Sunday, 3 November 2013
Friday, 1 November 2013
AUS/USD 2nd November 2013 Monthly Report
AUD Primary cycles
AUD Primary cycles and breakout patterns (Dilernia Principles) suggests the AUD will continue down towards the 2014 yearly lows.
We've just recently seen Secondary support come into play around .8870 and swing back up into the 50% level @ .9730 (#3)....
My view is that the Primary cycles will now come into play and push the AUD downward, as part of a Primary break & extend pattern.
Finding the co-ordinates of a place in the new Google Maps
This article explains how to get the co-ordinates for a particular location in the new and old Google Maps interfaces.
In mid 2013, Google started rolling out a new version of Google Maps, which even now (Nov 2013) is still in Beta-testing and only works with Chrome and Firefox on desktop (ie not mobile) devices. It's related to Google Maps Engine Lite - a better tool for creating custom map - not not exactly the same product.
When I looked at Maps Engine Lite, one of the things I noticed is that there are a number of features which are missing from the new tool- and the lack of a right-click feature on map-positions means that lots of functions are accessed in a different, possibly non-intuitive, way.
Left click on the exact place that you want co-ordinates for.
Notice that there is a small circle which radiates at that place, or the nearest on-street place. It's a little this, except that it a white/light shade, rather than grey:
In the top left of the map, a small display box appears, showing the nearest street address and a pair of latitude / longitude co-ordinates.
For both the street-address and the co-ordinates:
Note that if the place you originally clicked on is an on-street address, then the address and and co-ordinates will point to the same place. But they are not necessarily the same. (I think this is a mistake on Google's part: if they show an address with co-ordinates immediately under it, most people will assume that the two relate to the same place, but that's not true at the moment. It may change soon-enough though.)
Right click on the location that you want to find the co-ordiantes for.
Choose "What's here" from the pop-up menu.
At this point, Google Maps will:
So of course you can copy-and-paste the co-ordinates from the search box.
(The pictures in this article above barely look like maps because I'm led to believe that one of the Terms and Conditons for Google Maps is that we cannot put screenshots of the mapping data into how-to articles. So I've kept the places particularly zoomed-in, to avoid any distinguishing features.)
Google Maps Engine Lite - a better tool for creating custom maps
New vs old Google Maps
When I looked at Maps Engine Lite, one of the things I noticed is that there are a number of features which are missing from the new tool- and the lack of a right-click feature on map-positions means that lots of functions are accessed in a different, possibly non-intuitive, way.
How to find the co-ordinates of a particular place in the new Google Maps
Left click on the exact place that you want co-ordinates for.
Notice that there is a small circle which radiates at that place, or the nearest on-street place. It's a little this, except that it a white/light shade, rather than grey:
In the top left of the map, a small display box appears, showing the nearest street address and a pair of latitude / longitude co-ordinates.
For both the street-address and the co-ordinates:
- You can copy / paste these as text.
- If you hover your mouse over them, then inside the maps a small circle radiates out from that spot.
- They are links: if you click on them, then the map zooms and centres at that place, with a large red marker and the street-address name or co-ordinates displayed beside it.
How to find the co-ordinates of a particular place in the existing Google Maps
Right click on the location that you want to find the co-ordiantes for.
Choose "What's here" from the pop-up menu.
At this point, Google Maps will:
- Show the latitude and longitude co-ordinates in the maps search box
- Put a green arrow showing the exact location that you clicked into the map itself
- Put the street address on the nearest on-street location into the maps search-result list, along with a marker to this location on the maps.
So of course you can copy-and-paste the co-ordinates from the search box.
(The pictures in this article above barely look like maps because I'm led to believe that one of the Terms and Conditons for Google Maps is that we cannot put screenshots of the mapping data into how-to articles. So I've kept the places particularly zoomed-in, to avoid any distinguishing features.)
Related Articles:
How to embed a Google custom map into your blog or websiteGoogle Maps Engine Lite - a better tool for creating custom maps
Malware spreading via Skype
Malware spreads via Skype. Just sends the file to all your contacts, nothing more, nothing less. (no message to invite you to check out "photos", no call, ...)
### Analysis ###
Known MD5's:
293cc1f379c4fc81a7584c40f7c82410
66def80d6f87f6f79156557172f9f295
Callback to IP's:
88.150.177.162
Callback to domains:
Random & partial DGA(1) - Pattern:
http://%random%.aingo.cc
Persistence:
Creates key in:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Injects into:
explorer.exe
Sets Proxy:
Yes
Type of malware: Caphaw - Banking malware
Technical details ~~
Meta-data
================================================================================
File: /home/remnux/samples/invoice_171658.pdf.exe_
Size: 360448 bytes
Type: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 293cc1f379c4fc81a7584c40f7c82410
SHA1: 7bb5b71513e01c2095d37f42c64982a3edb523b5
ssdeep: 3072:fkrImDVQFgEHQPqviUBSnk92oKMcs3JVJXnGcYHmZ52ZgMed1pJ8t/Jpm3dDlnx/:MkpCEwCvi2b92NMxBnUmyZ9o1z8tL
Date: 0x52739069 [Fri Nov 1 11:28:41 2013 UTC]
EP: 0x401270 .text 0/4
CRC: Claimed: 0x5eb47, Actual: 0x5eb47
Resource entries
================================================================================
Name RVA Size Lang Sublang Type
--------------------------------------------------------------------------------
RT_CURSOR 0x532b0 0x134 LANG_RUSSIAN SUBLANG_RUSSIAN data
RT_BITMAP 0x536c0 0x1eec LANG_RUSSIAN SUBLANG_RUSSIAN data
RT_BITMAP 0x555b0 0x4e8 LANG_RUSSIAN SUBLANG_RUSSIAN data
RT_ICON 0x55a98 0x128 LANG_RUSSIAN SUBLANG_RUSSIAN GLS_BINARY_LSB_FIRST
RT_ICON 0x55bc0 0xea8 LANG_RUSSIAN SUBLANG_RUSSIAN data
RT_ICON 0x56a68 0x568 LANG_RUSSIAN SUBLANG_RUSSIAN GLS_BINARY_LSB_FIRST
RT_ICON 0x56fd0 0x10a8 LANG_RUSSIAN SUBLANG_RUSSIAN data
RT_ICON 0x58078 0x468 LANG_RUSSIAN SUBLANG_RUSSIAN GLS_BINARY_LSB_FIRST
RT_GROUP_CURSOR 0x533e8 0x14 LANG_RUSSIAN SUBLANG_RUSSIAN Lotus 1-2-3
RT_GROUP_ICON 0x584e0 0x4c LANG_RUSSIAN SUBLANG_RUSSIAN MS Windows icon resource - 5 icons, 16x16, 16-colors
RT_VERSION 0x53400 0x2c0 LANG_RUSSIAN SUBLANG_RUSSIAN data
Sections
================================================================================
Name VirtAddr VirtSize RawSize Entropy
--------------------------------------------------------------------------------
.text 0x1000 0xee6 0x1000 5.764246
.rdata 0x2000 0x49ce2 0x4a000 5.440947
.data 0x4c000 0x619c 0x6000 0.012147 [SUSPICIOUS]
.rsrc 0x53000 0x5530 0x6000 3.693765
Version info
================================================================================
LegalCopyright: gex Copright ls soft
InternalName: jex MUWEfess dlle
FileVersion: 13, 13, 201, 1241
ProductName: jox Weaex Apps
ProductVersion: 13, 13, 21, 153
FileDescription: jex dllx
OriginalFilename: lexlse.exe
Translation: 0x0419 0x04b0
~~
### Prevention ###
* Check your Skype settings. Only allow contacts to send you messages/files & contact you
* Don't download and run unknown files, especially PE(2) files
### Disinfection ###
* Run a full scan with your installed antivirus product
* Look for suspicious Run keys and delete the associated file(s)
* Run a full scan with another antivirus and/or antimalware product
* Change your Skype password
* Change your proxy to the original one(3) (usually none)
* Change ALL your other passwords
* Call your bank to ensure there was no unauthorized withdrawal or transaction
* When in doubt, seek advise on a professional malware removal forum(4)
### Conclusion ###
* Follow above prevention tips
* Use common sense & do not click on or run anything you encounter
* When in doubt, check the file on VirusTotal for example
# Links #
(1) http://en.wikipedia.org/wiki/Domain_generation_algorithm
(2) http://en.wikipedia.org/wiki/Portable_Executable
(3) http://www.wikihow.com/Change-Proxy-Settings
(4) http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs
Subscribe to:
Posts (Atom)