average admins

I’m puzzled, perplexed, and bewildered.  This isn’t anything out of the ordinary, except I’m pretty good at finding why a computer is running an unwanted program most of the time.  When I boot in to WinXP there is a very miniscule window frame at the top left of my screen.  Most of it is off the screen, just the bottom corner of the window shows.  I can drag it out to my desktop and see that it is a very, very small program window.  I started going through the process list in task manager when I noticed an iexplore.exe running when I didn’t have an IE window open. I killed the process and the window went away, but it comes back at the next log in.  I have reinstalled IE to try and fix, but it won’t go away.  Do any of you have any suggestions or knowledge of Malware that would do this.  I tried to Google it, but you could only guess how many near misses came up in the search listing. 

This is probably the best third-party test of AV that I’ve seen in a while. They actually use a LOT of samples and they seem to have tested just about every possible AV product out there.

http://www.pcmag.com/article2/0,1895,2135092,00.asp

There are a couple of things that don’t sit well with me:

ClamAV scored very poorly. ClamAV is probably the most widely used AV scanner for Linux mail gateways out there. I use it and F-Prot in all of mine.

F-Prot scored pretty badly, too. Well, I seem to be 0 for 2 now.

Ewido bombed as well. Who is Ewido, you ask? Ewido was bought by AVG so while AVG did well, how will this affect their future performance?

AVG is my personal favorite. It’s free (for personal use) and works very well. I tried Avast! for a while and it didn’t pick up half the malicious files I tinker with that AVG usually catches. I also don’t like the Avast!’s interface AT ALL!

I could go on about what I like about AVG, but that’s not what the point of this thread is about.

One thing I did notice recently is that AVG has a Linux version. A FREE Linux version. A FREE Linux version packages as a .deb file! It sucks that they don’t have a source package available, or a binary file that will work on other distros, but I can’t complain that they offer a version for Debian, which is my OS of choice. I haven’t tested their version with Amavis, yet, but it’s on my todo list. It also appears that Avast! has a free Linux version (and they offer a .tgz file, too). I’m not crazy about needing to keep up with a key that will expire, but you really can’t complain about free.

I ran across this site today and wanted to share. 

thebroken is an underground technology show with a hacker mentality that caters to the elite (or wannabe 1337) computer user using a mixture of seriousness and irreverent comedy … If it’s shady or underground, it’s thebroken.

I thought Ramzi’s tips were especially useful. Very funny … and educational. Some of the videos in the other sections of the site are worth a look too, so check those out.

Personally, I have an AdBlock entry that blocks Google AdWords and a lot of other advertising sites. I know that by displaying ads, you’re opening yourself up to HTML, Javascript, and any other nastiness that doesn’t originate from the site you’re trying to visit. I also don’t click on those paid advertising links from a Google search because usually they’re for a commercial product when all I need are simple instructions.

Here are two sites by people that have personally dealt with the maliciousness of Google AdWords.

http://www.dynamoo.com/blog/2007/04/malware-via-adwords.html
http://explabs.blogspot.com/2007/04/google-sponsored-links-not-safe.html

http://www.security-database.com/toolswatch/Nipper-version-93-released.html

This software works both in Windows and Linux.

(more…)

We just recently rolled out about 60 new desktops at work and none of those systems were showing up on our WSUS server.

I spent the better part of today addressing the issue.

(more…)

I use this link often when setting up new computers or helping a friend or family member secure theirs. Since I’m always searching for this site, I decided to mirror a copy of it here.

If someone knows of a better suite of tools please let me know.

So how did I get infected in the first place?
http://www.castlecops.com/postlite7736-.html

(more…)

Originally posted at cocoacrusty.com on Monday, April 16th, 2007.

I have known about the Metasploit framework for quite some time but have never really known how to use it or taken the time to learn. Recently, Chris inspired me to try it by showing me a movie explaining how to exploit a vulnerability in Microsoft Windows related to the .ANI Header Stack Overflow Vulnerability (more on this in my next post).

Before I could begin working with this nifty little exploit in Metaspolit I had to get the framework installed on my MacBook. Metasploit is a suite of Ruby scripts and will run on virtually any Unix based operating system and Windows (with some minor tweaking). I checked the MacPorts for Metasploit and it was available as a port install but the latest version in the ports tree was 2.7. I needed at least version 3.0, and later determined I needed a development version, version 3.1, from the trunk to get the exploit I was after.

The first thing I did was upgrade my Subversion client on Mac OS X. I got the universal binary from here and installing and upgrading my Subversion was pretty painless. It installed like most other Mac applications from a package.

(more…)

http://www.darknet.org.uk/…tools/
http://www.security-database.com/…FireCAT.html

Security-Database.com team is happy to announce its new Firefox Framework Map collection of the most useful security oriented extensions. We called the framework FireCAT. It stands for FireFox Catalog of Auditing Toolbox.

FireCAT is based upon a paper we wrote some weeks before (Turning firefox to an ethical hacking platform) and downloaded more than 25 000 times. We also thank all folks that encouraged us and sent their suggestions and ideas to make this project a reality.

This initial release is presented as a mindmap and we are open to all your suggestions to make it a really good framework for all the community of security auditors and ethical hackers.

This is for those of you that haven’t seen this yet. The blurb from their site basically says it all.

Originally posted at cocoacrusty.com on March 27th, 2007.

I first saw this nice little trick a year or so ago. A fellow admin and friend of mine, Tommy, used a Bluetooth® headset to automatically lock his Windows machine whenever he stepped away from his computer and his headset was no longer in range of his PC’s Bluetooth® dongle. I don’t remember how I stumbled upon this blog post yesterday, but I am glad I did. This post shows you how to implement a similar solution using an application called Proximity and some Apple Scripts to achieve the same result.

The cool thing about this solutions for the Mac is that the events that are triggered when the specified Bluetooth® device enters and leaves the Mac’s Bluetooth® proximity are Apple Scripts. Apple Scripts allow you to easily program for the Mac. Apple Scripts are pretty much the same thing as shell scripts for any other operating system and command line environment, like batch scripts for Windows and Bash or C Shell scripts for Unix based and derived operating systems like Linux and FreeBSD. Basically, with a solution like this, you aren’t tied to the developer’s ideas of what should happen when you step away from your machine. The ball is totally in your court and your goal is only limited by your creativity and your programming ability.

(more…)