This is a follow up from a question from a reader of the previous post. Paraphrased it was, can websites become malicious at any time? Should we scan websites that we go to frequently or just new ones? That is an excellent question. So good that I figured I would follow up on the last post.
The short answer is yes. I would scan sites semi regular, even ones you go to all of the time. I would especially recommend this for sites that involve financial transactions. I am including some links here to some stories where well known sites have been found to distribute malicious content. This isn't necessarily them doing it, more of the fact that people target these sites in attempt to infect more people.
Another thing that can be helpful is to make sure you are doing your Microsoft Updates. Move to the IE 8 Web browser (should get this from Microsoft Updates), if not you can go to microsoft.com and download it. To know if you are running IE 8; open the browser, go to the Help menu, then about Internet Explorer. Alternatively you can use Firefox as well. Remember to keep that updated as well.
Finally you can go so far as to run your browser in a virtual machine or with a program such as sandboxie. Sandboxie keeps the browser session you are running in a protected memory space. This isn't a silver bullet, just another arrow for the quiver.
CNN Malware
When malware strikes via bad ads on good sites
Malware Delivered by Yahoo, Fox, Google ads
Relax, the Internet isn't all bad stuff. Here is a palette cleanser for you to show you that:
Surprised Kitty
Charlie Bit Me!
Friday, April 30, 2010
Thursday, April 29, 2010
Is that site malicious?
I know I promised my next article would be how to create a malware lab with VMWare. I had to side step for a moment for an idea that came to me from one of my avid readers (Thanks Sara! :))
Some who read my blog don't know a whole bunch about security or possibly computers in general. They have come to enjoy the things that the Internet and systems can do for them. This is great! I encourage all to see what can be done to learn and do things on the computer. This does raise some issues though.
With all of the good stuff on the web, there is also a bunch of bad stuff. I get the question a lot of how to know if a site is legit. This is not completely clear cut, but I wanted to share some links with everyone so they can do some testing of the sites before going or returning.
I will start with some links I use to check sites:
AVG Link Scanner
Finjan URL Analysis
Norton Safe Web
Malware Domain List
I normally run a URL through those to see if the sight may or may not be malicious. This isn't all I do, but the rest is a little difficult without more advanced understanding of web site code. I would like to say that this isn't a guarantee either. It is just another thing to do to check. If you ever need a site analyzed and you want to know my opinion, just email me at cshaffer(remove this and change at to @)atgmail.com. I would be more than happy to check it out for you.
There are other sites where you can check the validity as well. Here is my final link with links from above and more in case you want to really check.
Lenny Zeltser: Fighting Malicious Software
Enjoy and please reach out if you have any questions. Next post will be how to build a malware analysis lab with VMWare....I promise :)
Some who read my blog don't know a whole bunch about security or possibly computers in general. They have come to enjoy the things that the Internet and systems can do for them. This is great! I encourage all to see what can be done to learn and do things on the computer. This does raise some issues though.
With all of the good stuff on the web, there is also a bunch of bad stuff. I get the question a lot of how to know if a site is legit. This is not completely clear cut, but I wanted to share some links with everyone so they can do some testing of the sites before going or returning.
I will start with some links I use to check sites:
AVG Link Scanner
Finjan URL Analysis
Norton Safe Web
Malware Domain List
I normally run a URL through those to see if the sight may or may not be malicious. This isn't all I do, but the rest is a little difficult without more advanced understanding of web site code. I would like to say that this isn't a guarantee either. It is just another thing to do to check. If you ever need a site analyzed and you want to know my opinion, just email me at cshaffer(remove this and change at to @)atgmail.com. I would be more than happy to check it out for you.
There are other sites where you can check the validity as well. Here is my final link with links from above and more in case you want to really check.
Lenny Zeltser: Fighting Malicious Software
Enjoy and please reach out if you have any questions. Next post will be how to build a malware analysis lab with VMWare....I promise :)
Tuesday, April 20, 2010
niaga emit gnol a neeb s'tI
What is that gibberish? It says, It's been a long time again, but reversed. Why reversed? Well to make it short, I have been submersed in reverse engineering the past few weeks. I do a good bit of this at work and it has become my focal point in security these days. I really enjoy it. I wanted to post this because I wanted to provide some beginner steps to anyone that wants to go down this road.
One of the first things I think everyone asks is "yeah but I hate programming, do I need to learn how to program?". I think it is important to understand programming concepts very strongly. Do I think you need to be able to write out a full object oriented application for the masses? No, but you should know solid programming structures such as variables, loops and functions. Now the more you know about programming, I think the easier it will be. I think one also has to have a pretty decent knowledge of Assembly Language programming. Again, you don't need to be writing applications that are enterprise worthy, but knowing how the stack and heap work, knowing push and pop, and the registers such as EAX, EBX etc. Also knowing the comparison functions such as XOR and some of the jump statements such as JMP, JNZ etc.
Your probably saying "I thought you said I don't have to learn programming!". OK, you may need to spend some time getting familar. I would recommend Assembly Language Step-by-step by Jeff Duntemann. I know it's an older book, but to be honest with the exception of 64 bit addressing (which is a big change) there isn't much more new in Assembly. Depending on your higher level programming skills, you may want to grab something like Algorithms in C++ Parts 1-4: Fundamentals, Data Structure, Sorting, Searching.
Next I want to preface what I am about to say with a warning. My giving these links is not in any way shape or form condoning what one does with the information. I'm just saying there are many options available to really learn reversing. Some use it for evil, while others use it for good.
With that out of the way, the best way to learn how to reverse is to, well, reverse stuff :). There are a lot of collections of files out there, that are not bound by copyright, called crackmes. These are little applications that people who know and enjoy reversing provide for others to learn. They are small snippets of applications, normally built by the creator of the crackme tutorial, used to show by example. Starting here is probably not a bad thing. Find as many as you can, trying to follow the tutorials less and less as you go on. Then you might move on to finding sites that have samples of found and known malware. Be careful here, you need to make sure you have an isolated machine when playing with malware. Reversing malware can lead to infection. I personally use VMWare on my Mac and it works great because I can revert back to a clean state after every sample. In my next post, I will give some simple instructions on how to build an analysis machine using VMWare.
I am leaving you with some links to some of the things I mentioned. Remember, I do not condone or hold responsibility for what you do with this information. I can only hope you are going to use it for good.
Binary Auditing Free Training
Reverse Engineering Community Forum
ARTeam crackme examples and tutorials
SANS Reverse Engineering Course
You can also search for crackme tutorials, reverse engineering, or reverse engineering malware on youtube or securitytube
Enjoy!
One of the first things I think everyone asks is "yeah but I hate programming, do I need to learn how to program?". I think it is important to understand programming concepts very strongly. Do I think you need to be able to write out a full object oriented application for the masses? No, but you should know solid programming structures such as variables, loops and functions. Now the more you know about programming, I think the easier it will be. I think one also has to have a pretty decent knowledge of Assembly Language programming. Again, you don't need to be writing applications that are enterprise worthy, but knowing how the stack and heap work, knowing push and pop, and the registers such as EAX, EBX etc. Also knowing the comparison functions such as XOR and some of the jump statements such as JMP, JNZ etc.
Your probably saying "I thought you said I don't have to learn programming!". OK, you may need to spend some time getting familar. I would recommend Assembly Language Step-by-step by Jeff Duntemann. I know it's an older book, but to be honest with the exception of 64 bit addressing (which is a big change) there isn't much more new in Assembly. Depending on your higher level programming skills, you may want to grab something like Algorithms in C++ Parts 1-4: Fundamentals, Data Structure, Sorting, Searching.
Next I want to preface what I am about to say with a warning. My giving these links is not in any way shape or form condoning what one does with the information. I'm just saying there are many options available to really learn reversing. Some use it for evil, while others use it for good.
With that out of the way, the best way to learn how to reverse is to, well, reverse stuff :). There are a lot of collections of files out there, that are not bound by copyright, called crackmes. These are little applications that people who know and enjoy reversing provide for others to learn. They are small snippets of applications, normally built by the creator of the crackme tutorial, used to show by example. Starting here is probably not a bad thing. Find as many as you can, trying to follow the tutorials less and less as you go on. Then you might move on to finding sites that have samples of found and known malware. Be careful here, you need to make sure you have an isolated machine when playing with malware. Reversing malware can lead to infection. I personally use VMWare on my Mac and it works great because I can revert back to a clean state after every sample. In my next post, I will give some simple instructions on how to build an analysis machine using VMWare.
I am leaving you with some links to some of the things I mentioned. Remember, I do not condone or hold responsibility for what you do with this information. I can only hope you are going to use it for good.
Binary Auditing Free Training
Reverse Engineering Community Forum
ARTeam crackme examples and tutorials
SANS Reverse Engineering Course
You can also search for crackme tutorials, reverse engineering, or reverse engineering malware on youtube or securitytube
Enjoy!
Subscribe to:
Posts (Atom)
