putosusio

Forum Replies Created

Viewing 14 reply threads
  • Author
    Posts
    • #36109
      putosusio
      Participant

      The more secure sites stay in https, for example banking and e commerce sites. Usually social networking, some email sites, and forums don’t because security isn’t a concern. A good way to protect yourself is to use different passwords for different sites, even if they’re off by just a character or two.

    • #32633
      putosusio
      Participant

      Whatever you do, don’t act too quickly. There may be an APT in your organization.  A blog post on Mandiant’s website explains it better: http://blog.mandiant.com/archives/1525

    • #35706
      putosusio
      Participant

      reformat and be done with it.

      simple and effective.

      p.s. if your dad was a NSA cracker, you’re screwed.

    • #35847
      putosusio
      Participant

      Is this a home VOIP solution or an enterprise VOIP?

    • #35340
      putosusio
      Participant

      @Grendel wrote:

      I hate programming as well. Over time I have found that (unfortunately) understanding programming becomes more important in more advanced skills, especially reverse engineering. It’s just one of the essentials that cannot be avoided.  >:-/ I wish it could be – I started out as a perl jockey since that was the most that was required for a solaris sysadmin. OO programming frustrates me.

      … ditto. It is more and more of a necessity.

    • #36104
      putosusio
      Participant

      See if this helps answer your questions, http://www.schneier.com/blog/archives/2010/10/firesheep.html

      If not, how about you do a write up about it for the EH community answering the questions you posted. I know I’d be interested to know more.

    • #36110
      putosusio
      Participant

      @infoseci wrote:

      Coming soon we will demonstrate how to perform a MitM attack against SSL encrypted sessions.

      … do I smell SSLStrip?

    • #35276
      putosusio
      Participant

      If you’re going to get into security, you might as well learn now; Security (the 8 mix character requirement) is not easy. If it was, everybody would be doing it and we would be out of a job.

    • #35964
      putosusio
      Participant

      Getting past the interview will be the issue.  The CISSP or any other cert will do you no good if you can’t do what it says your suppose to be able to do. There is no substitute for experience.

    • #35863
      putosusio
      Participant

      facsimil3 are you just starting your computer education or are you already taking classes?

    • #34351
      putosusio
      Participant

      Another good way to learn is to build yourself a computer lab. One machine with VMs will do just fine.

    • #35972
      putosusio
      Participant

      kaizen:

      I didn’t mean to suggest that the Chinese government are responsible. I mentioned the chinese because most of the domains that were resolved were .cn domains.

      The webistes I visited were from well know companies, i.e. Microsoft, VMware, Citrix, etc.  If I was infected by malware it had to have come from such a website. I would just think that they would know it malware was being served from their website.

      I have not googled for the domains that were resolved for fear that the links would take me to their websites and load even more malware onto my system.

      tturner:

      Really? Who would of thought. You sir, are a genius. 

      … back to my original topic.  I did some more searching on my system and found a suspicious ini file.  From the little I can read of the code, it appears to be a config file for a fake anti-virus/malware program.  Here is the code in hopes someone here can read it and help me understand more about it:

      [Main]
      formCaption=Application
      MainTB=0=Security status,1=System scan,2=Check for updates,3=Settings,
      lStatusHeader=Security status
      lStatusL2=Runtime system protection status monitoring. Be sure all the tools marked ON.
      lStatusSummary=Security summary:
      lStatusL3=Running insecure state, several vulnerabilities are detected
      lStatusL4=Last virus scan:
      Label7=Last update:
      lStatusL5=Last scan results:
      lStatusLastUpdate=never
      btStatusFirewall=Disable
      btStatusAntivirus=Disable
      btStatusSpyware=Disable
      btStatusAutoUpdate=Enable
      btStatusScheduleScan=Enable
      btStatusRAM=Enable
      labelSSCaption=System scan
      labelSS_2=Scan && fix Your computer
      labelSS_ScanType=Scan type: 
      gbScanStat= Last scan summary 
      gbActiveScan= Scan process 
      rbQuick=Quick
      rbDeep=Deep
      rbSelectFolder=Select Folder
      rbMemoryScan=Memory Scan
      btStart=Start
      btStop=Stop
      lvFoundItems=0=Threat Name,1=Type,2=Description,3=Threat Level,
      btRemoveThreads=Remove Threats
      stScanStats1=Objects scanned:
      stScanStats3=Threats detected:
      stScanStats5=Removed/healed:
      stScanStats_eliminate=0
      stActiveScan1=Currently scanning:
      stActiveScan3=Current object:
      stActiveScan2=File System
      bSelDir=..
      lUpdateInfo0=Please, get {APPNAME} updates from the Internet automatically. To ensure the maximum antivirus protection it is important to keep virus database on your PC up-to-date.
      lUpdateHeader=Software update
      GroupBox1= Settings   
      cbUpdate1=Update upon next system start
      cbUpdate2=Update immediately
      cbUpdate3=Require confirmation
      GroupBox2= Database information   
      stUpdate1=Database version:
      stUpdate2=Virus signatures:
      cbUpdate4=Restart immediately
      cbUpdate5=Complete at next system start
      bUpdateSave=Save settings
      bUpdateCheck=Check for updates
      lSettingsHeader=Settings
      lSettingsInfo0=You can customize Your preferences here.
      LSettingsInfo1=Changes on this settings will take effect after system restart 
      GroupBox5= Threats Warning 
      cbSettings1=Enable
      GroupBox6= Additional 
      cbSettings2=Start with Windows startup
      cbSettings3=Disable scheduled scans while running on battery power
      bSettingsSave=Save settings
      GroupBox3= Compatibility 
      cbSettings4=Compatibility with self-defense applications 
      Button1=start
      Button2=stop
      Button3=blcat
      ShowGui=Show {APPNAME} main window
      Activatenow1=Activate now
      Update1=Update
      Options1=Settings
      Help1=Help
      Contactcustomsupport1=Contact Customer Support
      N2=Close
      [BrowserDlg]
      formCaption={APPNAME} Activation 
      WebBrowser=TWebBrowser
      [CancelScan]
      formCaption={APPNAME} – System scan not completed
      lInfo=You have not completed Your system analysis. {APPNAME} has detected threats in Your system during the scan. You need to complete System scan and eliminate threats it finds. 
      bContinue=Continue scan
      bRemindLater=Remind Later
      [RegistrationWindow]
      formCaption={APPNAME} activation
      lHeader=Activate {APPNAME} 
      lHeader2=Make Your PC free from all kinds of threats
      lInfo1=Award-winning scan technology
      lInfo2=Free updates without limitations
      lInfo3=User-friendly complete GUI
      lInfo4=24 h / 7 d full support
      lInfo5=Full moneyback guarantee 
      lInfo0=Please, click ìActivate nowî button to proceed with secure purchase of the license for {APPNAME}. As soon as you end activation youíll receive:
      lHeader3=Activation is highly recommended:
      lHeader4=Registration key:
      lHeader6=Visit our website if any problems occur
      bConfirmActivation=Confirm Activation
      bActivateLater=Activate Later
      bActivateNow=Activate Now
      [AfterScan]
      formCaption={APPNAME}
      lHeader=Warning!
      lHeader2=Infections on your PC can cause:
      lInfo1=Applications wonít start
      lInfo2=Unwanted advertising displaying
      lInfo3=Loss of Internet communication
      lInfo4=Lost documents and settings
      lInfo5=Important files have disappeared from Your computer
      lInfo6=You need registered version of {APPNAME} to remove these infections.%NEWLINE%Click ìRemove threatsî to activate protection and eliminate these security hazards.
      lContinueUnprotected=Continue unprotected
      lvFoundItems=0=Threat Name,1=Type,2=Level,3=Description,
      bRegisterNow=Remove Threats
      [RESOURCESTR]
      0=Firewall protection
      1=Antivirus protection
      2=Spyware protection
      3=Scheduled scans
      4=Automatic updates
      5=RAM protection
      6={cnt} infected objects found, {cnt_removed} removed
      7=Your system is infected! {cnt} dangerous objects have been found during last system scan. It is strongly recommended to remove them immediately.
      8=Donít leave! You may have potentially harmful threats%NEWLINE%on Your computer. Please, register Your copy of product%NEWLINE%and get up-to-date protection against latest spyware.
      9=This functional is disabled in the unregistered version.%NEWLINE%To use all the features of the product, You must register now.
      10=Are you sure? Without activation Your PC will not be protected against intruders.
      11=Are you sure? Your PC will not be protected against intruders
      12=Congratulation!%NEWLINE%{APPNAME} completed elimination for dangerous objects from Your computer.
      13={APPNAME} Update
      14=Virus database is up-to-date
      15=Memory / Processes
      16=Registration key is invalid
      17=File system
      18=Now Your system under full protection
      19=Show Your order details
      20=Your computer might be at risk
      21=- {APPNAME} is turned off%NEWLINE%Click this baloon to fix this problem.
      22={THREAT} threat has been detected. This threat module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click button below to locate and remove this threat now.
      23=Start
      24=Pause
      25=Warning! Removed attack detected!
      26={APPNAME} has detected that somebody is trying to stole Your private data remotely via Trojan.Win32.Generic!BT.%NEWLINE%Transfer for Your private data via internet will start in: {SECOND}%NEWLINE%We strongly recommend You to block attack immediately.
      27=System Security Pack 2010.78.932 ({APPNAME} Upgrade; KB{KB})
      [SecCenter]
      formCaption={APPNAME} Protection Center
      lRes1=Get latest security information
      lRes2=Check for latest updates
      lRes3=Get support for security-related issue
      lRes4=Get help about security center
      lRes5=Change they way Security Center alerts me
      Label1=What’s new in System to help protect my computer?
      Label2=Click “Activate Now” button for suggested actions You can take.
      Label3=Internet Options
      Label4=Windows Firewall
      Label5=Automatic Updates
      Label6=Protection Center helps You manage your PC security settings. To help protect Your computer, make sure the all security essentials are marked ON. If the settings are not ON, follow the recommendations.
      lVirusProtectionInfo={APPNAME} reports  that it is not activated.%NEWLINE%Antivirus software helps protect your computer against viruses and other security thearts.
      lVirusProtectionInfo2=We strongly recommend to activate {APPNAME} and get full protection.
      Button1=Activate Now
      OpenProtectionCenter1=Open Protection Center
      ActivateProtection1=Activate Protection
      [StartUp_v2]
      formCaption={APPNAME}
      lHeader=Warning!
      lInfo={APPNAME} has detected {cnt} infected objects on your computer during the last system scan.%NEWLINE%The threats found on your computer are very likely to create further problems if not fixed immediately, such as:
      lInfo1=System slowdown, crashes and freeze
      lInfo2=Hackers can steal your Credit Card details
      lInfo3=Your local and online passwords can be stolen
      lInfo4=Slow web pages loading and attacks from outside
      lInfo5=Privacy violations during Web surfing
      lInfo6=You need registered version of {APPNAME} to remove these infections.%NEWLINE%Click ìRemove Nowî to activate protection and eliminate these security hazards.
      lContinueUnprotected=continue unprotected
      lInfo7=Infecting other computers on your network
      bRegisterNow=Remove Now
      [InstallNow]
      formCaption=Automatic Updates
      Label1=System Security Pack Upgrade
      Label2=Update
      Label3=Details
      Button1=Remind Later
      Button2=Install
      lvUpdItems=0=,
      reUpdDetails=TRichEdit

      [ThankYouPage]
      formCaption={APPNAME}
      lHeader={APPNAME} has been successfully activated!
      bContinue=OK
      mInfo=Thanks for purchasing and registration {APPNAME}.%NEWLINE%%NEWLINE%All the neccessary information will be send to Your email. %NEWLINE%Please, SAVE them into secure location in case you need to reinstall the software.%NEWLINE%Feel free to contact Customer Support Service if You have any questions.%NEWLINE%%NEWLINE%Useful advices from {APPNAME} Team:%NEWLINE%%NEWLINE%- Scan your computer once ot twice a day and remove all the viruses and security threats.%NEWLINE%- Maximal protection of your computer is enabled ONLY if You turn ON all the Security Status services.%NEWLINE%- Do not use {APPNAME} together with other antivirus softwares.%NEWLINE%  It may result some software conflicts between them.%NEWLINE%- If you have any question, please, contact Customer Support Service.%NEWLINE%%NEWLINE%Please, press “OK” button and wait while {APPNAME} will eliminate threats. Please, be patient.%NEWLINE%

      [UpdateReminder]
      formCaption={APPNAME} Critical Update Notification
      lHeader=Warning!
      lInfo1=Use database version: {db_old}
      lHeader2=The {APPNAME} database is out of date
      lInfo2=New version available database: {db_new}
      lInfo3=Automatic {APPNAME} updates are necessary to protect your computer against viruses, spyware and known system vulnerabilities.
      lInfo4=Malicious software is detected on your PC!
      bUpdateNow=Update Now
      bLater=Remind Me Later
      [ActivateReminder]
      formCaption={APPNAME}
      lHeader=Your still haven’t activated {APPNAME}
      lInfo1=Choose as option:
      lInfo6=If you havenít done this yet we advise you to do it as soon as possible.
      bRegisterNow=OK
      rbActivation=Activate the product
      rbLater=Remind me later
      [AttackDetected]
      formCaption={APPNAME} – Hacker attack detected
      lInfo=Your computer is subjected to hacker attack. {APPNAME} has detected that somebody is trying to transfer Your private data via internet. We strongly recommend you to block attack immediately.
      bContinue=Register and prevent theft
      bRemindLater=No, thanks
      [FirewallWarning]
      formCaption=Firewall file transfer detected
      lHeader=Warning!
      lHeader2=Hidden file transfer to remote host was detected
      lInfo1={APPNAME}  has detected that somebody is trying to transfer Your private data via internet. We strongly recommend you to block attack immediately.
      bUpdateNow=Block attack
      bLater=Allow
      GroupBox1= Details of the attack
      Label1=Remote host transfer IP:
      Label2=Remote user computer name:
      Label3=User:
      Label4=IP-address:
      [ThreatDetectWarning]
      formCaption=Warning! Threat detected!
      lHeader=Warning!
      lHeader2=Threat module detected on your PC!
      lInfo={THREAT} threat has been detected. This threat module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click button below to locate and remove this threat now.
      lContinueUnprotected=You are using a trial version.
      lRecomPurchase=It is recommended to purchase a commercial version.
      bRemoveThreat=Remove Threat
      bLater=Ignore
      GroupBox1= Details
      Label1=Threat name:
      Label2=Infected files:
      Label3=Alert level:
      Label4=Suggestion:
      lSuggestion=It is highly recommended to remove this threat from your PC
      lAlertLevel=High
      lThreatName=Zlob.Porn.Ad
      lInfectedFile=1
      [NetworkIntrusion]
      formCaption=Network intrusion detected!
      lHeader=Warning! Network attack detected!
      lInfo=Process is trying to steal your passwords listed below. It is highly recommended to block this threat now.
      lInfo1=Your computer is being attacked from a remote PC.
      lInfo2=Attack from:
      lRemoteIP=145.7.151.43:34630
      lContinueUnprotected=continue unprotected
      Label1=You are using a trial version.
      lRecomPurchase=It is recommended to purchase a commercial version.
      lvFoundItems=0=Login,1=Password,2=Website URL,
      bRegisterNow=Prevent Identity Theft
      [BlockAttack]
      formCaption=Protection Center Alert
      lHeader=To help protect your computer, {APPNAME} has blocked some features of this program
      lInfo={APPNAME} has detected unauthorized activity, but unfortunately trial version cannot remove viruses, keyloggers and other treats. Your personal data under serious risk. It is strongly recommended to register Your copy of {APPNAME} and prevent intrusion for future.
      lInfo0=Do You want to block this suspicious software?
      Label1=Name:
      lThreatName=Trojan.Win32.Autoit.agg
      Label3=Alert level:
      lAlertLevel=High
      Label4=Description:
      lDescription=It is highly recommended to remove this threat from your PC
      bUnblock=Unblock
      bLater=Ignore
      bRemoveThreat=Remove Threat
      [StartUp_v2_1]
      formCaption={APPNAME}
      lHeader=Warning!
      lInfo={APPNAME} has detected {cnt} infected objects on your computer during the last system scan. The threats found on your computer are very likely to create further problems if not fixed immediately, such as:
      lInfo1=System slowdown and crash
      lInfo2=Hackers can steal your Credit Card details
      lInfo3=Your local and online password stolen
      lInfo4=Slow web pages loading and browser crashes
      lInfo5=Privacy violations during Web surfing
      lInfo6=You need registered version of {APPNAME} to remove these infections. Click ìRegister Nowî to activate protection and eliminate these security hazards.
      lContinueUnprotected=continue unprotected
      lInfo7=Infecting other computers on your network
      bRegisterNow=Remove

    • #35969
      putosusio
      Participant

      MaXe:

      I do have wireshark and know how to follow the tcp stream. That’s what I was thinking about doing.  I haven’t used Snort before, but do know about it.  Learning a new tool is always a good thing anyway. I’m planning on disconnecting my modem and seeing where the malware is trying to call home to.

      However, that won’t tell me where this thing is on my system.  I make it a habit to delete my temporary internet files and scan any of my pcs regularly.

      The good thing about this is that its only a test system.  The bad news is that I only went on “legitimate” websites; to get updates and such.  I didn’t even go on social networking websites.

      ziggy_567:

      I don’t have spybot on that server, I do have Malwarebytes though. I don’t know if Malwarebytes does the blacklisting thing that Spybot does. A good point nonetheless.

    • #35176
      putosusio
      Participant

      make it easy, create and account for your roomate with no privledges.

    • #33588
      putosusio
      Participant

      Unfortunately, I may need to this soon.

      Curse you chinese hackers … well thank you in a sort of twisted way.  At least the malware is on a test system.

Viewing 14 reply threads

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?