The Official Internet/Computer Security News Discussion Thread
#81
Senior Moderator
Another tip, if you can ping but can't load websites check internet options to see if a fake proxy has been setup. Go to internet options > connections > LAN > and if Proxy server it checked then uncheck it. If you click the advanced button it'll probably have 127.0.0.1 as your proxy server.
Tried it. Wish it was that easy. It actually removes those features in internet explorer. The are grayed out and inaccessible. Any other way around it?
#82
Sanest Florida Man
Thread Starter
Check your DNS setting for your network adapter, they may have edited that.
#83
Sanest Florida Man
Thread Starter
Those setting are usually greyed out unless you check the box to configure the proxy
#84
Sanest Florida Man
Thread Starter
Run TDSS killer, it doesn't work on all rootkits but it works on the most popular right now.
http://support.kaspersky.com/viruses...?qid=208280684
http://support.kaspersky.com/viruses...?qid=208280684
#85
Go Giants
#86
Go Giants
Run TDSS killer, it doesn't work on all rootkits but it works on the most popular right now.
http://support.kaspersky.com/viruses...?qid=208280684
http://support.kaspersky.com/viruses...?qid=208280684
#87
Senior Moderator
#88
Sanest Florida Man
Thread Starter
#89
Go Giants
exactly...
#90
Sanest Florida Man
Thread Starter
Adobe Reader X is out! It's the new hottness! It runs in a protected sandboxed mode that isolates itself from the system files. This should be a big security improvement.
download it here
http://get.adobe.com/reader/?promoid=BUIGO
download it here
http://get.adobe.com/reader/?promoid=BUIGO
#91
Big Block go VROOOM!
/pub/adobe/reader/win/10.x/10.0.0/en_US/AdbeRdr1000_en_US.exe
#92
Sanest Florida Man
Thread Starter
Yup! Someone posted that on neowin yesterday and I installed it last night before it ever went live.
#93
Sanest Florida Man
Thread Starter
#94
Team Owner
IE Protected Mode pwnd
https://threatpost.com/en_us/blogs/r...ed-mode-120310
https://threatpost.com/en_us/blogs/r...ed-mode-120310
In their research, the Verizon Business team found a method that, when combined with an existing memory-corruption vulnerability in the browser, enables an attacker to bypass Protected Mode and elevate his privileges on the compromised machine. The technique enables the attacker to move from a relatively un-privileged level to one with higher privileges, giving him complete access to the logged-in user's account.
#95
Needs more Lemon Pledge
#96
Sanest Florida Man
Thread Starter
Interesting. So it's not breaking through protected mode it's going around it. So the way to prevent this is to enable protected mode on intranet sites. That would stop this bypass.
#97
Needs more Lemon Pledge
Seems like IE will have to firewall the different Security Zones users can assign in IE. Also, may have to figure out how to monitor 127.0.0.1 for new "arrivals" and quarantine them.
#98
Sanest Florida Man
Thread Starter
I've been wanting to update this thread for the past few days but have hesitated cause I'm lazy and the stuff keeps piling so here goes.
First up, seems the fake AV software guys are now making fake defrag programs.
It's pretty much the same thing as FakeAV except it says your disk is gonna die unless you give us money.
Side note, that's what really disappointed me about the Conficker thing. Here they created one of the most genius pieces of malware extremely advanced and very well thought out and then once they had infected all these machines everyone was really scared about what Conficker was gonna do when it became active on the machines. You started thinking these guys are evil geniuses they must have some crazy sinister plan, what could it be!?!? ZOMG! But no it just started telling people they were infected with Fake AV. I was let down. Same old bullshit.......
http://news.cnet.com/8301-27080_3-20025692-245.html
First up, seems the fake AV software guys are now making fake defrag programs.
It's pretty much the same thing as FakeAV except it says your disk is gonna die unless you give us money.
Side note, that's what really disappointed me about the Conficker thing. Here they created one of the most genius pieces of malware extremely advanced and very well thought out and then once they had infected all these machines everyone was really scared about what Conficker was gonna do when it became active on the machines. You started thinking these guys are evil geniuses they must have some crazy sinister plan, what could it be!?!? ZOMG! But no it just started telling people they were infected with Fake AV. I was let down. Same old bullshit.......
http://news.cnet.com/8301-27080_3-20025692-245.html
#99
Sanest Florida Man
Thread Starter
Next up. Gawker's source code and database got hacked and leaked on webs via torrents! Not good! I'm sure some of you have seen this by now. Gawker for those that don't know owns Gizmodo, Lifehacker, Kotaku, Deadspin, Jalopnik, Fleshbot (Very NWS), io9, Valleywag, Defamer and Gawker. If you created an account on any of those sites then your login and password got jacked. I'm amongst one of them. Unfortunately I'm not sure what my password was. it was my old password but I might've changed it but I didn't then I should be fine since I don't use that one anywhere else.
If you wish to check and see if your email is on the list of compromised accounts, one person uploaded all of the email addresses hashed in MD5 format.
http://www.google.com/fusiontables/D...?dsrcid=350662
You can check that table for yours by doing the following: Go to http://pajhome.org.uk/crypt/md5/ and type in your email to get the MD5 hash, click "Show Options" on the table, then paste the MD5 has into the field and click "Apply." This procedure will help you know if you own one of the hijacked accounts.
If you get a result then you're fux0red!
Now I think the database was encrypted and if you used a secure password then it might be much harder for your password to be cracked. However, if you used the same passwords on every site then hacker just has to try the user name and password on other sites and see if they work.
This has made start to look into using Last Pass. I've heard of it many times but I never bothered with it. I just signed up for it and I'm going to give it a whirl. I've heard nothing but great things about it so I'm sure I'll like it. If you want to know more about last pass check this article:
http://lifehacker.com/5645162/the-in...-with-lastpass
In related news McDonalds database was also hacked and all user info was stolen from there too. So if you signed up with mcdonalds to receive coupons or what not your info was stolen.
So even if you create a secure password that can't be guessed the database that stores it can still get hacked and your password stolen that way and if you use that secure password on all your sites then you got trouble. That's why making up different secure passwords for each site you go to is the best way. Then when you use a service like last pass you can just have last pass remember it and all you need is a very secure master password for last pass that you can remember.
If you wish to check and see if your email is on the list of compromised accounts, one person uploaded all of the email addresses hashed in MD5 format.
http://www.google.com/fusiontables/D...?dsrcid=350662
You can check that table for yours by doing the following: Go to http://pajhome.org.uk/crypt/md5/ and type in your email to get the MD5 hash, click "Show Options" on the table, then paste the MD5 has into the field and click "Apply." This procedure will help you know if you own one of the hijacked accounts.
If you get a result then you're fux0red!
Now I think the database was encrypted and if you used a secure password then it might be much harder for your password to be cracked. However, if you used the same passwords on every site then hacker just has to try the user name and password on other sites and see if they work.
This has made start to look into using Last Pass. I've heard of it many times but I never bothered with it. I just signed up for it and I'm going to give it a whirl. I've heard nothing but great things about it so I'm sure I'll like it. If you want to know more about last pass check this article:
http://lifehacker.com/5645162/the-in...-with-lastpass
In related news McDonalds database was also hacked and all user info was stolen from there too. So if you signed up with mcdonalds to receive coupons or what not your info was stolen.
So even if you create a secure password that can't be guessed the database that stores it can still get hacked and your password stolen that way and if you use that secure password on all your sites then you got trouble. That's why making up different secure passwords for each site you go to is the best way. Then when you use a service like last pass you can just have last pass remember it and all you need is a very secure master password for last pass that you can remember.
#100
Sanest Florida Man
Thread Starter
Oh yeah, deviantART had their database hacked too. You can read more about each of these attacks at the links below
deviantART:
http://www.neowin.net/news/deviantar...dresses-leaked
McDonalds
http://www.neowin.net/news/mcdonald0...atabase-hacked
Gawker
http://thenextweb.com/media/2010/12/...amespasswords/
Apparently Gawker was talking shit to 4chan about their invincibility..... Idiots!
deviantART:
http://www.neowin.net/news/deviantar...dresses-leaked
McDonalds
http://www.neowin.net/news/mcdonald0...atabase-hacked
Gawker
http://thenextweb.com/media/2010/12/...amespasswords/
Apparently Gawker was talking shit to 4chan about their invincibility..... Idiots!
#101
Sanest Florida Man
Thread Starter
Also last week there was a massive DDoS attack by supporters (mainly 4chan Anon's) of WikiLeaks against Visa, mastercard, Paypal and a failed one against Amazon. So if you had problems using paypal last week that was why. They were targeting paypal's API servers which handles payments and they attacked Visa's verified by visa servers which could've disrupted online stores that use that service, Newegg is one that comes to mind.
Apparently the Anon group got disoragnized and they were having communication problems and the attacks sort of fizzled out but they're expected to reorganize again and do more attacks in the future.
It's been a crazy few days for teh hackers.
Apparently the Anon group got disoragnized and they were having communication problems and the attacks sort of fizzled out but they're expected to reorganize again and do more attacks in the future.
It's been a crazy few days for teh hackers.
#102
Sanest Florida Man
Thread Starter
So I went up against a fierce rootkit today. It was Alureon.A Which I thought would be pretty easy but it is very stubborn. my task was to connect this drive via my usb to sata dock and back up files. Well as soon as I connect the drive MSE pops up a warning telling me that the drive's MBR is infected with Alureon.A and that I should clean it. So I do, then MSE says there was an error and that I need to restart to remove the rootkit. I do that and nothing happens, it's still there.
So then I turn to my trusty TDSSkiller which has never failed me in the past. I run that it finds the rootkit and says it removed it. Then I decide to run again and it finds it again and says that it removed it. Of course it didn't which is why it kept finding it over and over again. I also tried Norton's and Trend Micro's Rootkit programs with no luck. I do a little research and find this link
http://www.microsoft.com/security/po...n:OS/Alureon.A
It tells me that I could do a fixmbr and fixboot to get rid of it. So I boot from an XP CD go into recovery console (after using ophcrack to figure out the admin password) and run the two cmds. I reboot and guess what? It's still there! I kinda expected that.
So anyone know anything about editing the MBR? Stogie? I know I could do a LLF and wipe it out but I kinda want to beat it without dropping a nuke on it.
So then I turn to my trusty TDSSkiller which has never failed me in the past. I run that it finds the rootkit and says it removed it. Then I decide to run again and it finds it again and says that it removed it. Of course it didn't which is why it kept finding it over and over again. I also tried Norton's and Trend Micro's Rootkit programs with no luck. I do a little research and find this link
http://www.microsoft.com/security/po...n:OS/Alureon.A
It tells me that I could do a fixmbr and fixboot to get rid of it. So I boot from an XP CD go into recovery console (after using ophcrack to figure out the admin password) and run the two cmds. I reboot and guess what? It's still there! I kinda expected that.
So anyone know anything about editing the MBR? Stogie? I know I could do a LLF and wipe it out but I kinda want to beat it without dropping a nuke on it.
#104
Go Giants
I found MSE pretty good at finding and getting most viruses, but when it find a hard virus it loops alot.
#105
'12 & '13 AL West Champs!
Happened to my sister's computer. Unruy.D was a pain in the ass to get rid of. MSE would find it and supposedly delete it but upon reboot there it was again! Malware, Superantispyware, Spybot, you name it, I tried it. Combofix finally did away with it.
Last edited by Gfaze; 12-31-2010 at 11:03 PM.
#106
Sanest Florida Man
Thread Starter
http://www.bleepingcomputer.com/forums/topic308323.html
Looks like Combofix did the trick for this user.
#107
Team Owner
#108
Sanest Florida Man
Thread Starter
You're welcome
#109
ComboFix +1
#110
Sanest Florida Man
Thread Starter
A couple updates to make today. Well two for Facebook and one for Chrome/Firefox/IE 9
Facebook today announced they're going to be rolling out access to their site over HTTPS SSL. Normally Facebook and many other sites would just encrypt the login screen but once you were in your account all that activity was unencrypted. Which was how the firesheep extension was able to capture the FB session cookie over open wifi and allow someone to steal your identity. The entire encrypted session will block that and you will able to surf FB on open wifi network without getting hax0red. The setting will be in account settings under account security.
Also I noticed that FB keep track of your recent devices that login to FB so you can now if someone else is all up in your shit. it can also notify you via email or text that some foo has accessed your account on a new device.
Also it uses your location to help detect suspicious activity. So if you login from Kalifornia in the morning and then a few hours later FB detects someone logging into your account from England it will ask to confirm identity. Not by a catchpa but by showing you a few pics of your friends and asking you to identify them, like so
These are all changes that Google made to Gmail about a year ago but it's very nice to see these coming to Facebook.
blog post with more info about this:
http://blog.facebook.com/blog.php?post=486790652130
Facebook today announced they're going to be rolling out access to their site over HTTPS SSL. Normally Facebook and many other sites would just encrypt the login screen but once you were in your account all that activity was unencrypted. Which was how the firesheep extension was able to capture the FB session cookie over open wifi and allow someone to steal your identity. The entire encrypted session will block that and you will able to surf FB on open wifi network without getting hax0red. The setting will be in account settings under account security.
Also I noticed that FB keep track of your recent devices that login to FB so you can now if someone else is all up in your shit. it can also notify you via email or text that some foo has accessed your account on a new device.
Also it uses your location to help detect suspicious activity. So if you login from Kalifornia in the morning and then a few hours later FB detects someone logging into your account from England it will ask to confirm identity. Not by a catchpa but by showing you a few pics of your friends and asking you to identify them, like so
These are all changes that Google made to Gmail about a year ago but it's very nice to see these coming to Facebook.
blog post with more info about this:
http://blog.facebook.com/blog.php?post=486790652130
Last edited by #1 STUNNA; 01-26-2011 at 01:47 PM.
#111
Sanest Florida Man
Thread Starter
Chrome and Firefox have announced plans to enable opt-out options for advertising.
you can get the Chrome opt out cookie here:
https://chrome.google.com/webstore/d...fdgfjilccfpfoe
Also IE 9 announced similar plans months ago and it will be showing up in the next public release which should be within the next few days. It will operate much like the ad-block extension on Firefox and Chrome except it comes preinstalled. It will have black and white lists that you can install from list publishers.
Originally Posted by Engadget
Ever been freaked out by an online ad that seemed to know you that little bit too well? It's the result of good old advertisers tracking your net-navigating habits and delivering targeted commercials to your eyeballs, but it can be prevented. Both Google and Mozilla have stepped up (or perhaps been pushed by the FTC) to try and tackle this issue of pernicious tracking cookies, but they've gone about it in different ways. The Chrome solution is a Keep My Opt-Outs browser extension that remembers the sites you don't want personalized information from, while Firefox will start beaming out a Do Not Track HTTP header that should be respected by advertisers and result in you receiving generic, repetitive ads. The important commonality between the two is that they don't rely on you preparing a cookie file with all your anti-advertiser bile contained within it (which was the FTC's original, somewhat impractical idea). Google intends to open-source its extension and bring it to other browsers as well, though obviously it's taking care of Chrome first, which can benefit from the add-on right now.
https://chrome.google.com/webstore/d...fdgfjilccfpfoe
Also IE 9 announced similar plans months ago and it will be showing up in the next public release which should be within the next few days. It will operate much like the ad-block extension on Firefox and Chrome except it comes preinstalled. It will have black and white lists that you can install from list publishers.
#112
Team Owner
Nice nottie^
#113
Senior Moderator
While fixing computers recently after numerous attempts troubleshooting, using cleaners etc i've just said fuck it and pulled the drive. Then run it as a slave and clean it from there which seems to work really well and saves a Lot of time trying to go through the normal BS stuff.
I know there's a chance it could infect the other drive/computer but I may just go this route all the time now. The computer I use is an older Dell I can just re-image if it does get fucked up.
Anyone else go this route?
I know there's a chance it could infect the other drive/computer but I may just go this route all the time now. The computer I use is an older Dell I can just re-image if it does get fucked up.
Anyone else go this route?
#114
I Skydive, Therefore I Am
Join Date: Oct 2006
Location: At your right shoulder, no your left!
Age: 54
Posts: 781
Received 0 Likes
on
0 Posts
^^Actually no, as any virus on that drive is not running. As long as you do not open any executables that are infected, you will be fine.
When I deal with a system that has a virus, I have both a bootable USB drive, and CD-Rom (in case it's an older system that will not boot off USB) with tools to clean it up. Outside of completely reimaging the system, it is the best way to remove malware.
When I deal with a system that has a virus, I have both a bootable USB drive, and CD-Rom (in case it's an older system that will not boot off USB) with tools to clean it up. Outside of completely reimaging the system, it is the best way to remove malware.
#115
Sanest Florida Man
Thread Starter
^Not necessarily. I've personally seen MSE go crazy just by connecting an infected hard drive many times. Rootkits will do that, malware that exploits autorun and just browsing through an infected drive can do that too.
#116
Drifting
iTrader: (1)
While fixing computers recently after numerous attempts troubleshooting, using cleaners etc i've just said fuck it and pulled the drive. Then run it as a slave and clean it from there which seems to work really well and saves a Lot of time trying to go through the normal BS stuff.
I know there's a chance it could infect the other drive/computer but I may just go this route all the time now. The computer I use is an older Dell I can just re-image if it does get fucked up.
Anyone else go this route?
I know there's a chance it could infect the other drive/computer but I may just go this route all the time now. The computer I use is an older Dell I can just re-image if it does get fucked up.
Anyone else go this route?
#117
Senior Moderator
What do you normally use as bootable? Hirens?
#118
Sanest Florida Man
Thread Starter
I prefer hirens. I used to use Ultimate boot CD but it is so slow to boot into it's XP. Hiren's takes 2-3 mins to boot into mini XP while UBCD is about 10 minutes.
I don't usually boot from CD to run AV scans, I prefer to remove the drive and connect it to my PC since it allows me to run much more scans on it. With the disc you can have programs that won't run in that environment and the programs aren't usually the latest versions or have the latest AV definitions, plus the hassle of making sure you have the latest version of the disc.
I don't usually boot from CD to run AV scans, I prefer to remove the drive and connect it to my PC since it allows me to run much more scans on it. With the disc you can have programs that won't run in that environment and the programs aren't usually the latest versions or have the latest AV definitions, plus the hassle of making sure you have the latest version of the disc.
Last edited by #1 STUNNA; 01-28-2011 at 10:08 AM.
#119
Senior Moderator
I prefer hirens. I used to use Ultimate boot CD but it is so slow to boot into it's XP. Hiren's takes 2-3 mins to boot into mini XP while UBCD is about 10 minutes.
I don't usually boot from CD to run AV scans, I prefer to remove the drive and connect it to my PC since it allows me to run much more scans on it. With the disc you can have programs that won't run in that environment and the programs aren't usually the latest versions or have the latest AV definitions, plus the hassle of making sure you have the latest version of the disc.
I don't usually boot from CD to run AV scans, I prefer to remove the drive and connect it to my PC since it allows me to run much more scans on it. With the disc you can have programs that won't run in that environment and the programs aren't usually the latest versions or have the latest AV definitions, plus the hassle of making sure you have the latest version of the disc.
Agree with all of the above. I've been using Hirens and started pulling drives to save the hassle. Seems so much easier. Then run quick checks after putting it back in.
#120
Sanest Florida Man
Thread Starter