Monday, 11 December 2017

How to show a song, track, album or artist from Spotify in Blogger

This article shows how you can embed tracks or albums from Spotify in your blog or website, even if you don't use Spotify yourself.



About putting tracks from Spotify onto your website

If you have a blog / website about music, then you probably want to share clips with your readers.

Many music and video hosting sites let you do this by embedding them: this means that you allow YouTube (or SoundCloud or Vimeo, etc) to use some space on your site to show a particular piece of their content, with their logo / brand attached to it. They do this because it gives them exposure - and you get to keep the visit on your site instead of sending them away.

There are some music-recordings which are on Spotify, but aren't on any of the other music systems. Today, when I google "how to embed from Spotify, I get instructions which say "just right-click on the item in Spotify, and choose embed"  (sometimes using slightly different words) - like this:



However when I right-click on a track in Spotify, the "Copy Embed Code" option is missing.



I'm not sure if this is because I don't have a Premium subscription, because of some issue with my browser, or just because Spotify changed their system but didn't update their documents.

Fortunately I've found that there is a Spotify tool you can use to generate the embed code.



How to show a song, album, artist or playlist from Spotify in your blog / website


1   Find the item (song, track, album or artist) that you want to embed

2   Right click on it, and choose Copy <<Whatever>> :Link    (eg   Copy Song Link   or Copy Playlist Link)



3   Go to this webpage (opens it in a new tab or window when you click it):   https://developer.spotify.com/technologies/widgets/spotify-play-button/


4   Scroll down to Get the Code, and paste the copied value into the box


5    Copy the code which is put into the box under step 3.

6    For Blogger, install it into your blog the same way you would install any other HTML code.      For other tools, eg Wordpress.org, follow the usual approach for embedding code


Job done!

You will now have an item from Spotify displaying in your blog.

What exactly it looks like depends on the type of item, and perhaps where you put it.

What this embedded item does  (eg does it play a readder clicks on it) depends on
  • Your visitor's status:  Spotify members see the whole thing, free-service members only see a 30-second clip, and
  • Where they are viewing it from ie does the country they are accessing the internet from have rights to see the material you shared


Troubleshooting

If you try to embed somehthing, then visitors to your website who are accessing the internet from another country if the "content owner" (ie person who made the album, track, etc that you're embedding) has given permission for this.

If they don't have this permission, you may see a response like the one to the right.







Related Articles

How to install code from 3rd parties into Blogger
By at No comments:
Labels:forex, iqoption, pubg Hacked ,

Saturday, 9 December 2017

8 Ball Pool Mod v 3.12.1 By Game Killer

8 Ball Pool Mod By Game Killer


👇FEATURES OF THIS HACK👇

(1) UNLIMITED MONEY

(2) UNLIMITED GUIDELINE ON EVERY TABLE

(3) UPDATED VERSION

(4) ANTI BAN FOR 1 WEEK

(5) GAME KILLER MOD ENABLE

(6) *NO ROOT*

(7) ETC... FRIENDS MY ALL MODS ARE FREE SO PLEASE SUPPORT MY CHANNEL AND HELP ME TO GET MORE SUBSCRIBES


To Luarn How To Hack Any Games Subscribe Hack Now Channel


By at No comments:

Thursday, 7 December 2017

Last Day on Earth Mod v1.6.10 By Game Killer

Last Day on Earth Mod By Game Killer


👇FEATURES OF THIS HACK👇

(1) UNLIMITED MONEY

(2) UNLIMITED AMMO

(3) UPDATED VERSION

(4) ANTI BAN

(5) GAME KILLER MOD ENABLE

(6) *NO ROOT*

(7) ETC... FRIENDS MY ALL MODS ARE FREE SO PLEASE SUPPORT MY CHANNEL AND HELP ME TO GET MORE SUBSCRIBES


To Luarn How To Hack Any Games Subscribe Hack Now Channel


By at No comments:

Wednesday, 6 December 2017

StorageCrypt ransomware, a coinminer and more



Lawrence over at Bleeping Computer posted an interesting blog yesterday:
StorageCrypt Ransomware Infecting NAS Devices Using SambaCry

In that blog, Lawrence pointed out quite some users had issues with a new ransomware, dubbed StorageCrypt, and possibly spread via a worm.

There is a Windows component and a Linux component. We'll briefly take a look at both, hopefully providing some additional insight and indicators.


Windows artifacts

美女与野兽.exe is the Windows component, and as pointed out by Lawrence, translates loosely to 'Beauty and the Beast'.

This executable is packed with ASPack, and appears to to display worm-like and backdoor behaviour, with the additional 'feature' of spreading itself via removable drives. After unpacking the sample, it reveals some interesting strings:

1.vbpSMSS.EXEhttp://www.freewebs.com/kelly6666/sm.txthttp://www.freewebs.com/kelly6666/lo.txtDBST32NT.LOG.bak.exeV1.8Start Success.logyyyymmddmmssTxt Open ,Repair the application! is running, Repair the application from backup. is running, Repair the application from MySelf. running is running, update the application !Get V Data!Read Tname to memory.icoKill icoExtractIcons...Write to Tname...ip addr addedGetFolderFileDate...Replace all attrib.I m here!-->Insert Error : for .dll.dll  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonShellexplorer.exe UserinitHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindows9xPacksHKEY_CLASSES_ROOT\txtfile\shell\open\command NOTEPAD.EXE %1HKEY_HKEY_CLASSES_ROOTHKEY_CURRENT_USERHKEY_LOCAL_MACHINEHKEY_USERSHKEY_PERFORMANCE_DATAHKEY_CURRENT_CONFIGHKEY_DYN_DATAErrorC:\boot_net.datC:\dosnal.exeFind all exe file from Local host*.exeDownload files is accomplish!Run files of download is success![autorun]Download files1 is accomplish!Run files1 of download is success!This program cannot be run in DOS mode.This program must be run under Win32Autorun.infsuccess.txtcmd.exe /C net view command.exe /C net view  to find to Create file.exeopen=.exeGet Local host IP: Rnd IP:DiskC:\dntboot.binip packet too_bigip unload
Whatever was hosted at www.freewebs[.]com, cannot be retrieved as it no longer exists.

In any case, binaries similar as to this one, appear to have been floating the web for quite a while, as can be observed in this analysis result from 2013 by Team Cymru's TotalHash.

I've uploaded the unpacked sample on Hybrid Analysis.


Linux artifacts

The Linux component appears to exist out of a Samba vulnerability, dubbed SambaCry, and assigned CVE-2017-7494 from earlier this year.

There are several components, which are listed in the table below.


Filename Hash Purpose
kJn8LUAZ.so 6b5b4fce04f36101c04c0c5b3f7935ea Downloads ‘sambacry’
ZbdofxPY.so 053bb22c2cedf5aa5a089bfd2acd31f6 Downloads ‘sambacry’
sambacry ffe17e314f7b1306b8badec03c36ccb4 Fetch other payloads
httpd1 a5e8cb2e7b84081f5b1f2867f2d26e81 Miner config
minerd32 a016b34ade18626f91d14e46588d6483 Coinminer
watchcat32 ac9ad6bc8cd8118eaeb204c2ebf95441 Watchdog

The 'sambacry' binary will, after one of the .so files has downloaded it, download a set of other files from the C2 server, which is 45.76.102[.]45.

These files are to support the coin mining and, alongside installed, is also what appears to be a watchdog, which monitors the miner process. Additionally, it runs the following in a loop:

while true do  
 ps -ef|grep -E "wget|curl"|grep -v $$|grep -v 45.76.102.45|awk '{print $2}'|xargs kill -9 
done

Whoever's behind this campaign is using the email address madhatterss@protonmail[.]com, as defined in the miner configuration:

{
        "url" : "stratum+tcp://xmr.pool.minergate.com:45560",
        "user" : "madhatterss@protonmail.com",
        "pass" : "x",
        "algo" : "cryptonight"
}

While analysing both Windows and Linux artifacts, I have not observed any ransomware behaviour, so likely the latter is installed manually later on by the attacker.

If you run a Samba server, patch immediately, as this vulnerability has already been reported in April.


Indicators



By at No comments:
Labels:forex, iqoption, pubg Hacked , , , , , ,

Sunday, 3 December 2017

Notes on Linux/BillGates



In a previous blog post, I wrote some (extensive) notes on Linux/Xor.DDoS, also known as just Xor.DDoS, an interesting type of Linux malware.

You can find that particular blog below, in which I give some history, details, remediation and prevention in regards to the specific threat Xor.DDoS poses:
Notes on Linux/Xor.DDoS

This post will include some notes on Linux/BillGates, hereafter referred to as just 'BillGates', and rather than being very in-depth as the previous blog, I will mostly list high-level notes and remediation or disinfection steps. Additionally, after the conclusion, you will find other resources if necessary. In case of questions, comments or feedback, leave a comment or contact me on Twitter.


What is BillGates?

BillGates is malware designed primarily for Linux, and since it is a botnet, it is mostly used for DDoS purposes.

However, just as Xor.DDoS, it has limited rootkit and backdoor functionality and thus it's possible remote commands are executed as well as additional malware downloaded.


How can I identify BillGates artefacts?

Please find below a table with indicators.

Indicator Notes
/etc/cmd.n
/etc/conf.n
/etc/init.d/DbSecuritySpt
/etc/init.d/selinux
/etc/rcX.d/97DbSecuritySpt Where X is a number, usually symlinks to /etc/init.d/DbSecuritySpt
/home/ll2 Identify all files with random names in /home/
/tmp/.bash_root.tmp3
/tmp/.bash_root.tmp3h
/tmp/bill.lock Identify all .lock files in /tmp/
/tmp/bill.lod Contains Process ID (PID) of malware main module
/tmp/gates.lod
(or gates.lock)		 Contains PID of malware main module
/tmp/moni.lod
(or moni.lock)		 Contains PID of malware 'watchdog'
/tmp/notify.file
/usr/bin/*.lock Identify all .lock files in /tmp/
/usr/bin/bsd-port/.sshd
/usr/bin/bsd-port/*.lock
/usr/bin/bsd-port/getty
/usr/bin/bsd-port/getty/*.lock Identify all .lock files in /usr/bin/bsd-port/getty/
/usr/bin/pojie Identify all files with random names in /usr/bin/
/usr/lib/libamplify.so Configuration file



How can I identify BillGates DDoS modules?

These modules are usually stored in /etc/, and will have the following names:

  • atddd 
  • cupsdd 
  • cupsddh 
  • ksapdd 
  • kysapdd 
  • sksapdd
  • skysapdd

It may however be useful to use the find command in conjunction with these names, in case they are residing in a different location than /etc/.


How can I identify other modifications BillGates made?

BillGates does create aliases and/or modifies/replaces files which are typically used to monitor processes or the network. The following may be replaced:


  • /bin/lsof
  • /bin/netstat
  • /bin/ps
  • /bin/ss
  • /usr/bin/lsof
  • /usr/bin/netstat
  • /usr/bin/ps
  • /usr/bin/ss
  • /usr/sbin/lsof
  • /usr/sbin/netstat
  • /usr/sbin/ps
  • /usr/sbin/ss

A copy of the legitimate files is normally stored in:
/usr/bin/dpkgd/

Additionally, check for any potentially created jobs by looking in:
/etc/cron.X where X is a name or folder, for example /etc/cron.daily.

You may also wish to look in:
/var/spool/cron/


Removal instructions

While the ps command may be replaced, top is not. Run the top command and verify any illegitimate processes, usually they will be randomly named. Alternatively, identify the *.lod and *.lock files, and use cat for example to read them, and identify the PID of the malware.

Then, use kill to end the malicious process(es), and remove the files or artefacts as indicated in the table above.

Afterwards, use mv to move the legitimate files back to their original location. You can also use a file manager to easily move them, if you have one.

You may also use an anti-virus to identify and remove any malicious files, for example ClamAV does a great job - BillGates is a rather older botnet by now and thus most antiviruses should have coverage for it. Don't forget to update the anti-virus' signatures first, if needed.

This same explanation but step-by-step to make it easy:


  • Identify malicious processes: use top or check the PID in BillGates' config files;
  • Kill malicious processes: use kill -9   to kill any of its processes;
  • Remove malicious files and folders, see the sections above;
  • Replace potentially hijacked files and restore them to their original location, see also above:
  • Identify any malicious tasks and delete them as indicated above;
  • Run top again to verify there are no malicious processes left;
  • Run an anti-virus or anti-malware as a secondary opinion;
  • Change your passwords, better be safe than sorry!

Conclusion

While Linux/BillGates may not be the biggest player on the market anymore, or even not as popular or common nowadays, the threat still exists, just like Xor.DDoS.

Practice proper security hygiene and take appropriate preventative measures.

In the resources section below, you may find additional useful links.


Resources

By at No comments:
Labels:forex, iqoption, pubg Hacked , , , , , , , , , ,
Subscribe to: Posts (Atom)