buffer.  See Figure 8.

Figure 8. Stolen Outlook credentials in global buffer

For the Stickies attack, since I didn’t have that software installed I simply modified my test machine to simulate that it was installed. Here we go.

Figure 9 shows part of the code for Stickies. It gets the strings “*.png”, “*.rtf”, “%s\stickies\images” dynamically created before using. The malware steals png and rtf files from the sub-folders “\stickies\images” and “\stickies\rtf” in several system directories, such as %AppData%, %UserProfile%.

Figure 9. Code snippet for Stickies

I created a sub-folder “%AppData%\stickies\images” and put a .png file into it. Loki reads the png file into that global buffer behind the Outlook data. It also collects system information from the victim’s machine, such as computer name, user name, processor property, etc. After all collected information is ready, it sends them to its C&C server using a HTTP POST request, the body of which is the data stolen from the victim’s machine. And the data is delivered in a kind of compression format. Figure 10 shows a screenshot of the packet in WireShark.

Figure 10. Send the data stolen from Outlook and Stickies to the C&C server


The URL “” has been rated as Malicious Websites and “” as Phishing by the FortiGuard Webfilter service.

The downloaded exe file has been detected as W32/Injector.DONO!tr and the PDF file as Data/Loki_Phish.A!tr by the FortiGuard Antivirus service.




Sample SHA256:





via Fortinet Blog | Latest Posts

Skydivers have an amazing new use for drones

Latvian company Aerones has built the ultimate skydive drone. The company claims that skydiver Ingus Augstkalnsm completed the first skydive from a drone.

Follow Tech Insider: On Facebook

See Also:

via Business Insider

Russian search engine Yandex’s Ukraine offices raided for ‘treason’

Already under sanctions by the Ukrainian government, Russian search giant Yandex has been raided by the country’s security services.

The raids, in capital Kiev and the southern city Odessa, were conducted under the treason articles of the country’s criminal code, according to Russian state newsagency TASS.

Reuters says the basis of the complaint is that the company is collecting user data on Ukrainians and sending it back to Russia.

Yandex’s only statement was to confirm that “representatives of Ukraine’s Security Services” (the SBU) went to its offices in the two cities, adding that its lawyers would help with any investigation.

The SBU has posted a statement saying the information sent to Russia was “for use in reconnaissance and acts of sabotage”.

Prior to sanctions imposed earlier this month, Yandex claimed 11 million users in the Ukraine and had 320 staff in the country.

Earlier this month, Yandex joined social networks VK and Odnoklassniki, Kaspersky Labs and the e-mail service on a sanctions list proclaimed by Ukrainian president Petro Poroshenko. That list was drawn up in retaliation for Russia’s ongoing support for separatists in the east of the country and its annexation of the Crimea.

Poroshenko’s post (ironically on VK) said Russia’s ongoing interference in other countries (including France earlier this month) “show the time has come to act differently and more decisively”. He’s promised to end his own use of Russian sites.

When the ban was announced, a spokesman for Vladimir Putin said Russia hasn’t “forgotten about the principle of reciprocity”, according to The Guardian. ®

via The Register

Major hotel chains launch marketing campaigns to woo customers away from travel-booking sites, which take commissions of up to 30% for each reservation (Chris Kirkham/Wall Street Journal)

Major hotel chains are engaging in an online turf war with the very travel sites that have helped drive their businesses.

Marriott International Inc., Hilton Worldwide Holdings Inc. and InterContinental Hotels Group are using extensive marketing campaigns to claw back business from Expedia Inc., Priceline Group Inc. and other travel-booking sites, which steer customers to hotel properties but also take commissions of up to 30% for…

via Techmeme

Original ‘Crazy Taxi’ Game Is Now Free For Mobile Devices

In the gaming world, there are various games that despite there being newer and more exciting will always remain a classic. Sega’s Crazy Taxi is one of them, and for those who wouldn’t mind revisiting the good old days, you’ll be pleased to learn that Sega has since made the game free to play on mobile.

In case you didn’t know, Crazy Taxi was actually released on mobile a while ago, but it was a paid title meaning you’d have to shell out money first before playing the game. However now that it is free to play, it means that you’ll be able to download it and start playing right off the bat without paying anything.

However as is the case with all free to play titles, there is a catch and that is in-game ads. Gamers will have to put up with various ads and promos that will pop up every now and then. However if you had previously paid for the game, you can remove the ads for free by going to the restore purchases option.

For those who are sick of ads and did not previously pay for the game, then you have the option of paying $2 to get rid of it. The app is available on both iOS and Android devices, so head on over to the iTunes App Store or Google Play for the download.

Original ‘Crazy Taxi’ Game Is Now Free For Mobile Devices , original content from Ubergizmo. Read our Copyrights and terms of use.

via Ubergizmo