What is your firewall log telling you - responses
Responses to our earlier diary entries regarding firewall log parsing (story1 and story2) have been trickling in.
Reader Matthias has some small awk/shell scripts for parsing iptables log files that he shared here: http://sister-shadow.de/hotlink/isc/log-scripts.tar.gz
And reader Christian recommends using Prelude LML (log monitor lackey): http://www.prelude-technologies.com/en/welcome/index.html
Update #1: An anonymous reader also suggests http://www.loganalysis.org/ .
-Kyle Haugsness
False scare email proclaiming North Korea nuclear launch against Japan
Reader Jim informed us about a scare email tactic that is trying to entice users to open a malicious zip file. The email looks very well done and is supposedly written by the US Department of National Intelligence. The email basically warns that North Korea has launched a missile at Japan (Okinawa) and that severe destruction has been reported. At the end of a massive list of US agencies, there is a link to a report.zip file with an executable that doesn't seem to have much virus coverage at the moment. Only Symantec is identifying it as Suspicious.Insight. Here is another forum discussing this activity today: http://forums.malwarebytes.org/index.php?showtopic=42360.
It is a shame that Global Thermonuclear War is being used to drop lame viruses.
-Kyle Haugsness
Javascript obfuscators used in the wild
I have been doing some research on Javascript obfuscators. Various handlers have done stories in the past on how to reverse engineer obfuscated javascript that does evil things. But I would be interested in hearing what kind of obfuscators people have been finding being used in the wild. Are you able to identify the obfuscator just by looking at it? What are the hardest off-the-shelf obfuscators to reverse-engineer? I will collect responses and post them throughout the day (unless you wish the information to remain private).
-Kyle Haugsness
Unpatched Opera 10.50 and below code execution vulnerability
Several mailing lists and readers (Juha-Matti) are reporting publicly available exploits for Opera 10.50 for Windows and below. There actually seems to be at least two different vulnerabilities, both unpatched at this time. One of them seems to be a DoS resulting in a browser crash, but the other looks like it will allow full code execution. The vulnerability finders seem to indicate that these issues are known to exist in previous versions of the Opera also. These are fairly serious and until Opera patches them, you may be well advised to stop using them for the time being.
http://secunia.com/advisories/38820/
http://www.vupen.com/english/advisories/2010/0529
-Kyle Haugsness
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago