-
Social engineering malware – part deux
Some time ago I written about that that information given by the UAC prompt in Windows (Vista and 7) is insufficient to make the correct decision, even if we would suppose (ad absurdum) that the user knew what s/he was doing. Symantec has a research project which can be used to replace the standard UAC…
-
No codec packs please!
A recent posting by fellow blogger Claus reminded me of a frequent problem I see on computers I’m called to for “fixing”: codec packs (like K-Lite, CCCP, etc). They are usually installed so that the computer can play back all the video formats which can be found out there. All fine and dandy, right? Wrong!…
-
Bypassing SRP from PowerShell
When discussing with a reader of mine, I mentioned that the same method (patching the local process) should be possible using PowerShell. And here is the code: ######################################################### # This is a general purpose routine that I put into a file called # LibraryCodeGen.msh and then dot-source when I need it. ######################################################### function Compile-Csharp ([string]…
-
What can a malicious program do under a limited account with Windows 7?
The scope of this post is to demonstrate what a malicious program can do under Windows 7 (the newest and presumably most secure version of MS Windows) with a Guest account (the most limited one from a capability point of view). The “malware” in the video below demonstrates that a program run by the user…
-
Removing features is the best defense
When I’ve read the news that Microsoft is disabling Autorun for removable media other than CD/DVD in Windows 7 (and maybe HD-DVD/BlueRay) I said: cool! This will slow down the spreading of malware using this feature (on a very long timeframe of course, because Windows 7 isn’t even final yet – and far away from…
-
Using Procmon for finding malware
The scenario is: you know you are infected, because you’ve identified a process associate with a malware, but you can’t figure out how that given process is getting launched. A variation of this is: you kill the process, remove the executable but it reappears after a given amount of time / after reboot / etc.…
-
Social engineering for malware – a bright future
Some time ago I wrote a post in which I pondered the deficiencies of the “executable file” definition and the implications for whitelisting products. The problem is that “data” files can also result in actions being taken (and we don’t even need arbitrary code execution type of vulnerabilities for that). The particular example given the…
-
An other reason for having command line
Because you can easily follow along with tutorial / trouble shooting guidelines / other documentations. Check out the difference between these two tutorials: Improving TS Gateway availability using NLB Installing the webhoneypot on OpenWrt In the first you have to orient yourself after some screenshots. If an error message comes up, it is much less…
-
Quick tips for installing PHP + IIS7 under Windows 7
If you are trying to install PHP under the default configuration of IIS7 with Windows 7 (and presumably Vista & Server 2008, but I observed it under Win7), you might run into problems (for example getting “Service Unavailable” errors). Here is how I managed to fix them: First, make sure that you’ve installed all the…
-
Spot the flaws in the Windows 7 UI
I’ve been playing around with the Windows 7 beta for a couple of days now, and it feels painful! Regardless of what Leo Laporte says, it is very much a beta. And even the recent beta releases of Ubuntu are better than this. Below you can see a screenshot in which I tried to exemplify…