Saturday, 20 September 2014

A word on CosmicDuke


On Thursday F-Secure released a blog post on CosmicDuke. But what is CosmicDuke exactly?

CosmicDuke - the first malware seen to include code from both the notorious MiniDuke APT Trojan and another longstanding threat, the information-stealing Cosmu family. When active on an infected machine, CosmicDuke will search for and harvest login details from a range of programs and forward the data to remote servers.
Source: COSMICDUKE: Cosmu with a twist of MiniDuke (PDF)

In other words, it will (attempt to) steal your login credentials from browsers and any other programs you may or may not use. I was interested to take a look, queue how Twitter comes in handy:



In this post we'll be focusing on sample 82448eb23ea9eb3939b6f24df46789bf7f2d43e3 - which supposedly handles about the EU sanctions against Russia.


When opening the document:

(Source)


















When you open the document with macros disabled:














Seems they got prepared in case anyone disabled macros. Think this is a legit Word document?
Nope.

When you open the document, there's actually a child process spawned (tmp4D.tmp) which also loads a file called input.dll:


Don't be fooled by the company name or description,
this isn't IIS Express Worker Process nor has it anything to do with Microsoft.









We'll soon see what all this does. First, I'd like to provide some background information. The file's a .docx file, which means it is a combination of XML architecture and ZIP compression for size reduction and was implemented when Office 2007 was introduced. Why is that relevant?

Because you can unzip (with 7-zip for example) any Office file with the new extension:
(.docx, .xlsx, .pptx, ...)


Unzipped content of a .docx file











Thus, you can have a peek inside the document without actually opening it. If we look inside the "word" folder from our document, we can see the following (note the highlighted entries):
Unzipped content of  our .docx file


As you can see, there are 3 extra files there, 2 DLL files and a BIN file. Those files are embedded into the Word document. The BIN file loads an OLE , which then loads either the input.dll or input64.dll file, depending on your Operating System architecture. (in other words, the Office macro loads a malicious binary file.)

If you're interested in what the OLE artifact contained, here's a Pastebin link:
CosmicDuke VBA macro

Afterwards, the malware tries to kill the following processes:
cmd.exe
savadminservice.exe
scfservice.exe
savservice.exe
ekrn.exe
msseces.exe
MsMpEng.exe
dwengine.exe
ekern.exe
nod32.exe
nod32krn.exe
AvastUi.exe
AvastSvc.exe
kav.exe
navapsvc.exe
mcods.exe
mcvsescn.exe
outpost.exe
acs.exe
avp.exe

It will then try to gather as much data as possible, from cookies to files containing *psw*;*pass*;*login*;*admin*;*sifr*;*sifer* or *vpn. Soon after your data will be uploaded to an FTP server... Which wasn't too hard to find.

Anyways, here's some additional information on the Word file by automated tools:
MalwareTracker Result
VirusTotal Result



Prevention



Conclusion

It seems obvious that malware authors are keeping up-to-date with the latest news and as such adapting their campaigns as well. Better be safe than sorry and don't trust anything sent via email. ;-)

If you're in an organisation, you might want to consider blocking the execution of all macros (or only allow the ones that are digitally signed if there's no other option) by using GPO.

You can find those templates here:
2007 Office system (SP2) Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool
Office 2010 Administrative Template files (ADM, ADMX/ADML) and Office Customization Tool download
Office 2013 Administrative Template files (ADMX/ADML) and Office Customization Tool



Resources

Analyzing Malicious Documents Cheat Sheet
COSMICDUKE: Cosmu with a twist of MiniDuke (PDF)
Where is the documentation for Office's docx/xlsx/pptx formats? Part 1: Office 2007
Where is the documentation for Office's docx/xlsx/pptx formats? Part 2: Office 2010
By at No comments:
Labels:forex, iqoption, pubg Hacked , , , , , ,

Wednesday, 17 September 2014

Faceted search, SEO and user experience: how to and why?

SEO of faceted search
Certain ecommerce sites with only few product categories and some thousands of products are able to generate thousands upon thousands useless URLs, through product search, product filter and product option URLs. Sad, but true. We can't do as if this problem wouldn't exist. To leave such URLs unhandled would bring tons of negative SEO impact. There are only few kinds of dealing with such URLs:
  • to get rid of them completely,
  • to turn a part of useless URLs into useful, and
  • to reduce the negative SEO impact of the remaining useless URLs.
Note!
There isn't the magic method - no one of existing SEO techniques does the trick alone. What works is the combination of SEO techniques, which i collect in this article.
 Lets look →
Read full article »
By at No comments:
Labels:forex, iqoption, pubg Hacked ,

A potpourri of open-source engines for old(er) games

Yep, not much updates on the blog, but I thought I throw up a list of (mostly) obscure open-source news:
Less obscure: New version of OpenMW (0.32).

Big tease: Icculus works on open-sourcing a game and it seems to be a relatively new title as it includes steamworks support.

Please comment below if you know of other recent open-sourceing efforts ;)
By at No comments:
Labels:forex, iqoption, pubg Hacked ,

Tuesday, 16 September 2014

Did you know that your blog is in the cloud?

This article explains the relationship between your blog and "the cloud", and other ways that you might be using the cloud without even realising it.




A few days ago, I received an email from Sam who works for "SingleHop, a company that specializes in cloud computing."

He explained that
"Due to recent events like Heartbleed, the Target breach and the leaking of celebrity photos to the public, the world is abuzz about "the cloud." However, you may be wondering what exactly it is and what it does. We are hoping you would be interested in sharing a post with your readers about cloud computing in everyday life.

 In a nutshell, the cloud is a way to store data remotely, rather than on your home computer. This gives you easy access to your photos, documents, and other files from anywhere at any time. We are hoping that by spreading awareness about how the cloud works, we can help others make smarter decisions about what they post/share online.

 We have put together a graphic discussing some of the most common ways you use the cloud. We would love to share this with you so that you can use the information to help create a post about how you use cloud computing in your day-to-day life.

Being the suspicious sort, I wondered if this was come kind of spam / scam. But it didn't feel totally spammy: there was no link to SingleHop in the email, his message text didn't come up in any of the hoax or urban-legend sites, and the company looks legitimate - though I cannot see how they will benefit from being linked to from my blog.

I wrote back to Sam, and sure enough he sent me a graphic. It looks sensible-enough, doesn't appear to have any viruses in it, and a Google image search isn't showing it anywhere else on the web. So far, so good.

I had asked "what's the catch" and he replied "No catch, we're just trying to spark discussion and create awareness about how people use the cloud. We’d love for you to talk about how you use the cloud, whether it’s to be productive at work, share special moments with friends or relax at home."

So here goes - a blog post about blogs, bloggers, Blogger and the cloud, with an illustration compliments of SingleHop (who didn't ask for the backlink).


Your blog is already in "the cloud"

For all the hype, "the cloud" is nothing new - at least not for individuals.

 As Sam said the cloud is just "a way to store data remotely, rather than on your home computer". 

I've been doing this on in Blogger since 2006 and doing it seriously (ie writing for more than just myself) since 2009. I've been using internet-email since 1987 - eve though most of the world didn't start until ten years later.   More recently I switched to using email accounts that let me keep all my email on-line and access it via IMAP rather than downloading it to my PC using POP3.

Obviously - if you have a blog made with Blogger, then it is already in "the cloud".

And this is true whether your have a public blog, or a private blog with restricted readers:  even those select people will be seeing the version of your blog that it on the internet.

The same if you are using Picasa-web-albums or any other picture-hosting service to keep photos that you show in your blog.   Or Youtube to store your videos, Google-Contacts to manage your address book, Google Drive to store the PDF files that you distribute through it, or a Facebook page, Twitter account or Pinterest boards to promote your blog.

These are all "in the cloud" because people who see them on your blog see the version that you uploaded to the internet, not the one on your home computer. This means that the pictures, videos etc can still be seen, even when your computer is turned off.

There are also new ways of interacting with your blog, which "the cloud" is making possible, eg I'm currently experimenting with an app called Pixlr, as a way to manage the size of photos loaded to my "quirky pictures from my city" photoblog directly from my phone.   But the basic idea - that your blog is "in the cloud" hasn't changed since well before the cloud became hip.


Are there other ways that you can, should and do use "the cloud"?

Probably. Some of these will just be about the way your blog develops - for example if you start makign vlogs (video-blog-posts), you can store them on YouTube.

Others could be more suable. Looking through Sam's picture (below), one issue that stands out for me is backup: as well as using Google Takeout to make periodic copies of the contents of all my blogs, I should probably start to save these somwhere extra-safe just in case anything bad happens.

And for some types of blog, using streaming-media might be important.  SingleHop says that this is for entertainment.  But I can easily see it being useful for choral singers who are learning new works, teachers who want to share their materials, and even sports players who want to train to specific regimes that are distributed by "video", and available to play when needed - as well as for bloggers who write about these topics.

More information

Sam's graphic is shown below: he didn't say whether it it was ok to include in my post or not, so I thought I'd risk it and share it with you - I'm sure he'll be in touch if he wants me to take it down!

Most probably, your blog itself will fit into his social media category: blogs are really just ultra-long Twitter posts, delivered inside a tool that gives lots of creative freedom about how material is displayed.

But in some cases, you may fit into the collaboration category, if you are writing a team blog and have set up other team-members to write in it. B ut what do you think - does it belong somewhere else?

The cloud, that big and nebulous thing that everyone seems to be using - does anyone really know what it is? Cloud computing is actually pretty simple: instead of storing information on a specific computer, it gets stored in a networked system that allow access from anywhere that you have an Internet connection. Cloud computing is leveraged to deliver a wide variety of applications. More of our lives are lived in the cloud every day, so we put together this list of the most common uses of cloud computing to help people understand what's going on. File storage and transfer: extend your hard drive by storing documents, apps and other files elsewhere. Also, if you're cleaning up your computer and decide you want to keep some files on your desktop intead of your laptop, cloud systems are the most convenient way to move them over. Backup: everyone has lost something irreplaceable, whether it's a precious picture, a key piece of financial information or the manuscript for the next Great American Novel. Backing up your files remotely is recommended by many data experts, and cloud services are the best way for individuals and companies to do this. Entertainment: Streaming media has become big. Rather than packing computers with large swathes of music or video, many people are opting for services that serve up content on demand, which often means access to more entertainment options than if storing everything locally. Productivity: When's the last time you got home and realised you forgot to pick up something at the store for dinner? Many cloud services offer ways to plan your day, take notes and organize your whole life. collaboration: for business or pleasrure, getting put from multiple people can be hard to pull off, especially when people live far away. Cloud-based apps lets you work together to build documents, spreadsheets, presentations, brainstorms and a host of other ways to join family, friends, co-workers and business partners throughout the world. Social media: from big-name services to small niche communities, people enjoy gathering on-line to share and discuss their favourite topics of interest. The next time that you like, retweet or pin something, keep in mind that you're doing it in the cloud. Email: Web-based email was a cloud service before the cloud was even a thing! Instead of downloading electronic messages to your computer, the cloud lets you view them anywherever you want. There are many other ways that cloud computing is used on a daily basis, of course, and SingleHop has a blend of Cloud services. We'd love to hear about some of the ways you use your cloud on a daily basis.



What you can and cannot know

For most bloggers, their use of "the cloud" will be pretty invisible: they see themselves as using Blogger or Wordpress or whatever, rather than using "the cloud"

If you look harder at Sam's company website, you will see that they are offering virtual private cloud services. In very, very rough terms, this means they own a very large set of computers, and rent out space on them - set up so that only people from the organisation which has leased the space can see the space and use the computer-power behind it.  This is different to public cloud services, where the processing power is shared with other people using the same computer.

For almost all cloud systems that you will use as a blogger, you aren't going to be certain whether they are based on public-cloud or private-cloud services - but for all practical purposes, you don't need to know.


But is it safe?

This is the biggest question for most when people someone starts talking about "the cloud" - especially if they've heard about passwords being hacked etc

Certainly my first reaction was that the companies I work within my day job would never use the cloud, because they would have to put too much sensitive data onto computers outside their control. And for some, this is true.

But what I eventually realised is that generally the large "cloud services companies" provide better computer security than you do in your house - and far better than the single IT-staff person in a small company can manage.  So overall, I think it's now safe to say that "the cloud is as secure as any other computing tool you use", and that the biggest risk to the safety of your information comes from choosing bad passwords, or having viruses / malware attack your computer.


What do you think?

Are you happy that your blog is in "the cloud" - would you prefer a blogging solution that let you keep your private blogs, at least, in a non-cloud place?



Related Articles:

Understanding Picasa: Picasa-web-albums are Picasa "in the cloud"

Planning a social-media strategy for your blog.

Letting other people post to your blog.

Blogs, bloggers, Blogger - understanding the basic defintions around blogging
By at No comments:
Labels:forex, iqoption, pubg Hacked , , ,

Wednesday, 10 September 2014

H for htaccess: part 5 of the HASCH the OnPage SEO framework

htaccess tutorial for seo
.htaccess (hypertext access) is a text file, placed mostly in the root folder of the given site and invisible cause of the point at the begin. .htaccess contains directives for server, server software, robots and browser about handling of files, folders and paths / URLs.

Generally there are 2 topics, where .htaccess can be used for SEO purposes:
  • Mod_alias and mod_rewrite directives (URL redirects and rewrites)
  • load time optimization
Site security has in my opinion only indirectly to do with SEO, so i decided not to make it to a topic of this article.

The last, fifth part of my HASCH OnPage SEO framework is about the SEO mission of .htaccess. I aim to create a kind of multipurpose explained and examples-illustrated checklist about .htaccess usage for mod_rewrite and robots manipulation and load time optimization as advanced SEO objectives. This ".htaccess for SEO" tutorial will be helpful (for me and you) on performing site audits and building new strictly SEO-minded sites. Read the tutorial →
Read full article »
By at No comments:
Labels:forex, iqoption, pubg Hacked , ,
Subscribe to: Posts (Atom)