Most of these seem to be timely links in light of the recent malware-induced data breaches of late…
- An Approach to Detect Malware Call-Home Activities - (PDF link alert) - SANS Reading Room whitepaper
- An Early Malware Detection, Correlation, and Incident Response System with Case Studies - (PDF link alert) - SANS Reading Room whitepaper.
- An introduction to firmware analysis - Help Net Security - has 40 minute YouTube video presentation from the “…30th Chaos Communication Congress focuses on the different steps to be taken to acquire and analyze the firmware of an embedded device, especially without knowing anything about the processor architecture in use.”
- It Is All About Program Execution - Journey Into Incident Response blog
- Malware RE - IR Disconnect - Windows Incident Response blog
- CAINE 5.0 Blackhole 64bit released! - LiveCD release from CAINE developers. Supports UEFI/Secure boot/BIOS when used in pen-drive mode and legacy BIOS/BIOS support only when used in a DVD mode.
Patch Time Again!
Yesterday when flipping channels between a re-broadcast of Downton Abbey and the AFC playoff game (yeah--real contrast right?) Dad called in a panic as his dear wife had been browsing the InterTubes on their Vista system and they got an apparent Microsoft Security Essentials virus detection alert.
Only it didn’t quite look like what they were used to. So I popped on remotely and took a look.
Long story short, it was actually a fake AV alert image embedded in an IE tab page. Clever. Not.
Using ProcessExplorer I was able to confirm it was a “click here to clean” IE browser session only and not an actual malware fake AV binary causing the display. So a few targeted process kills later all was gone.
We did a trial to show again how the real MSSE client they have running on their system presents a legitimate detection alert.
This is a pretty common event now for them and their system. The vector seems to be that she opens up IE (the latest IE version offered for MS Vista is 9 which they have). Her home page is Yahoo.com. So then she just types in what she is looking for in the “handy” Yahoo search bar on that page and flows down the Internet River. Often getting amazing numbers of multi-page ad/scam loads in new browser tab sessions. Yahoo seems to be the wild-west of this time of ad/page hijacking. Anyway…
We set up Google Chrome for her to use and depreciated IE as much as we could from the desktop/quick-launch in hopes that Chrome might provide a bit more protection. I ran out of time before having to head to the church-house for service support and didn’t get a chance to load it up with some additional ad-block protections but that is on the to-do list.
Anyway, before I bailed I also brought up their Java (needed unfortunately), Flash, Shockwave, Air versions to current status.
Fingers cross this will hold the dam back a bit more until little brother and I can convince Dad it is time for an OS upgrade to Win7/8 from Vista.
So with that background in mind…go get your patches!
- Security Updates for Windows, Java, Flash & Reader — Krebs on Security
- Critical Microsoft, Adobe, and Oracle updates: Like dental floss for your PC -- Ars Technica
- Oracle to issue huge security patch addressing 36 Java vulnerabilities - BleepingComputer News
- Patch Tuesday Update - January 2014 - SANS Cyber-Defense blog
XP support under Microsoft Security Essentials Extended (kinda)
Microsoft has come out with clarification that their Microsoft Security Essentials product will no longer be offered for download to XP OS system users after April 2014. However MS will continue to offer DAT file downloads/updates for already installed MSSE clients on XP though April 2015.
Small consolation, but really, other than looking for AV support of XP from other security software vendors, it really is time to upgrade to Windows 7 (or Win 8 I suppose).
- Microsoft antimalware support for Windows XP - Microsoft Malware Protection Center
- Microsoft to extend Windows XP anti-malware updates one year - ZDNet
- Microsoft Security Essentials: No new installations after April - ZDNet
- Security Essentials for Windows XP gets a 15-month reprieve - Ars Technica
Defrag Tools over at Channel 9 has posted “Part 3” of their Message Analyzer video set:
- Defrag Tools: #73 - Message Analyzer - Part 3 - Defrag Tools | Channel 9
- Defrag Tools: #72 - Message Analyzer - Part 2 - Defrag Tools | Channel 9
- Defrag Tools: #71 - Message Analyzer - Part 1 - Defrag Tools | Channel 9
TRAINING: “Windows Performance Jump Start” – Jan 23rd, Online - Kurt Shintaku's Blog
Bitrot and atomic COWs: Inside “next-gen” filesystems - Ars Technica
How to nuke your encrypted Kali install - Kali Linux
New Utilities of Note
Recuva - freeware - version update to 1.50. - This file recovery software has some major feature updates added.
- Added ISO 9660 file system support
- Added recovery from unmounted drives
- Improved duplicated file name recovery
- Added Junction Point recovery support
- Improved optical drive detection and recovery
- Improved scan statistics accuracy
Bit more detail on what some of those features mean over at this Betanews post: Recuva now recovers data from unmounted drives, ISO-formatted optical discs