Day by day…

Server Windows 2008 Remote Desktop Services have a grace period of 90 days from installation till day it lock access to users. Suddenly, there is no big red screen with countdown, or even small announce in Server Manager about expiration date. It somehow hidden, so eventually expiration date is usually not expected Now – Your business is down.

How You can connect locked Server? Run RDP client in Admin mode: mstsc /admin – to connect to locked server. Here You can configure licensing and add licenses.

By the way – You can see Days left by few ways:

1. in CMD (Run as Administrator) – paste and run:

wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TerminalServiceSetting WHERE (__CLASS !=”") CALL GetGracePeriodDays

From Here – thx Ovi Borrero

2. Or You can use PowerShell script or VB to have this info – see MSDN

 

If You see in Facebook update:

[Video] – Justin Bieber STABBED By CRAZED Fan Outside N.Y.C. NightClub!

You should know – You’ve been hacked.

What to do?

1. Remove this status or update or whatever from Your list.

2. Check You have installed and updated AV software. If not – install and update it.

3. Change password to Your FB account.

4. Monitor Your pc, if problem returns – contact Your Tech person.

Domain that traffic transferred is [do not click - dangerous!] hxxp://bvzxhgdsf.blogspot.co.nz/

And source file is full of obfuscated js ):)

Will look at it later!

 

Recently, I’d faced few interesting things about malware blacklists for common browsers:
1. It usually covered by name of big AV company.
2. It sometimes not updated directly from big AV company in 1
3. It responsibility of an website owner to remove it from those blacklists
4. It somehow became a proof and excuse for others to not to recheck they blacklisting – mean even if website is clean, it easier to point to some other blacklist like: “It’s bad, they blocking it too” instead of recheck the website.
Anyway, I kinda accept the point number 3, but should the owner take all run around the AV vendors to beg each one of them recheck the site and hear “others blocking it, so we are too”?
FYI:
Firefox & Chrome – Malware blocking by http://www.stopbadware.org/
Opera – Malware blocking by Sophos via Yandex.
IE uses SmartScreen technology by MS

Today I got a lot of bad mood, so I’ll talk about been professional in what You do. Especially in security market – trust is everything, reputation worth money… But not in here:)
We have no commercial AV of our own, so our market represented by the following companies (according to Zap.co.il):
Eset NOD32

Kaspersky Lab

TrendMicro

AVG

DrWeb

The other players have only customised page or no localised page at all.

Symantec , McAfee, Panda, CA E-Trust

As You may see – at least 5 players have local representatives. But If You talk about quality of them….

1. NONE of them have valid HTTPS version for their website. No, let’s put it this way – none of them have HTTPS correctly implemented for their website. For each of them SSL cert is wrongly installed, for different domain(ESET\DrWeb\AVG) or missed at all (KAV). TrendMicro is completely down, so both HTTP and HTTPS is not working.

2. KAV  website, looks like parental website – red&green gamma, but lot of links lead to 404, last update at 2009 (?) at least according to footer, no SSL at all, Kaspersky Club lead to 2 Youtube links, one of them is dead.

2. DrWeb website – looks nice, but since it only 2 years old  – almost empty content.

3. TrendMicro website is off. Link from Global site lead to non-existent server.

4. AVG is doing really nice job, website is represent all content localised, no complains so far

5. Eset NOD32 is IMHO the best localised website. All services, knowledgeable in Hebrew, working FB community.. Fix SSL and everything is OK

Have a nice day, all.

upd1: Got feedback from Eset Israel. Reason  SSL\HTTPS not implemented is because no user interaction required, all buy\sell features redirected to company local site comsecure.co.il   Thx to Gil!

Since Mac appear to be not immortal, and highly vulnerable to more and more threats, and in Apple Store only ESET AV listed for today,

here is updated list of Antivirus software, available for Mac OS

Eset Cybersecurity – offsite

McAfee Internet Security for Mac – offsite

F-Secure for Mac – offsite

DrWeb for Mac – offsite

BTW – I am not profiting from links, as some wiseass posted in comments Check Yourself.

 

Actually, You have to be a bit technical to take a steps to check Your MacOS for resent major infection of BackDoor.Flashback or also known as FlashBack trojan.

Best way is to follow recommendation from F-Secure for how to detect and remove it from  Your Mac.

But in case you not a technical person, You can start with script that Michael Hertzberg  (thx for this!) posted on Mashable.com -

“Go to Applications > Utilities > Terminal
Paste this in:

cat ~/Library/LaunchAgents/* > /tmp/.hi && cat /Library/LaunchAgents/* >> /tmp/.hi && cat /tmp/.hi | grep -E ‘zeo|mkeeper’ | wc -l && rm -rf /tmp/.hi

If it replies back with “1″ then you’re infected. If it replies back with “0″ then you aren’t infected.”

Basically, what this set of commands do, it check both user and global directories LaunchAgents for all files, paste it content in file /tmp/.hi and then search this file for keywords that refer to virus presence – in this case zeo & mkeeper.

Will check myself tomorrow at client’s machines, but for all those who looking to be sure – have Yourself checked + install AV for your Mac, even “there is no viruses for Mac” )

upd: Free removal tool from DrWeb in iTunes Appstore – http://itunes.apple.com/us/app/dr.web-light/id471859438?mt=12

Mako reports [HEB] about new way thieves use to get a copy of a key for locker. Some citizen reported that he found something strange above his lock one evening. As You may see in picture atteched – it’s small webcam.

It purpose – make a picture of a key during it entrance to lock. Then it allow creating a exact copy of a key. According to Israel Police, there are few more cases that connected with using this device for breaking-in-to private houses and facilities.

Well, it was matter of time when thieves figure out that dealextreme exists and stuff it sale can be used. Here we are

Ha! Long time no see. Reading good book, testing some new skills, kinda busy with real life + big holidays coming – need to be prepared.
Anyway, recently few news and posts crossed my way of surf, regarding email hack industry.
Celebrity mail hacker was prisoned, Dancho Danchev released part two of his article “Email hacking for hire going mainstream” and so on. So, i decided to share my experience in this matter.

Actually, email hacking was there “as a service” for a long time ago. Since late 199x it was available for those who were able to pay. Since then Hotmail became much more secure, Yahoo patched many XSS and Gmail eventually appears on the market, but mail hacking is still there.
Read more…

This is definitely Must Read book for anyone who begin in malicious code analysis, even for fun or profit (or both, You lucky bastards!)
Anyway, grab all Your failures and collection of executables, open the book and start to understand the stuff You messing with.
Even no need in short-lines, book 100% handy. Buy it, worth each $.

Last week many security pros were talking about taking down “RDPdoor” & “Carberp” gang in Moscow and Sankt-Petersburg. 8 men were arrested as part of operation.
After euphoria of few days, its became obvious, that “Carberp” toolkit still available on the market for next gang to take place on the top. As far as I understand from press-release of MVD of Russia and few comments of participants, those who were arrested – are successful customers of software known as “Carberp trojan”, which can be shipped within different methods and even attached to another exploit-kits.
According to Eset researcher Robert Lipovsky Carberp is most sophisticated bank trojan of current time with 9000$ price per kit.
One thing remain unexplained – is there a chance to get trojan author? And are there any legal concern in creating a malicious software, no matter what purpose it used for? Because if today You can nab author\s of Carberp, same way You can tomorrow arrest author of BackTrack, reaver, aircrack-ng, Metasploit etc. No?
Anyway, at least 2 places still publish option to buy Carberp toolkit. Both places have guarantee system, based on reputation of people who approve the trustworthy of proposals, and both proposals approved by hi-rank members with reputation.