So, I’ve got most of the baddies cleaned out and I’m not getting popups anymore. No nags on boot, the boot process is quicker, but is it really clean? I found a few files (winlogon.exe, alg.exe in particular) that could be legitimate windows file names. Am I running the good one, or the trojan? That is exactly why a clean install is usually the best treatment for a badly infested system. Ultimately to trust this cleaned system a bit better I would need to. Watch it for signs of peculiar network ports open or peculiar processes…..
Tag: Windows
-
WMF 0-day update
Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there’s a “possible vulnerability”… fortunately, their technical document is a bit more straightforward… technet advisory here. Spyware Confidential also has a good roundup on the coverage so far. There’s a bit more disturbing stuff coming too…
-
Workaround for zeroday WMF exploit
It’s worth repeating a few things here. There is a nasty exploit in the way that WMF images are parsed in Windows. This means that WITHOUT user intervention a system can be remotely exploited and through that exploit various software (spyware, viruses, other malware) can be installed. There is no patch at this moment, I don’t know of my AV vendors that detect it (f-prot seems to according to their blog posts.) There is a workaround TO PREVENT INFECTION. If the system is already infected, reinstallation may be the only solution.
-
More on the Windows WMF zero-day exploit
There seems to be quite a bit developing on the Windows Meta File (WMF) zero-day (0-day) exploit which was first reported yesterday. Sans has raised their alert level to yellow in an effort to get attention to this problem. It looks like the original site serving the exploit is down, but now it’s being served MANY places. Here are more details from f-secure…
-
Small Ethernet Print Server
The Hawking Technology Print Server (HPS1P) is a nice little parallel port to ethernet print server that can be configured to make a single printer available to multiple machines on a LAN (local area network). It supports a number of different protocols and can be configured through a web interface, or with a Windows based control application. There are disadvantages with hooking a printer up to a pc to share over a network. First, the pc that shares the printer has to be up and reliable. Second, that pc has to be in a convenient location to the printer.
-
WMF 0-day exploit
There seems to be a 0-day exploit involving WMF (Windows Meta File’s) according to SANS. Here’s their lead-in
Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq.
-
Automatically downloading a file mp3 with a bash script
Linux systems give you many possibilities and one of them is good scheduling (cron), another is good scripting capabilities. I’ve done things with linux fairly easily that with Windows would have been next to impossible and required me to download several other things to make it happen. Anyway, I recently saw mention of a linux, bash scripted podcatching client. Basically you tell what podcasts you subscribe to and it downloads them on a schedule. It reminded me of a couple scripts I’ve got running that do similar things, but not from a true rss/podcast feed.
-
Network Security guide for the home or small business network – Part 15 – Security Through obscurity
I remember many years ago watching a Dr. Who episode where a very important key was “hidden” in a display of many other keys. Kind of like hiding a tree in a forest. This concept is “security by obscurity”. Generally this is considered a bad approach to security. It is a bad approach if this is the ONLY thing you consider. Many examples are security by obscurity are usually thought of as… proprietary applications that keep source code secret so no one can find what flaws exist, using operating systems or programs that are “obscure” or have small market share and are not targetted.
-
A Tip for cleaning up an infected PC
There’s a joke that many people bring out when new Windows viruses hit big…. it goes along the lines of, “download a fix here” and the link points to a knoppix linux livecd download, or a Mandriva download disk, fedora/etc… Some say linux isn’t affected by as many viruses because it lacks market share, I would point out that server market share (take a look at how many linux web servers there are…) would seem to tip the scales a bit, but that’s not the point of this post. What is the point is this…. When you have a Windows pc that is infested what you should do is disconnect from the internet. The problem is, that typically prevents you from getting the tools you need to fix the machine.
-
Linux php-exploit bot
Incidents.org writes to remind as that bot’s aren’t just for Windows. The recent PHP exploits have seen the use of the “kaiten” bot. After infection on the system it connects to an IRC server. It would primarily target linux systems. They do give a very good way to blunt most Linux bot-style malwares…