Advanced Malware Cleaning with Mark Russinovich

Mark Russinovich has been one of my life heroes since first finding out about his SysInternals tools and the work he does. I make it one of my best efforts to follow his blog, read his Windows Internals book series and read content by him – Not because I have a homo-erotic obsession with the man, but because the tools he produces and his knowledge of the Windows Kernel is truly amazing and it’s no wonder why Microsoft bought his company of the day not to be able to absorb the company but to be able to absorb the man himself.

Paul Thurrott posted a link on his blog to a video from a Windows Spotlight session recorded by Mark about Advanced Malware Cleaning. I have never seen this video before I must confess. I have now since watched the video and it’s an excellent resource and even showed an old diagnosis dog like myself a few tricks, however a lot of the steps in the document are not for the faint hearted: Interupting the Windows Kernel and Reloading the Kernel from Disk to unload malware in memory.

You can get to the video at http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359. While on the site, I highly recommend anyone of a security disposition watches the related video over on the right by Marcus Murray entitled Knowing the Enemy – A Lightening Demonstration on How Hackers Attack Networks.

In less than 20mins, he demonstrates how to create a trojan horse using applications you can freely download from the Internet, how to hide that trojan inside a legitimate application like Word or PowerPoint and then once you have the trojan running, how you can use that trojan to attack an entire network and collect the passwords for every user in a domain.

Fix Up Look Sharp

My brother posted on his Tumblr blog yesterday about getting credibility for his work which spurred me to take a look at my own neglected blog.

As a result, I’ve changed a few things today, and they are really minor changes but every little helps:

  • Increased the number of Twitter tweets displayed from three to four.
  • Made a change to the CSS bullet item so that tweets no longer display this – Previously the bullet was displayed, however it was behind the text due to the reduced padding on the left of the Twitter type.
  • Corrected the XAML for the Silverlight headings on the sidebar so that they have the correct background and foreground colours.
  • Updated the copyright notice at the bottom of the site to include 2010.
  • Updated a lot of the plugins used on the site to the latest versions.

I’m now looking to upgrade WordPress itself from the old version I am currently on to the latest version to stay with the times, however I will need to test this first to make sure it doesn’t break my custom theme or anything of the sort.

I’m also trying to look for a plugin which modifies the way my images are shown.

I already have a JavaScript / AJAX plugin which uses the Lightbox controls for displaying the larger images which works nicely, however a lot of the images I post a screenshots and are shown as inline thumbnails which I think would serve quite well in a gallery type display which is often the way a site I read called Engadget post their pictures. This would clean up the appearance of the type itself and leave the images until later. This is still a thought in progress though so nothing may come of it.

The biggest problem for me is compatibility. WordPress features a default gallery object which I tested this morning and it looks and performs how I would like it to and it interacts with the Lightbox plugin too, however Windows Live Writer which is my blogging software of choice doesn’t seem to support this embedded photo gallery, so unless I can find a way around that, it’s not a viable option.

Windows Phone 7 Series

Mobile World Congress this week in Barcelona saw the unveiling of Windows Phone 7 Series, or Windows Mobile 7 as a lot of people with undoubtedly refer to it as, Microsoft’s latest browser OS.

This is something that the blogosphere and tech communities have both been waiting for, for a long time, hearing about for a long time, rumouring about for a long time and holding breath for too.

windowsphone-everything-top-1[1]

Windows Mobile 6.x was always about business productivity. Windows Mobile 6.5.x tried to bring Windows Mobile to the consumer and user centric markets, however was met with a lot of critique (not from me by any means).

Looking to capitalize on the success of Windows 7 and hoping 7 was their lucky number, Microsoft have announced Windows Phone 7 Series, which looks set to change all of that with a totally re-written from nothing to something (awesome) mobile operating system and not just a refresh like previous versions.

Read the Full Post

Windows Home Server Backup: Wife Approval and the Potential

Last night I spent about two hours working on Nicky’s laptop which she had somehow managed to get infected with a virus or multiple viruses should I say.

I tried loads of things to correct the wake of problems caused by it, however I was having a hard time so I contemplated using my investment in Windows Home Server and flexing it’s Recovery CD for fighting crime (or virus).

I didn’t have to run the backup in the end as I managed to fix the problem, but the point needs to be addressed of just how wife friendly Windows Home Server actually is, and let’s face it: If your a geek / tech-head with any interest in things like Home Servers, Media Centres and the like you know that it has to be wife friendly or you will never get budgetary approval 🙂

Read the Full Post

Windows 7 Laptop Battery Issues

Due to a growing amount of chatter on blog sites and the like, Steve Sinofsky, President of the Windows and Windows Live divisions at Microsoft – Head of Windows 7 has posted on the Engineering Windows 7 Blog about the problems.

http://blogs.msdn.com/e7/archive/2010/02/08/windows-7-battery-notification-messages.aspx

Having been a user of Windows 7 since Build 7000 – The first Beta, I have had no such problems with the batteries as a result of Windows 7, but as a result of the batteries themselves.

I use a Dell Latitude D630 which is about 18 months old now. From new, I could get about  five hours usable battery life from my extended life 9-Cell Dell battery, however over time (While running XP and Vista) this degraded to about three hours as is to be expected when the laptop is connected to a docking station for the majority of the day. The battery continued to worsen and it got down to about two hours before Build 7000 became available.

Read the Full Post

Nextgenhacker101 Is the Best

I got sent a link to a Microsoft Blog yesterday by a friend who had posted a link to a funny YouTube video. The blog posting is at http://blogs.msdn.com/larryosterman/archive/2010/01/29/nextgenhacker101-owes-me-a-new-monitor.aspx but I’ll also just link directly to the video below:

This script kiddie (if we can call him that) is so ‘leet that he’s managed to discover a way to monitor who is viewing Google or any other website at a given moment in time: Unless that is, you have an internet connection faster than him else all he see’s is * and Request Timed Out.

Thank you for making my Monday afternoon Nextgenhacker101. For more classics you can also check his Channel on YouTube at http://www.youtube.com/user/NextGenHacker101

 

Redirecting Non-HTTPS Traffic to HTTPS for SharePoint 2007

Like any sensible SharePoint 2007 deployment, I’m keeping the one I am working on currently currently strictly HTTPS (SSL). The reason for this is that we have opened up the SharePoint deployment to the web. Not a public facing web with anonymous access for internet users, but accessible without VPN on the web for our field employees to use.

One of the problems I have faced up until now is that when SharePoint is configured for HTTPS connections the Non-HTTPS connections are dropped and faced with a 404 Not Found error, the least helpful of all HTTP error codes.

Struggling for a solution to such a simple request –Redirect non-secured traffic to the secure protocol I searched online and found after a little digging this helpful article from a SharePoint blog at http://www.os.com/blog/capture-and-redirect-http-to-https-with-sharepoint-2007/. Here’s the crux of it:

  1. Configure the SharePoint AAM (Alternate Address Mapping) so that HTTPS is the default protocol for the public URL.
  2. Edit the IIS Site for SharePoint and either change the HTTP port to a random number, or do as I did and delete the binding for the HTTP port.
  3. Create a New IIS Site called SharePoint Redirect
  4. Assign the New Site to HTTP on Port 80
  5. Add a Host Header to the New Site Matching the URL of the Site (Eg. sharepoint.company.com)
  6. Using HTTP Redirects, Create a Permanent (HTTP 301) to the HTTPS URL of the SharePoint deployment.

Done

PS: Don’t forget to allow HTTP and HTTPS through the external firewall though otherwise users will never hit the redirect rule.