AIM worm plays nasty new trick

October 28, 2005

7 comments  

AIM worm plays nasty new trick | CNET News.com: "In addition to the 'lockx.exe' rootkit file, the new worm delivers a version of the Sdbot Trojan horse, said FaceTime, which sells products to protect instant-messaging traffic. Sdbot opens a backdoor on the infected PC. The worm also places several spyware and adware applications, including 180Solutions, Zango, the Freepod Toolbar, MaxSearch, Media Gateway and SearchMiracle, the company added.

Worms on IM networks can spread rapidly. They appear as a message from a buddy with a link that looks innocent, but in fact points to malicious code somewhere on the Internet. Once the user clicks on the link, malicious code is installed and runs on the computer. The worm then spreads itself by sending messages to all names on the victim's contact list."

More ammo for the "Do Not Install IM Apps at Work" argument. I've personally had to clean some crap off of some computers recently as a result of an IM worm. The biggest issue with most users is that stuff like this, whether it be from IM or Email, is confusing when it looks like it's coming from a trusted source. This has been an issue ever since email viruses started appearing, and without proper education, they'll only continue to spread.

If you must use IM at work, look into hosting your own solution. Right now I'm testing Jive Messenger (Jabber) Server (has both linux and windows versions, plugin support, and a great admin interface) along with the Exodus client. It's still in the testing phase, so if anyone has any other Jabber/XMPP solutions I'd love to hear about them (I'm also looking for free or cheap). I've also tested the Pandion client and the Psi Client. Pandion looked good for end users (almost no options for them to customize) but had some issues on the admin side (still worth a look though). Psi reminded me of the old ICQ interface (haven't used it in years, the interface may be the same), which would be difficult for users to navigate. If some users need outside IM access, a client like Gaim (my current fav) will allow access to multiple networks via one interface. Training only a handful of users how to properly use outside IM networks is many times better than training the entire office. Again, if anyone has any good suggestions for my project, please drop me a email or comment.

Suggested Firefox Extensions

October 22, 2005

8 comments  

Here's the Firefox extensions that I think are "MUST HAVES" for proper Firefox use:

Googlebar Lite - A light-weight Google search toolbar.
BlogThis - Adds right-click access to Blogger's BlogThis popup.
Image Zoom - Adds zoom functionality for images.
IE View - Open pages in IE via FireFox menus.
Gmail Notifier - A notifier for Gmail accounts.
PDF Download - Allows to choose wheter you want to view a PDF file in a new tab or to download it.
TinyUrl Creator - Brings the http://tinyurl.com functionality into Firefox.
Open link in... - Adds more tab/window opening options to the context menus.
Forecastfox - Get weather forecasts from Accuweather and display it in any toolbar or status bar.
ChatZilla - Clean, easy to use and highly extensible IRC client.
Edit Config Files - Edit Firefox's configuration files.
Adblock - Filters ads from web-pages (can import/export and use wildcards).
Tabbrowser Preferences - Enhances control over some aspects of tabbed browsing.
Fasterfox - Performance and network tweaks for Firefox.
SessionSaver - Magically restores your last browsing session and allows you to save sessions.
Download Statusbar - View and manage downloads from a tidy statusbar.
Download Manager Tweak - A modification of the Firefox download manager.
Tab X - Adds a close button to each of the browser tabs.
ShowIP - Show the IP address of the current page in the status bar and can pull whois info.
Copy Plain Text - Copies text without formatting.

I hope you find them as useful as I have. I suggest going to the Firefox Extensions page for installation. Don't have Firefox yet?? Get it here: Get Firefox.

IEHistoryView: Freeware Internet Explorer History Viewer

October 21, 2005

0 comments  

IEHistoryView: Freeware Internet Explorer History Viewer: "Each time that you type a URL in the address bar or click on a link in Internet Explorer browser, the URL address is automatically added to the history index file. When you type a sequence of characters in the address bar, Internet Explorer automatically suggests you all URLs that begins with characters sequence that you typed (unless AutoComplete feature for Web addresses is turned off). However, Internet Explorer doesn't allow you to view and edit the entire URL list that it stores inside the history file.

This utility reads all information from the history file on your computer, and displays the list of all URLs that you have visited in the last few days. It also allows you to select one or more URL addresses, and then remove them from the history file or save them into text, HTML or XML file. In addition, you are allowed to view the visited URL list of other user profiles on your computer, and even access the visited URL list on a remote computer, as long as you have permission to access the history folder."

More good stuff from the guys at Nirsoft.

Free (as in beer) VMware Player

1 comments  

VMware Player - VMware Player is free software that enables PC users to easily run any virtual machine on a Windows or Linux PC. VMware Player runs virtual machines created by VMware Workstation, GSX Server or ESX Server and also supports Microsoft virtual machines and Symantec LiveState Recovery disk formats.

Download details: SyncToy v1.0

October 17, 2005

1 comments  

Download details: SyncToy v1.0: "SyncToy is a free PowerToy for Microsoft Windows XP that provides is an easy to use, highly customizable program that helps users to do the heavy lifting involved with the copying, moving, and synchronization of different directories. Most common operations can be performed with just a few clicks of the mouse, and additional customization is available without added complexity. SyncToy can manage multiple sets of folders at the same time; it can combine files from two folders in one case, and mimic renames and deletes in another. Unlike other applications, SyncToy actually keeps track of renames to files and will make sure those changes get carried over to the synchronized folder."

Critical Windows patch may wreak PC havoc

0 comments  

Critical Windows patch may wreak PC havoc | CNET News.com: "The patch was released Tuesday to fix four Windows flaws, including one that experts predict will be exploited by a worm in the coming days. The flaw, tagged 'critical' by Microsoft, lies in a Windows component for transaction processing called the Microsoft Distributed Transaction Coordinator, or MSDTC."

The Microsoft Advisory:

Systems that have changed the default Access Control List permissions on the %windir%\registration directory may experience various problems after you install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC: "Systems that have changed the default Access Control List permissions on the %windir%\registration directory may experience various problems after you install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC"

Exploit code raises Windows worm alarm

October 14, 2005

2 comments  

Exploit code raises Windows worm alarm | CNET News.com: "Exploit code exists for four of the 14 vulnerabilities for which Microsoft provided fixes this week, experts said Thursday. One of the exploits was written for a flaw which Microsoft tagged as 'critical.' The bug lies in a Windows component for transaction processing called the Microsoft Distributed Transaction Coordinator, or MSDTC.

'When we start to see exploits surfacing, we know there will shortly be malicious code,' said Alfred Huger, a senior director at Symantec Security Response. 'We expect at least the MSDTC vulnerability to be used in a worm in the short term.'"

It's sorta hard to decipher all the hype from reality.. Yes, in the past few years we've seen several examples of MS vulnerablilities turn into some nasty worms, but lately I've been seeing a news article like this after every major patch release, which just turns out to be all hype. I'm not willing to bet my networks and systems on wheter or not this is hype, but unfortunately I fear many will.

Black Tuesday - 9 total, 3 critical

October 11, 2005

3 comments  

Microsoft Security Bulletin MS05-044: Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495) - Moderate

Microsoft Security Bulletin MS05-045: Vulnerability in Network Connection Manager Could Allow Denial of Service (905414) - Moderate

Microsoft Security Bulletin MS05-046: Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589) - Important

Microsoft Security Bulletin MS05-047: Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749) - Important

Microsoft Security Bulletin MS05-048: Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245) - Important

Microsoft Security Bulletin MS05-049: Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725) - Important

Microsoft Security Bulletin MS05-050: Vulnerability in DirectShow Could Allow Remote Code Execution (904706) - Critical

Microsoft Security Bulletin MS05-051: Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400) - Critical

Microsoft Security Bulletin MS05-052: Cumulative Security Update for Internet Explorer (896688) - Critical







Download details: Using Domain Controller Virtual Machines

October 10, 2005

1 comments  

Download details: Using Domain Controller Virtual Machines: "Running domain controllers in virtual machines is best suited for test and pre-production piloting environments. With strict adherence to the requirements described in this document, domain controllers running in virtual machines can also be used in a production environment."

For more information Virtual Server 2005 Administrator's Guide and Using the VMRC client to access virtual machines.

Nematodes: The Making of 'Beneficial' Network Worms

October 07, 2005

0 comments  

{EWeek} Nematodes: The Making of 'Beneficial' Network Worms: "Convinced that businesses will use nonmalicious worms to cut down on network security costs, a high-profile security researcher is pushing ahead with a new framework for creating a 'controlled worm' that can be used for beneficial purposes.

Dave Aitel, vulnerability researcher at New York-based Immunity Inc., unveiled a research-level demo of the "Nematode" framework at the Hack In The Box confab in Kuala Lumpur, Malaysia, insisting that good worms will become an important part of an organization's security strategy."

Something like this is nothing new, but it's still a great idea. Anyone remember the Welchia worm in 2003 that removed the Blaster virus and then installed the MS03-026 patch? I would like to follow Aitel's progress in this area; this kind of tech shows promise.

Slew of Windows patches coming | CNET News.com

0 comments  

Slew of Windows patches coming | CNET News.com: As part of its monthly patching cycle, Microsoft on Tuesday plans to release eight security alerts for flaws in the Windows operating system.">Slew of Windows patches coming | CNET News.com: "As part of its monthly patching cycle, Microsoft on Tuesday plans to release eight security alerts for flaws in the Windows operating system."

Engineer's Toolbox - DesktopEngineer.com

October 03, 2005

5 comments  

Engineer's Toolbox - DesktopEngineer.com: "

Excellent resource - Must have RSS feed.