Silicon Shecky

Infosec Practitioner

Connect

Patches for Firefox

By Leave a Comment

So it seems that we have a new set of patches for Firefox, and that the next version has a little change to it.

The article I have read indicates that there are a bunch of critical issues patched up with yesterday’s update to Firefox, but that none have been exploited. What seems to be the biggest thing has been some issues that cause memory corruption and crashes. Now I’m not a programmer, but that sounds to me liek a big deal. The real question is, how long will it take for the autoupdate feature of Firefox to get the update? Its the one failure in my mind of the browser. I know I hear about an update, and sometimes the autoupdate doesn’t get it for a month or longer. With critical patches, you would think it would get to you a little sooner than that.

Also in the article the next release of Firefox is now 3.5. Makes sense if you ask me, since they are doing a heck of a lot to the browser, but not quite enough to warrant it being called 4.0.

And now for something completely different

By Leave a Comment

So after all is said and done there is still more to do.

You all should find some sort of Backup and Disaster Recovery plan for your clients. I’ve started to look at the one we offer at work and realize that it can be a life saver for any business.

Think about it, a good one will make sure that you are protected and can be back up and running in an emergency within 48 hours. Have only up to 48 hours of downtime is short as it is. Less business lost, less downtime, quicker recovery for the business. It should be a no brainer, which is why I’m surprised at how many businesses decide its not worth the money.

I guess we can’t win them all, even when we try to be proactive.

Oh Boy

By Leave a Comment

So it seems that we have a real nasty couple of viruses (virii?) that came out in the last couple of weeks. The Virut.CE and Virux viruses are two of the worst viruses I’ve seen in a long time.

You see, I spent the better part of evenings in the last week trying to remove the virut.ce one from a friends laptop. The issue is that, even if you clean it completely off, you will need to do a repair install of Windows and reinstall every other program on the machine. Why you ask?

1) It adds code into normal executables. I’m talking explorer.exe, svchost.exe, and any other .exe file it can find.

2) It destroys the Software hive of the registry. This alone means you would need to restore it from the repair directory. Unless you have a recent backup of the hive safely off the machine, you loose just about any registry keys from software on your machine and have to reinstall them

3) It keeps coming back. Every tool from Kapersky to Malewarebytes winds up finding it, trying to remove it, and yet it still comes back.

4) Initially it prevents access to task manager and explorer. This is partially because of the Registry infestation.

5) It hits flash/external usb drives. If there are executables on your external or flash drives, you are screwed. scan them and if its on them, format them.

6) It Will spread over your network! If a machine is infected with these monsters, unplug its network connection immediately. It will infect network shares and spread across your network.

It is a pain to wipe and reinstall systems, I know, but there are a few things you can do to make it a little bit easier.

1) Use a boot CD and a clean external drive. Booting off a Linux or Windows boot cd (BartPE, ERD Commander) You can at least transfer documents to an external drive. Booting off the CD also means you won’t be activating the virus, so you are safe plugging and external in.

2) Format the drive and delete the partitions using the Boot CD. This helps insure that you don’t have it sitting in memory, and that the drives are clean. I recommend formatting the drives first, then wipe the partitions, then go ahead with the reinstall.

3) Remove all power from the machine for 5 minutes before starting the reinstall. This makes sure your memory has been cleared out.

I don’t know what joy people get from writing such destructive things. I do know that while its not really celanable, the latest virus definitions for your antivirus will stop it before it starts, which hopefully will help mitigate it. Also it seems that it comes through html intially, which means any site could unknowingly be hosting it.

The Virus itself opens a back door to an IRC network, where your machine will be loaded with all other sorts of nasties. And so you all know, my friends machine initially was taken down by this monster within 5 minutes of being infected. Yes, totally infected and downed inside of 5 minutes!

Hopefully you don’t have to deal with this for a friend, let alone a client network.