Google Uses Reputation To Detect Malicious Downloads

Posted on April 6, 2013 by mea

Unlike Microsoft’s solution, CAMP attempts to detect locally whether any downloaded file is malicious, before passing characteristics of the file to its server-based analysis system. First, the system checks the binary against a blacklist–in this case, Google’s Safe Browsing API. If that check returns no positive result and, if the file has the potential to be malicious, CAMP will check a whitelist to see if the binary is a known good file.

via Google Uses Reputation To Detect Malicious Downloads – Dark Reading.

CAMP’s 99-percent success rate trounced four antivirus products, which individually only detected at most 25 percent of the malicious files and collectively detected about 40 percent, the researchers stated.

Yet Another Java Zero-Day

Posted on March 2, 2013 by mea

The exploit is not very reliable, as it tries to overwrite a big chunk of memory. As a result, in most cases, upon exploitation, we can still see the payload downloading, but it fails to execute and yields a JVM crash. When the McRAT successfully installs in the compromised endpoint as an EXE (MD5: 4d519bf53a8217adc4c15d15f0815993), it generates the following HTTP command and control traffic:
POST /59788582 HTTP/1.0
Content-Length: 44
Accept: text/html,application/xhtml+xml,application/xml,*/*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 110.XXX.55.187
Pragma: no-cache

via Malware Intelligence Lab from FireEye – Research & Analysis of Zero-Day & Advanced Targeted Threats:YAJ0: Yet Another Java Zero-Day.

It should be possible to detect this using something like snort at the firewall/gateway.

Samsung laptop bug is not Linux specific

Posted on February 9, 2013 by mea

This is pretty obviously a firmware bug. Writing UEFI variables is expressly permitted by the specification, and there should never be a situation in which an OS can fill the variable store in such a way that the firmware refuses to boot the system. We’ve seen similar bugs in Intel’s reference code in the past, but they were all fixed early last year. For now the safest thing to do is not to use UEFI on any Samsung laptops. Unfortunately, if you’re using Windows, that’ll require you to reinstall it from scratch.

via mjg59 | Samsung laptop bug is not Linux specific.

Yes, that PC cleanup app you saw on TV at 3am is a waste

Posted on January 29, 2013 by mea

To highlight just why you and your loved ones should never let these applications anywhere near your PC, we picked one that we have recently seen ads for: MyCleanPC. It’s the archetypal Windows cleanup app—and you probably shouldn’t install it.

via Yes, that PC cleanup app you saw on TV at 3am is a waste | Ars Technica.

There are some useful tips on cleaning your PC in this article. Like the article advises, I also use Malwarebytes exclusively to scan every now and then if something seems to be running funny. Being on a monitored wifi allows for my firewall, the gateway between the wifi and Internet, to alert me of any funny communication coming from my PC. I have some other unconventional PC security advice that I may provide in a future post once I can put together all my thoughts into a coherent package.

DOSBoxWiki

Posted on January 28, 2013 by mea

DOSBox emulates an Intel x86 PC, complete with sound, graphics, mouse, joystick, modem, etc., necessary for running many old MS-DOS games that simply cannot be run on modern PCs and operating systems, such as Microsoft Windows XP, Windows Vista, Linux and FreeBSD. However, it is not restricted to running only games. In theory, any MS-DOS or PC-DOS (referred to commonly as “DOS”) application should run in DOSBox, but the emphasis has been on getting DOS games to run smoothly, which means that communication, networking and printer support are still in early development.

via DOSBoxWiki.

Not sure if I’ll ever need to use this but it’s nice to know it exists. I read that they even ported this onto an Android platform. I encountered DOSBox from this slashdot article. Someone is running Windows 3.1 on their Android tablet so they can run a 1996 version of Photoshop.

Sysinternals Utilities

Posted on January 11, 2013 by mea

Sysinternals Suite
The entire set of Sysinternals Utilities rolled up into a single download.

via Sysinternals Utilities.

Just a shout out to an excellent set of PC diagnostic tools since I had to recently download and use tcpview.exe.

Automated Malware Analysis Under Attack

Posted on December 21, 2012 by mea

When it infects the system, UpClicker takes an innocuous first step, binding itself to the mouse. The malware then hibernates until a user clicks the left mouse button and then releases it. Unless security researchers emulate the button press, automated analysis systems will stop observing the malware before its actually does any malicious activity, and the code will not be flagged for further investigation.

via Automated Malware Analysis Under Attack – Dark Reading.

Dell releases powerful, well-supported Linux Ultrabook

Posted on November 29, 2012 by mea

The laptop comes with Ubuntu Linux 12.04 LTS plus a few additions. Dell worked closely with Canonical and the various peripheral manufacturers to ensure that well-written, feature-complete drivers are available for all of the laptop’s hardware. Out of the box the laptop will just work. They also have their own PPA if you want to pull down the patches separately, either to reload the laptop or to use on a different machine.

via Dell releases powerful, well-supported Linux Ultrabook | Ars Technica.

Hackers Exploit ‘Zero-Day’ Bugs For 10 Months On Average Before They’re Exposed

Posted on October 17, 2012 by mea

One aspect of zero-day exploits use that’s made them tough to track and count has been how closely targeted they are. Unlike the mass malware infections that typically infect many thousands of machines using known vulnerabilties, the majority of the exploits in Symantec’s study only affected a handful of machines–All but four of the exploits infected less than 100 targets, and four were found on only one computer.

via Hackers Exploit ‘Zero-Day’ Bugs For 10 Months On Average Before They’re Exposed – Forbes.

Unsurprisingly, the study shows that hackers target common software like Microsoft Word, Flash and Adobe Reader. Sixteen of the 18 zero-day exploits discovered and analyzed in the study affected Microsoft and Adobe software.

How to disable Google safe Browsing in Firefox

Posted on October 2, 2012 by mea

To DISABLE:

Type about:config in adressbar of Firefox.

Type safebrowsing in filterbar. Now Change the following Values

browser.safebrowsing.enabled FALSE

browser.safebrowsing.malware.enabled FALSE

browser.safebrowsing.remoteLookups FALSE

How to disable Google safe Browsing in Firefox.

Thats all and the feature will be disabled now. Even though, My advice is not to disable it as Disabling it may increase the risk of getting infected.

And Firefox keeps phoning home for updates and turning it off in the options doesn’t stop it. Here’s a solution:

You can manually reset the Software Update feature by closing your Mozilla application and deleting the “updates” folder and the two files “active-update.xml” and “updates.xml”, which can be found in one of these locations (using Firefox as an example):

Windows XP/2000: C:\Documents and Settings\<username>\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox

Windows 7/Vista: C:\Users\<username>\AppData\Local\Mozilla\Firefox\Mozilla Firefox

Above quote taken from here (support.mozilla.org).

Bucktown Bell

Cut to the chase.

Category Archives: PC Issues