This is a follow up from a question from a reader of the previous post. Paraphrased it was, can websites become malicious at any time? Should we scan websites that we go to frequently or just new ones? That is an excellent question. So good that I figured I would follow up on the last post.
The short answer is yes. I would scan sites semi regular, even ones you go to all of the time. I would especially recommend this for sites that involve financial transactions. I am including some links here to some stories where well known sites have been found to distribute malicious content. This isn't necessarily them doing it, more of the fact that people target these sites in attempt to infect more people.
Another thing that can be helpful is to make sure you are doing your Microsoft Updates. Move to the IE 8 Web browser (should get this from Microsoft Updates), if not you can go to microsoft.com and download it. To know if you are running IE 8; open the browser, go to the Help menu, then about Internet Explorer. Alternatively you can use Firefox as well. Remember to keep that updated as well.
Finally you can go so far as to run your browser in a virtual machine or with a program such as sandboxie. Sandboxie keeps the browser session you are running in a protected memory space. This isn't a silver bullet, just another arrow for the quiver.
CNN Malware
When malware strikes via bad ads on good sites
Malware Delivered by Yahoo, Fox, Google ads
Relax, the Internet isn't all bad stuff. Here is a palette cleanser for you to show you that:
Surprised Kitty
Charlie Bit Me!
Friday, April 30, 2010
Thursday, April 29, 2010
Is that site malicious?
I know I promised my next article would be how to create a malware lab with VMWare. I had to side step for a moment for an idea that came to me from one of my avid readers (Thanks Sara! :))
Some who read my blog don't know a whole bunch about security or possibly computers in general. They have come to enjoy the things that the Internet and systems can do for them. This is great! I encourage all to see what can be done to learn and do things on the computer. This does raise some issues though.
With all of the good stuff on the web, there is also a bunch of bad stuff. I get the question a lot of how to know if a site is legit. This is not completely clear cut, but I wanted to share some links with everyone so they can do some testing of the sites before going or returning.
I will start with some links I use to check sites:
AVG Link Scanner
Finjan URL Analysis
Norton Safe Web
Malware Domain List
I normally run a URL through those to see if the sight may or may not be malicious. This isn't all I do, but the rest is a little difficult without more advanced understanding of web site code. I would like to say that this isn't a guarantee either. It is just another thing to do to check. If you ever need a site analyzed and you want to know my opinion, just email me at cshaffer(remove this and change at to @)atgmail.com. I would be more than happy to check it out for you.
There are other sites where you can check the validity as well. Here is my final link with links from above and more in case you want to really check.
Lenny Zeltser: Fighting Malicious Software
Enjoy and please reach out if you have any questions. Next post will be how to build a malware analysis lab with VMWare....I promise :)
Some who read my blog don't know a whole bunch about security or possibly computers in general. They have come to enjoy the things that the Internet and systems can do for them. This is great! I encourage all to see what can be done to learn and do things on the computer. This does raise some issues though.
With all of the good stuff on the web, there is also a bunch of bad stuff. I get the question a lot of how to know if a site is legit. This is not completely clear cut, but I wanted to share some links with everyone so they can do some testing of the sites before going or returning.
I will start with some links I use to check sites:
AVG Link Scanner
Finjan URL Analysis
Norton Safe Web
Malware Domain List
I normally run a URL through those to see if the sight may or may not be malicious. This isn't all I do, but the rest is a little difficult without more advanced understanding of web site code. I would like to say that this isn't a guarantee either. It is just another thing to do to check. If you ever need a site analyzed and you want to know my opinion, just email me at cshaffer(remove this and change at to @)atgmail.com. I would be more than happy to check it out for you.
There are other sites where you can check the validity as well. Here is my final link with links from above and more in case you want to really check.
Lenny Zeltser: Fighting Malicious Software
Enjoy and please reach out if you have any questions. Next post will be how to build a malware analysis lab with VMWare....I promise :)
Tuesday, April 20, 2010
niaga emit gnol a neeb s'tI
What is that gibberish? It says, It's been a long time again, but reversed. Why reversed? Well to make it short, I have been submersed in reverse engineering the past few weeks. I do a good bit of this at work and it has become my focal point in security these days. I really enjoy it. I wanted to post this because I wanted to provide some beginner steps to anyone that wants to go down this road.
One of the first things I think everyone asks is "yeah but I hate programming, do I need to learn how to program?". I think it is important to understand programming concepts very strongly. Do I think you need to be able to write out a full object oriented application for the masses? No, but you should know solid programming structures such as variables, loops and functions. Now the more you know about programming, I think the easier it will be. I think one also has to have a pretty decent knowledge of Assembly Language programming. Again, you don't need to be writing applications that are enterprise worthy, but knowing how the stack and heap work, knowing push and pop, and the registers such as EAX, EBX etc. Also knowing the comparison functions such as XOR and some of the jump statements such as JMP, JNZ etc.
Your probably saying "I thought you said I don't have to learn programming!". OK, you may need to spend some time getting familar. I would recommend Assembly Language Step-by-step by Jeff Duntemann. I know it's an older book, but to be honest with the exception of 64 bit addressing (which is a big change) there isn't much more new in Assembly. Depending on your higher level programming skills, you may want to grab something like Algorithms in C++ Parts 1-4: Fundamentals, Data Structure, Sorting, Searching.
Next I want to preface what I am about to say with a warning. My giving these links is not in any way shape or form condoning what one does with the information. I'm just saying there are many options available to really learn reversing. Some use it for evil, while others use it for good.
With that out of the way, the best way to learn how to reverse is to, well, reverse stuff :). There are a lot of collections of files out there, that are not bound by copyright, called crackmes. These are little applications that people who know and enjoy reversing provide for others to learn. They are small snippets of applications, normally built by the creator of the crackme tutorial, used to show by example. Starting here is probably not a bad thing. Find as many as you can, trying to follow the tutorials less and less as you go on. Then you might move on to finding sites that have samples of found and known malware. Be careful here, you need to make sure you have an isolated machine when playing with malware. Reversing malware can lead to infection. I personally use VMWare on my Mac and it works great because I can revert back to a clean state after every sample. In my next post, I will give some simple instructions on how to build an analysis machine using VMWare.
I am leaving you with some links to some of the things I mentioned. Remember, I do not condone or hold responsibility for what you do with this information. I can only hope you are going to use it for good.
Binary Auditing Free Training
Reverse Engineering Community Forum
ARTeam crackme examples and tutorials
SANS Reverse Engineering Course
You can also search for crackme tutorials, reverse engineering, or reverse engineering malware on youtube or securitytube
Enjoy!
One of the first things I think everyone asks is "yeah but I hate programming, do I need to learn how to program?". I think it is important to understand programming concepts very strongly. Do I think you need to be able to write out a full object oriented application for the masses? No, but you should know solid programming structures such as variables, loops and functions. Now the more you know about programming, I think the easier it will be. I think one also has to have a pretty decent knowledge of Assembly Language programming. Again, you don't need to be writing applications that are enterprise worthy, but knowing how the stack and heap work, knowing push and pop, and the registers such as EAX, EBX etc. Also knowing the comparison functions such as XOR and some of the jump statements such as JMP, JNZ etc.
Your probably saying "I thought you said I don't have to learn programming!". OK, you may need to spend some time getting familar. I would recommend Assembly Language Step-by-step by Jeff Duntemann. I know it's an older book, but to be honest with the exception of 64 bit addressing (which is a big change) there isn't much more new in Assembly. Depending on your higher level programming skills, you may want to grab something like Algorithms in C++ Parts 1-4: Fundamentals, Data Structure, Sorting, Searching.
Next I want to preface what I am about to say with a warning. My giving these links is not in any way shape or form condoning what one does with the information. I'm just saying there are many options available to really learn reversing. Some use it for evil, while others use it for good.
With that out of the way, the best way to learn how to reverse is to, well, reverse stuff :). There are a lot of collections of files out there, that are not bound by copyright, called crackmes. These are little applications that people who know and enjoy reversing provide for others to learn. They are small snippets of applications, normally built by the creator of the crackme tutorial, used to show by example. Starting here is probably not a bad thing. Find as many as you can, trying to follow the tutorials less and less as you go on. Then you might move on to finding sites that have samples of found and known malware. Be careful here, you need to make sure you have an isolated machine when playing with malware. Reversing malware can lead to infection. I personally use VMWare on my Mac and it works great because I can revert back to a clean state after every sample. In my next post, I will give some simple instructions on how to build an analysis machine using VMWare.
I am leaving you with some links to some of the things I mentioned. Remember, I do not condone or hold responsibility for what you do with this information. I can only hope you are going to use it for good.
Binary Auditing Free Training
Reverse Engineering Community Forum
ARTeam crackme examples and tutorials
SANS Reverse Engineering Course
You can also search for crackme tutorials, reverse engineering, or reverse engineering malware on youtube or securitytube
Enjoy!
Friday, February 12, 2010
P90x day 31
If you read my last blog post, you know that I started P90X. It's hard to believe it has been 30 days! It was really rough at first. I actually even had an issue where I started to get headaches every day. With that said, it was nothing major and it was repairable. Heed this warning! Use a heart rate monitor. My problem was that my heart rate was over 90% the whole time. This causes symptoms, at least in me, that resemble high blood pressure. Headaches, light headedness, and could lead to stroke! I'm not a Dr. but I highly recommend it. After getting a heart rate monitor and keeping under 80% on the hardest workouts, I have alleviated the problem.
Now a word on day 31. Just when you think you got the hang of this. Your feeling good, completing the workouts, maybe you have even worked up to doing much the same reps that they are doing on the video. FORGET YOU EVER STARTED! Day 31 makes it feel like day one again. No Joke! I'm having trouble typing this right now because my shoulders hurt so bad and my muscles are shaking. It burns! Good luck!
I will say this. Taking the 30 day pictures and seeing a result along with feeling better in my clothes and just the general healthy feeling is worth every minute! I will check in on this topic again on day 61. I can only hope it's not like 31 :)
Now a word on day 31. Just when you think you got the hang of this. Your feeling good, completing the workouts, maybe you have even worked up to doing much the same reps that they are doing on the video. FORGET YOU EVER STARTED! Day 31 makes it feel like day one again. No Joke! I'm having trouble typing this right now because my shoulders hurt so bad and my muscles are shaking. It burns! Good luck!
I will say this. Taking the 30 day pictures and seeing a result along with feeling better in my clothes and just the general healthy feeling is worth every minute! I will check in on this topic again on day 61. I can only hope it's not like 31 :)
Friday, January 15, 2010
Off of Security for a few
I just wanted to start a small series of posts that are off the security topic a little. I will intersperse these with the same good 'ol security posts as well, but I wanted to mention a few things as well.
A lot of people like me, some call them geeks I suppose, have desk jobs and type all day long. When you work long hours in such an environment, some of us tend to get out of shape. I have certainly gotten out of shape over the years and decided to do something about it. An old colleague of mine tried this workout system called P90x. He said "it's not for the faint of heart", but he posted some pictures of his progress and it was enough for me to think "I can do this".
It's an action/pain packed 90 days, but if you do it, you will see results. Now, I just started today and let me tell you, it is painful! I feel much better now after a shower, but I'm sure I'll be in more pain as the day goes on and even more tomorrow.
This plan is no joke! It's 7 days a week for 90 days. There are "rest" weeks, but don't think relax when you read rest. It is just a little lighter. So I wanted to say I will continue to post my comments on how it is going and any tips I can give from someone that is in probably the worst shape of their life but doing this.
So first thing is first. They have a pre workout test. A few moves that you can do to see if you are ready. I passed 90% of it. I'm the kind of person that goes for a challenge and feel that 10% wasn't bad enough to halt progress in my goal. If you get anything less than that, they recommend, as do I, that you don't do it. The workouts are much worse, not easier. If you want to know what this is before you buy it, let me know and I can give you some examples. If you can't do them, don't even think about it! Your well being is more important than meeting a goal. They do have other workouts which can bring you up to speed before you do this. Take that heed!
Tips on the first day. All I can say is be realistic if you are in as bad of shape as me. Endurance is important so you can finish the workout. Keep that in mind when you are counting reps. Make a goal for each set and try to get it. Don't risk form for reps, it's not worth it. The people on the video were knocking out huge numbers of push ups and pull ups. Don't put yourself on that level, just know that is where you want to be. I averaged probably half of what they were doing. This is not a bad thing, just keep in mind, these people did this program already, and I guarantee some of them were in a similar boat.
Just be consistent and know when you need to stop. Drink, drink, drink! Keep hydrated it is huge! If you are working with a partner, they may be able to push you a bit. If you are by yourself you need to be true to yourself, know your goals and try your best. Don't quit because "it's too hard" unless it really is. Case in point is that on the next to last set of pushups, I went down and could not get back up. I'm OK with that. That was really all I can do. My body said no, my mind didn't! I think that is key.
I'll post more as time progresses. I can only stress to make goals. My first goal is to be doing the reps they are doing on the video by then end of the first phase of 30 days. I think that's respectable and if I can't, then I can't, but that's what I'm shooting for.
A lot of people like me, some call them geeks I suppose, have desk jobs and type all day long. When you work long hours in such an environment, some of us tend to get out of shape. I have certainly gotten out of shape over the years and decided to do something about it. An old colleague of mine tried this workout system called P90x. He said "it's not for the faint of heart", but he posted some pictures of his progress and it was enough for me to think "I can do this".
It's an action/pain packed 90 days, but if you do it, you will see results. Now, I just started today and let me tell you, it is painful! I feel much better now after a shower, but I'm sure I'll be in more pain as the day goes on and even more tomorrow.
This plan is no joke! It's 7 days a week for 90 days. There are "rest" weeks, but don't think relax when you read rest. It is just a little lighter. So I wanted to say I will continue to post my comments on how it is going and any tips I can give from someone that is in probably the worst shape of their life but doing this.
So first thing is first. They have a pre workout test. A few moves that you can do to see if you are ready. I passed 90% of it. I'm the kind of person that goes for a challenge and feel that 10% wasn't bad enough to halt progress in my goal. If you get anything less than that, they recommend, as do I, that you don't do it. The workouts are much worse, not easier. If you want to know what this is before you buy it, let me know and I can give you some examples. If you can't do them, don't even think about it! Your well being is more important than meeting a goal. They do have other workouts which can bring you up to speed before you do this. Take that heed!
Tips on the first day. All I can say is be realistic if you are in as bad of shape as me. Endurance is important so you can finish the workout. Keep that in mind when you are counting reps. Make a goal for each set and try to get it. Don't risk form for reps, it's not worth it. The people on the video were knocking out huge numbers of push ups and pull ups. Don't put yourself on that level, just know that is where you want to be. I averaged probably half of what they were doing. This is not a bad thing, just keep in mind, these people did this program already, and I guarantee some of them were in a similar boat.
Just be consistent and know when you need to stop. Drink, drink, drink! Keep hydrated it is huge! If you are working with a partner, they may be able to push you a bit. If you are by yourself you need to be true to yourself, know your goals and try your best. Don't quit because "it's too hard" unless it really is. Case in point is that on the next to last set of pushups, I went down and could not get back up. I'm OK with that. That was really all I can do. My body said no, my mind didn't! I think that is key.
I'll post more as time progresses. I can only stress to make goals. My first goal is to be doing the reps they are doing on the video by then end of the first phase of 30 days. I think that's respectable and if I can't, then I can't, but that's what I'm shooting for.
Monday, January 4, 2010
Top 10 Home Anti Virus Applications
I stumbled on this top 10 list of home paid for anti virus applications. I tend to get the question of which AV I recommend from friends and family. Generally I have been a fan of the Symantec product. This is all relative as you may have seen in a previous post where I showed generally how easy it was to pass a virus though current AV techniques. With all of this in mind Symantec showed up as #2 on this list by PC world. Not a bad standing. G Data was number one which I have personally never heard of. The article does say that it was a close race between the two.
So was this post to say "I told you so"? No! It was just to show the top 10. You can make your decision. What I wanted to get across, as I have mentioned before, the freebies are good but it really adds serious protection to pay for your subscription. All AV subscriptions end up around the same ball park of $25-$50 bucks per year. That is a small price to pay for the protection of your system and data. PC techs tend to charge $75-$100/hour to do clean up after the fact so you can do the math! Even if you have a good friend or family member that will do the work for you, your gonna pay the same price at minimum of what you could have paid to have good protection in the first place.
It can seem like insurance, but like insurance, it's worth it if it does happen! Remember AV isn't the silver bullet for a secure system but it should definitely be a part of your armor!
So was this post to say "I told you so"? No! It was just to show the top 10. You can make your decision. What I wanted to get across, as I have mentioned before, the freebies are good but it really adds serious protection to pay for your subscription. All AV subscriptions end up around the same ball park of $25-$50 bucks per year. That is a small price to pay for the protection of your system and data. PC techs tend to charge $75-$100/hour to do clean up after the fact so you can do the math! Even if you have a good friend or family member that will do the work for you, your gonna pay the same price at minimum of what you could have paid to have good protection in the first place.
It can seem like insurance, but like insurance, it's worth it if it does happen! Remember AV isn't the silver bullet for a secure system but it should definitely be a part of your armor!
Sunday, December 27, 2009
Posting slow down
So I think I have fallen into the same pit that many do with keeping up on a blog. Too many things going on and not enough time in the day. I wanted to post an update and hopefully resolve to update more often :)
So I have been reading a bunch on malware analysis. I have found myself doing this more and more at work. I really enjoy the process, which has lead me to dissect the topic. The last book which I just finished was "Malware Forensics: Investigating and Analyzing Malicious Code". The book was written well. The idea of it was that you had two incidents that you were investigating. One was on a Windows machine and the other was on a Linux machine. It then took you step by step into each.
The one thing I would probably offer in the way of criticism of the book would be to finish the Windows portion, then do the Linux portion. I found it difficult to keep my mind focused when it would switch from chapter to chapter. I would find myself wanting to skip to the next Windows or Linux section to see what happens next.
Now I am reading The Art of Computer Virus Reasarch and Defense. This book is a little dated but contains great material about how viri work. The most interesting thing I see is probably that Peter Szor was talking about the need to protect Javascript in Adobe applications, or types of worms called Octopus in which multiple systems communicate together to perform an action. These are things that are current and in some cases current of the past month or two and yet here they are written about in full detail years ago.
If I learned anything about this topic so far in this book, it is that virus writers are so far ahead, it's no wonder Anti Virus programs are so easy to beat. The techniques of the good virus writers (good as in ability, not in motive) are light years ahead of the people that probably defend these systems every day. I don't mean to say this to take away from any system, network or security admin out there, but they seem to have a large leg up.
We talk a lot about education being the key to winning this battle. I agree with this, however, I feel that the real education needs to come from the people protecting these systems, more than end user education. Now before I get flamed, I'm not saying that end user education isn't important as well; I'm just saying that if the people that know and understand these systems don't understand the vectors of attack, how can we expect end users who just expect things to work to understand the techniques?
In closing, the plan to meet every Saturday starting on the 16th of January to go over the Metasploit framework course offered by Offensive Security is still on. It will be at the Bowie, MD library. If you haven't received the dates please just contact me at nospamcshaffer which is at the gmail.com mail service. Of course remove nospam for the real address.
So I have been reading a bunch on malware analysis. I have found myself doing this more and more at work. I really enjoy the process, which has lead me to dissect the topic. The last book which I just finished was "Malware Forensics: Investigating and Analyzing Malicious Code". The book was written well. The idea of it was that you had two incidents that you were investigating. One was on a Windows machine and the other was on a Linux machine. It then took you step by step into each.
The one thing I would probably offer in the way of criticism of the book would be to finish the Windows portion, then do the Linux portion. I found it difficult to keep my mind focused when it would switch from chapter to chapter. I would find myself wanting to skip to the next Windows or Linux section to see what happens next.
Now I am reading The Art of Computer Virus Reasarch and Defense. This book is a little dated but contains great material about how viri work. The most interesting thing I see is probably that Peter Szor was talking about the need to protect Javascript in Adobe applications, or types of worms called Octopus in which multiple systems communicate together to perform an action. These are things that are current and in some cases current of the past month or two and yet here they are written about in full detail years ago.
If I learned anything about this topic so far in this book, it is that virus writers are so far ahead, it's no wonder Anti Virus programs are so easy to beat. The techniques of the good virus writers (good as in ability, not in motive) are light years ahead of the people that probably defend these systems every day. I don't mean to say this to take away from any system, network or security admin out there, but they seem to have a large leg up.
We talk a lot about education being the key to winning this battle. I agree with this, however, I feel that the real education needs to come from the people protecting these systems, more than end user education. Now before I get flamed, I'm not saying that end user education isn't important as well; I'm just saying that if the people that know and understand these systems don't understand the vectors of attack, how can we expect end users who just expect things to work to understand the techniques?
In closing, the plan to meet every Saturday starting on the 16th of January to go over the Metasploit framework course offered by Offensive Security is still on. It will be at the Bowie, MD library. If you haven't received the dates please just contact me at nospamcshaffer which is at the gmail.com mail service. Of course remove nospam for the real address.
Subscribe to:
Posts (Atom)
