Infected Laptop Running Windows, Hijacked hosts File

Infected Laptop Running Windows, Hijacked hosts File

Recently I helped a friend who had an infected laptop running Windows. One of the first things you want to do is disable any network connection (wireless or wired) such that your computer cannot communicate with your own local area network or the Internet. This helps prevent further spread of the virus and collateral damage.

In order to run scans on the system, it is best to download them to a USB stick or burn to a CD, and then install from that removable device on the infected system. CD’s are the ideal because they are read-only and cannot be infected while the USB key could potentially carry a virus back to your other systems.

After running through a variety of scanning tools for spyware, malware, and viruses we felt we had cleaned it up quite well. (Note that the only way to truly know is to reinstall everything – not fun). (Second note, not all antivirus are the same and they scan for different issues).

I thought I would just check one last spot which I have seen some crafty (malicious) things done in the past:

c:\windows\system32\drivers\etc\hosts

Sure enough, this file had been hijacked. Here were the contents:

 

  • 74.125.45.100 4-open-davinci.com
  • 74.125.45.100 securitysoftwarepayments.com
  • 74.125.45.100 privatesecuredpayments.com
  • 74.125.45.100 secure.privatesecuredpayments.com
  • 74.125.45.100 getantivirusplusnow.com
  • 74.125.45.100 secure-plus-payments.com
  • 74.125.45.100 www.getantivirusplusnow.com
  • 74.125.45.100 www.secure-plus-payments.com
  • 74.125.45.100 www.getavplusnow.com
  • 74.125.45.100 safebrowsing-cache.google.com
  • 74.125.45.100 urs.microsoft.com
  • 74.125.45.100 www.securesoftwarebill.com
  • 74.125.45.100 secure.paysecuresystem.com
  • 74.125.45.100 paysoftbillsolution.com
  • 74.125.45.100 protected.maxisoftwaremart.com

 

What this accomplished was not only preventing your system from communicating with legitimate anti-virus websites, it was potentially hijacking your web browser and redirecting it to a site that looked and felt like the legitimate one (spoofed / phishing).

The hosts file had been hidden as a system file. It had been set as read-only. And no matter what we did, we could not overwrite it, delete it, save new contents…

We discovered a handy free utility called Unlocker (http://majorgeeks.com/download.php?det=4660) which resolved the problem and deleted the file for us.

Maybe check the contents of your hosts file and see if anything interesting lurks there.

#BirdCam: How does it work?

#BirdCam: How does it work?

View related posts:

I will take you through the 5 steps to get pictures of the nest over to a public webserver on the Internet.

shed1

  • The Yard Shed
  • The Garage
  • The House
  • The Internet
  • The WebServer

The Yard Shed

This is where it all begins! Mother nature is generating unique content for us to try and capture the moment to enjoy.

Many years ago at the beginning of this millenia, I obtained a very inexpensive webcam ($60) on eBay that I have used for a variety of applications. The model I chose was an Axis 2100 for the reason that it supported the ability to schedule taking sequential pictures (time lapse) between certain times and automatically upload these picture files to a network server.

The dilemma for me was creating reliable connectivity back to our house where our Internet connection is located. Due to the heavy amount of foliage and elevation changes on our property, my preference was a “wired” solution vs a “wireless” solution. A wireless solution would have introduced issues with installing external antennas and dealing with interference and reliability.

Being that a wired solution was chosen to connect back to our home network, this involved running a network cable through the bush from the shed up to the nearest building which is our garage. The total cable length of cat5 ended up being 297 feet (90.5 meters) which is very close to maximum length.

Outside the Shed

Power extension cables were also run which we use for other things in the yard. The cat5 cable was run through a loose section of conduit we had lying around to help prevent it from being crushed.

The Garage

The cat5 cable from the yard shed was terminated into a DLink DHP302 powerline adapter (ethernet over power). The power from our garage is a subpanel off our main house panel, therefore I was able to get a signal to work through the powerline adapters.

Essentially it is like extending the ethernet cat5 cable from one location to the other, using your electrical cables that are run. It does this by using frequencies higher than the 60Hz range used by north american power.

Networking from Garage

The House

In the house near my main ethernet switch is a matching DLink DHP302 powerline adapter. This helps provide a connection to the extended network outside (yard shed via garage) to our home network.

Once connected to the main home network, this allows a connection to my home server and to the Internet.

My home fileserver is FreeBSD (a flavour of unix). Anything can work that supports an FTP server (where the Axis camera deposits the pictures every minute) and rsync (more on this in “The Internet”) would do the trick. You could use a Mac or Windows box as well. Note that this machines needs to be on all the time for the pictures to be “collected”.

The Internet

Due to the unreliability of the Internet, I decided to have images go to my home server as an intermediate instead of directly to the public webserver. I wanted to minimize the possibility of losing photos.

To syncronize the directory of images between my home server and the webserver on the Internet, I used a fantastic program called “rsync”. This program allows the ability essentially “mirror” a file directory between 2 different servers. Thus only requiring to transfer any new photos that were captured by the webcam. I run this “rsync” utility every minute which helps keep things near realtime for viewing images on the public website.

The Web Server

The idea was to keep it a light and simple website consisting of a single page. No menu or no navigation required. The images appear in a subdirectory of the website so it was very easy using a quick PHP script to always display the most recent image.

The images being uploaded by the webcam are named with the date and time as part of the filename, and in a manner that is easily sortable. This is a feature of the Axis 2100 when uploading sequential images on a schedule.

Everything up to this point was accomplished within a single afternoon as time was of the essence. My kids discovered the nest on Saturday, on Sunday a light bulb began to flicker in my mind’s eye, and then on holiday Monday I put in my quick implementation.

Tuesday morning, back to work, I had a meeting with my staff showing them this great opportunity we have which was uber time sensitive. By mid afternoon they had created version 1.0 of the website such that it was somewhat appealing and had many of the social networking hooks.

It has since been a work in progress as we receive feedback from people visiting the website. It has exploded since going live Tuesday. Wednesday evening I was contacted by several news agencies and Thursday a segment appeared for the 6 o’clock news.

We are implementing new features such as picture favorites, photo archive, time lapsed videos, and much more.

This has been (and continues to be as of writing this) a great experiment to incorporate nature, technology, and social media.

#BirdCam

#BirdCam : A Social Media Experiment

#BirdCam : A Social Media Experiment

View related posts:

Robin and Nest Favorite 1

My kids spotted a robin’s nest in our yard.
It was inside one of our sheds.
Hmm… a light bulb flickered to life.
Wouldn’t this be a great way to showcase what you can do with technology,
websites, and the power of social networking.

Within a day I had a webcam mounted watching the nest and uploading pictures directly to a server.

By the next day my staff helped create an amazing website in record time. (We are all having fun with this.)

The result: http://birdcam.ca/

The website is still evolving with favorite pictures and viewing the photo archives coming online within a day.

Why go through all this effort to do this you ask? Partially because “we can”, also because “it’s cool”, and also it is an “experiment”.

Experiment? How so?

We wanted to see how fast we could create a brand new website, with unique content being generated for us (thank you mother nature), how “viral” could we make it, and see where it leads. Unfortunately much of the content online these days in the social networking world is what I call “noise”. Who cares what you ate for breakfast or what you are wearing. Also many people retweet/republish/repost other people’s content. Noise noise noise. It is difficult to come by brand new unique content.

Robin and Nest Favorite 2

Sites like what we have created have many possible applications. For instance what if we watched the construction of your brand new house being built. You could see it evolve, check on it anytime you wanted, and then a neat bonus with something being built is time lapse videos! Having a picture taken on a regular basis from a consistant location is ideal for compiling such amazing videos.

We are getting recommendations from people and implementing new features as quickly as we can during this experiment. The experiment will be over in the next 3 weeks after the eggs are hatched and the new born robins all fly away. We want to see where things end up at the end of this timeframe and how viral it gets.

Right now I as I write this I am enjoying watching the realtime logs on our webserver going nuts with new visitors and people refreshing their browsers.

Please check out the website http://birdcam.ca/ and invite your friends and contacts to do so as well. If you are on twitter, the hashtag is #BIRDCAM

And check back frequently near June 1st which is the current best guestimate we have on when the eggs may begin hatching.

Online Banking Security

Online Banking Security

Even though online banking may seem risky, it is absolutely safe to conduct all of your banking online every day. Millions of people do their banking online and feel safe doing so. Do you think that online banking is safe? Let’s explore some of the ways to keep online banking safe and your sensitive information secure.

Thieves can access your account by tricking you into thinking that you’re logging into your account when you’re not. This is called phishing. So how do they do it? They simply send you an email that instructs you to log into your online account to change your information or verify a purchase through a link in the email. Avoid clicking on this link in every instance. Always access your online banking through a bookmark created by you or by typing in the URL in your browser.

Ignore any and all requests that ask you to send your personal information via email. Usernames, passwords, PIN numbers, account information and credit card numbers can easily be read and intercepted by a third party since email is usually unencrypted. This information is also stored on servers, which can become compromised and read by thieves.

Ensure that all of the web pages that you visit are secure when you are online banking. You will know that a web page is encrypted when you see a small padlock symbol appear in the bottom right corner of the window or beside the address bar and URL at the top of the web page. If this symbol does not appear, assume that the web page is not secure. Avoid entering your username and password and log off immediately.

Be aware of where you log into your bank online. At work, your computer may have key loggers installed on it or your company may be using other methods to monitor your actions and access your login information while you’re online. Since wireless networks can be intercepted and read by a third party, ensure that the wireless network is secure using WPA. Avoid logging into your account from your friend’s computer or an unfamiliar computer. Usernames and passwords can be stored and used to access your personal information.

Use a strong password for logging into your bank online. Avoid using a password that thieves can guess easily, such as your pet’s name or a 1234 combination. Your banking password should contain a mixture of numbers, special characters, and capitalization. In other words, your password should be difficult for thieves to guess.

Ensure that you install virus software on your personal computer to keep it protected from potential thieves. A thief can infect your computer and install a key logger that keeps track of each keystroke that you enter on your computer. Your username, password and other confidential information could be captured.

Online banking is safe. All you need to do is take the right precautions to ensure that you keep your account information secure every time you log into your bank. If you are aware of the potential dangers, you will be able to do your online banking safely and securely.

Preventing Laptop Theft

Preventing Laptop Theft

Laptop theft is a serious threat to every person who owns one. What do you use to protect your laptop from potential thieves? It’s important to protect your laptop as you can lose hardware, software, and data that you may not have backed up. Thieves can have access to sensitive and personal information that will provide them with ways to steal your identity.

Laptops are becoming more widely used by companies and individuals because they allow you to be more productive while you’re on the go. Laptop theft is now on the rise and organizations as well as individuals are being affected by this crime. This also leads to potential data breaches that can affect employees, customers and reputations. Laptop theft is also the second highest cause of financial loss.

There are ways to protect your laptop and the sensitive information on it. Methods of protecting laptops and intellectual information have been developed to prevent theft. Alarms, cables, and laptop locks prevent potential thieves from simply walking away with your laptop in tow. Visual deterrents, such as STOP security plates are very difficult to remove, and they can also destroy the resale value. These methods are great ways to prevent laptops from being stolen.

You can lose your hardware, software, and sensitive data that you have not saved or backed up elsewhere. In addition, thieves may also have access to sensitive data and personal information if it isn’t encrypted. Some systems authorize access based on credentials stored on the laptop, including MAC addresses, Internet browser cookies, cryptographic keys, and stored passwords. In the absence of security measures, thieves can access information such as bookkeeping files, Word documents containing passwords and employee and customer information.

Use unique passwords and more advanced technological security precautions, such as Remote Laptop Security (RLS) that is designed to secure data and important information even if the laptop is not in the trusted hands of its owner. With RLS, the owner of a laptop can reject access rights to the stolen laptop from any computer.

Remember to secure your laptop and protect it from potential thieves. If you have important company information or files stored on your laptop, ensure that it is password protected and encrypted. More importantly, ensure that you back up all of your information on your laptop and keep it safe.

How to Keep Your Business Safe Online

How to Keep Your Business Safe Online

The Internet is a great tool and resource for your business but viruses, identity theft and online fraud can place your business at risk. The best way to protect your business is through prevention. Multi-layered defenses, staff training, policies and business-class computers are what you need to be safe online.

Take a look at your IT security, including your hardware, software, staff, and policies. Think ahead and make a plan to prevent fraud, viruses, data loss, and identity theft. If you think that you can make some improvements, start making all of the necessary changes to ensure the utmost safety for your business. Consider what you most need to protect and what you need to ensure that your business operates.

Theft is more likely to occur than hacking. It’s a good idea to use cable locks to ensure that your PCs and laptops are secure when they aren’t in use. Make sure that office windows and doors have sturdy locks and install an alarm system if you don’t already have one. Consider storing a backup of data away from the office just in case. It may also be useful to write a list of serial numbers to recover any stolen hardware.

Protect your computers by installing security software, including firewall, anti-virus, anti-spyware, and anti-spam protection. Also ensure that all of your software is kept up-to-date. You should also protect your company’s information by encrypting any wireless networks by using strong passwords and erasing data on old computers before you send them to be recycled.

Ensure that your staff receives clear guidelines about what is acceptable to do online. You may want to restrict access to social networking sites and ban software piracy or other inappropriate content. Also, make sure that you train your staff so that they understand office policies and know who to contact if they have any questions or concerns.

It’s always worth it to get good advice as well. Call your local IT Specialist who understands small businesses and communicates in simple, jargon-free language. Your business and staff will thank you.