blog trackingRealtime Web Statistics Windows | Gregory D. Evans | Worlds No. 1 Security Consultant - Part 10

Posts Tagged ‘Windows’

Emulate an Alpha Hardware System on x86/x64 Windows PC to Run OpenVMS

Personal Alpha - OpenVMS Emulator

It’s been a long time since I haven’t updated the OpenVMS category, and so here is a short article that may be of help to all OpenVMS fanatics and users out there.

Lemme introduce to you Personal Alpha by Stromasys, a software that lets you run Alpha/OpenVMS/Tru64 on your personal computer because the system emulates a DEC3000-400 (Sandpiper) with 128 mb memory, 2 fixed disks, 1 Ethernet Link, CD and a floppy drive .(Cool ey!) Instructions on how to configure your emulation can be found if you press the Help Button. And what’s good about this software is that it is free to download.

Hey but wait!!! You can’t execute DCL scripts yet by just running this hardware emulator, you still need an operating system like OpenVMS/Tru64. Thus you need yo get an OpenVMS hobbyist license and the OS CD. (just a heads up)

To download this emulator click here.

Emulate an Alpha Hardware System on x86/x64 Windows PC to Run OpenVMS, Blog, system, Windows, hardware, Alpha, Emulate, x86/x64, OpenVMS

Emulate an Alpha Hardware System on x86/x64 Windows PC to Run OpenVMS, Blog, system, Windows, hardware, Alpha, Emulate, x86/x64, OpenVMS

View full post on ProjectX Blog – Information Security Redefined

View full post on National Cyber Security » Computer Hacking

Microsoft Uses Android Malware Hysteria to Offer Free Windows Phones

Microsoft is capitalizing on a recent Android malware scam by giving away free Windows Phones to five Android users with the worst malware horror stories. Ben Rudolph, Microsoft’s Windows Phone evangelist, announced the contest on Twitter using the hashtag #droidrage. Microsoft followed Rudolph’s lead and publicized the contest on its official Twitter feed.

This isn’t the first time Microsoft has used free phones to win people over to its mobile platform. In August, the software giant offered free Windows Phones to webOS developers after Hewlett-Packard announced it was discontinuing its webOS device lineup. HP recently announced it would make webOS an open source project and may release a new webOS tablet in 2013.


Google recently removed 22 malicious apps purporting to be legitimate versions of popular programs such as Cut The Rope and Angry Birds. The apps were packaged with malware that would send fake text messages to premium-rate SMS numbers, costing the user around $5 per SMS.

The so-called RuFraud scam targeted European users and did not affect Android phones in North America. Lookout Security, the firm that first brought the scam to Google’s attention, says it has since discovered another five RuFraud apps in the Android Market, bringing the total app count to 27.

Droid Rage in 140 characters or less

Microsoft’s droidrage campaign is eliciting a number of tweets from disaffected Android users. “Had 100.00 worth of charges on my phone bill, called to see what the deal was, an app.has been sending charge to acct texts,” said Twitter user Zac Leingang.

“Gave my mom a Droid phone as her first smartphone. Malware is constantly making her phone crash, making her wish she never got one,” said Sergio Rivera. Other users are telling similar stories in hopes of getting a free phone.

Android malware

Microsoft may be capitalizing on Android’s misfortunes at a particularly low point for Google’s mobile OS, as concerns about malware on Android are on the rise. Lookout Mobile Security recently said that an Android user in the United States has a 40 percent chance of clicking on a malicious link from their handsets. The global likelihood is 36 percent, according to Lookout.

Security firm McAfee in November said that Android malware increased by 37 percent in the third quarter of 2011 compared to the preceding three-month period. Also in November, a particularly sensationalistic report from Juniper Networks said Android Malware had increased 472 percent since July.

Chris DiBona, Google’s open source programs manager, recently shot back at the security industry, blaming Android malware hysteria on charlatans trying to sell security software.

While Google dukes it out with the security industry over Android malware, Microsoft appears to be reveling in its rival’s misfortunes. But not everyone is impressed with Microsoft’s offer.

Twitter user Nick Rosier called Microsoft’s offer of free Windows Phone for Android malware victims “harsh.” Rosier added, “Haven’t they suffered enough?”

Connect with Ian Paul (@ianpaul ) and Today@PCWorld on Twitter for the latest tech news and analysis.

Article source:

View full post on National Cyber Security » Virus/Malware/Worms

Microsoft Urges Android Malware Victims to Join Windows

Microsoft is asking Android owners to share their malware stories, in an attempt to lure them to Nokia‘s Windows devices, as the software giant ramps up marketing for the U.S. launch.

In a Twitter post, Microsoft “evangelist” team member Ben Rudolph urged his followers, “Share your Android malware story (there’s lots going around) and you could win a #windowsphone upgrade.” The post used the hashtag #DroidRage. Microsoft then re-posted the Tweet on its official page.

Google‘s Android Market has come under fire recently for increasing numbers of malware attacks, since the store is open-source and apps are not screened prior to being made available to consumers. Google removed over 100 suspicious apps over the past year, so many Android smartphone users may accept Rudolph’s invite to vent about problems they’ve experienced as a result of malware.

Microsoft is capitalizing on Google’s troubles, hoping users fed up with spam attacks will convert to Windows phones, which the company claims will be more secure. Google’s Android is the world’s largest smartphone platform, while Microsoft holds only a two-percent market share in the competitive U.S. smartphone market, which is dominated by Android and Apple.

Microsoft’s hard-hitting strategy to filch customers from Android began months ago in anticipation of Nokia’s Windows-based Lumia phones, which are selling out in the U.K. and slated to launch in the U.S. early next year.

In October, Microsoft chief executive Steve Ballmer panned Android phones, stating “You don’t need to be a computer scientist to use a Windows phone. And I think you do to use an Android phone.”

Earlier this month, Microsoft released a free demo of the Windows Mango operating system that ran on Apple and Android phones, allowing potential Windows users to get a feel for the new software even on rival devices.

Consumers appear excited about the Lumia phones, and nearly half of current smartphone users say they would consider switching to a Windows-based device. Many have used Windows software on their PCs for years, and are comfortable with the popular “tiled” interface, which may prove a strong draw for the new phones.

Microsoft knows that despite its popularity with PC users, it will have to come out swinging to lure customers away from their current smartphones to the company’s own OS, and it seems to be employing several clever, low-level tactics to do just that.

If these recent actions are any indication, the road leading up to the U.S. launch of Nokia’s Windows-based Lumia phones may be a bumpy one for Android.

Want the scoop on mobile news? Subscribe to our Facebook or Twitter page. This post originally appeared at Mobiledia.

Article source:

View full post on National Cyber Security » Virus/Malware/Worms

‘Duqu’ zero-day Windows flaw patched this week

Microsoft will tomorrow patch the zero-day kernel Word vulnerability exploited by the mysterious Duqu malware, more than a month after its existence was first made public.

In a pre-release draft covering the 13 December Patch Tuesday release that excluded helpful security bulletin numbers, Microsoft appears to have slipped in a fix for the elevation of privilege flaw (CVE-2011-3402) in Win32k TrueType font parsing engine hijacked by Duqu.

Microsoft responded within a week of the flaw becoming public in early November with a potentially inconvenient workaround that disabled some elements of TrueType, although Duqu itself was quickly detectible by security software from a range of vendors.

All versions of Windows from XP onwards will need to be patched for the flaw.  In total, Microsoft will use the Christmas 2011 Patch Tuesday to fix 20 vulnerabilities across 14 updates, three of which have been marked ‘critical’.

Zero-day vulnerabilities with a hook into the Windows kernel are a rarity these days and Duqu’s use of it has attracted considerable comment, including speculation linking it to the Stuxnet malware that believed to have been created to disrupt Iran’s nuclear programme.

Separately, Adobe will next week patch a zero-day flaw of its own, the recently discovered issue in Reader X 10.1.1 (CVE-2011-2462) and earlier versions of Reader 9.4.6, an exploit for which is now circulating in the wild as part of targeted attacks, the company indicated.

Users of Reader X will have been protected against the full blast form this exploit by the software’s sandboxing feature.

Article source:

View full post on National Cyber Security » Computer Hacking

RSA security lapse in turning DEP on to protect Windows XP led to March hack

The attack that hacked RSA Security’s network earlier this year succeeded because the company failed to take a basic security precaution, a researcher said Monday.

According to Rodrigo Branco, the director of Qualys’ vulnerability and malware research labs, the malware targeted the decade-old Windows XP.

“The feeling is the target[ed PC] was running Windows XP SP3 … with all the patches,” said Branco in emailed answers to questions.

The problem, said Branco, is that while Windows XP includes the DEP (data execution prevention) defensive technology -Microsoft added DEP to XP in 2004 with Service Pack 2 – it’s not switched on by default.

And RSA apparently neglected to turn it on.

Branco based his bet on his investigation into the exploit code that RSA confirmed had been used to break into its network.

That code exploited a then-unpatched vulnerability in Adobe Flash Player – Adobe quashed the bug Mach 21, four days after RSA acknowledged the attack – and followed by infecting the target PC with a customised variant of the Poison Ivy remote administration tool (RAT).

Windows XP still popular target

Branco eliminated Windows Vista and Windows 7 from the list of targeted operating systems because both enable DEP by default. DEP would have stymied the exploit from executing, he said.

Additionally, the exploit code would not execute on a Windows 7 PC because of changes to the kernel in that edition.

Targeting Windows XP is still a popular pastime for hackers. The “Aurora” campaign that breached Google’s network – and led it to threaten to pull its operations from the People’s Republic of China – and dozens of other Western companies also aimed to subvert Windows XP systems .

Branco believes that the RSA attackers either pegged the security firm as running Windows XP or simply assumed that the company, like many others, still relied on the aged operating system.

“This isn’t difficult information to get from companies,” said Branco. “Programs like browsers leak this information all the time.”

There is an outside chance that the RSA attack did compromise a Windows Vista or Windows 7 machine, Branco said, noting that his research showed the exploit could have been modified to execute on those versions.

But he ultimately rejected that possibility.

Upgrading’s the best prevention

“I don’t think it was [modified to work on Vista or Windows 7], because apparently the exploit was re-used as is,” Branco said, referring to the Flash exploit tucked into an Excel spreadsheet, the identified infection vector for the attack.

RSA could have prevented the expensive breach – it spent £42 million ($66 million) replacing customers’ SecurID tokens – by either migrating its Windows XP machines to a newer OS, by isolating those XP PCs, or by enabling DEP on them, Branco concluded.

Microsoft implicitly agreed last spring when it said that the Excel-based attack could not have worked on PCs running Office 2010, which automatically enables DEP.

Microsoft also published a security advisory shortly after RSA confirmed the attack, telling users that they could protect their PCs by switching on DEP in older versions of Office using the Enhanced Mitigation Experience Toolkit (EMET).

Instructions for switching on DEP in Windows XP SP2 and SP3 are available on Microsoft’s website.

Researchers suspect that the RSA attack originated in China, based on the location of the malware’s command-and-control (CC) servers and other evidence.

RSA did not immediately reply to a request for comment or confirmation of Branco’s analysis.

Article source:

View full post on National Cyber Security » Computer Hacking

Windows Phone privacy issues investigated by regulators

Microsoft have announced that Windows Phone is being investigated by regulators regarding what kind of oversight is in place to make sure mobile applications don’t encroach on user privacy rights.

Regulators have made some inquiries at Microsoft about the role the company plays in monitoring privacy policies of apps on Windows Phones, said Mary Newcomer Williams, the Microsoft attorney. “Suddenly, they’re realising this is something they should be concerned about but they’re not sure how to tackle it,” she said. “Regulators are interested in looking to platform providers to play an enforcement role in this space.” That’s because there are so many mobile applications that it would be a major undertaking for regulators to oversee all of them.

But Microsoft doesn’t particularly want to play that role, she said. “On the platform provider side, we aren’t really equipped to do that kind of enforcement either,” she said. “We enable the download of a file to the phone. We don’t know where it connects to and what data might come off the phone. So the idea that we might enforce a privacy policy that gets the right kind of consent, it’s hard to imagine how you can do it.”

Third party

She suggests that the best solution might be for a third-party organisation to educate application developers on proper privacy practices and possibly run a certification programme to demonstrate that apps comply with set requirements.

Williams spoke on November 14 in Seattle at a conference put on by Law Seminars International about legal issues in mobile broadband.

Most operating system developers have privacy policies but accountability isn’t clear, said Chetan Sharma, principal at Chetan Sharma Consulting. If an application does encroach on a user’s privacy, it’s not clear who is to blame.

Part of the problem is that clear regulations don’t exist about what kinds of privacy rights mobile users have. That’s an indication of how new the market is, Sharma noted. Until a few years ago, there wasn’t a vibrant mobile application market, and laws that regulate that market don’t exist yet.

Some operating system providers like Microsoft and Apple set privacy requirements for applications and approve applications before they can enter their respective app stores. Google, however, has a much more hands-off approach where it has defined some policies but it doesn’t serve as a gatekeeper. Developers can upload any application to the Android Market, but Google will remove applications that are found to run afoul of the policies.

Regional variations

Another new legal issue faced by Microsoft and other mobile software developers is complying with the many different regulatory regimes around the globe that apply to cloud-based services that users access from their smartphones.

Just a few years ago, Microsoft would sell its mobile operating system to an OEM and say “ship where you want and compliance is your problem,” Williams said. Now, however, the operating system includes hooks back to services that Microsoft is delivering to the end users like search. That means Microsoft must be sure to comply with local regulations.

When Windows Phone first launched, it became available in 35 countries and Microsoft didn’t necessarily want to build to the lowest common denominator, she said. With the newest version of the software, the company plans to expand into many more countries, she said. To address this issue, Microsoft worked to “build in switches” in the most sensitive services so that they can be easily turned off based on regulations in specific geographic regions, she said.

Article source:

View full post on National Cyber Security » Computer Hacking

Gregory Evans | LinkedIn

Interview With Gregory Evans

Gregory Evans Security Expert

Gregory Evans on Cyber Crime

How to Remove Malware From Your Windows PC

Is your computer running slower than usual? Are you getting lots of pop-ups? Have you seen other weird problems crop up? If so, your PC might be infected with a virus, spyware, or other malware–even if you have an antivirus program installed on it. Though other problems, such as hardware issues, can produce similar symptoms, it’s best to check for malware if you aren’t sure. But you don’t necessarily need to call tech support or the geek across the street to scan for malware–I’ll show you how to do it yourself.

Step 1: Enter Safe Mode

Keep your PC disconnected from the Internet, and don’t use it until you’re ready to clean your PC. This can help prevent the malware from spreading and/or leaking your private data.

If you think your PC may have a malware infection, boot your PC into Microsoft’s Safe Mode. In this mode, only the minimum required programs and services are loaded. If any malware is set to load automatically when Windows starts, entering in this mode may prevent it from doing so.

To boot into Windows Safe Mode, first shut down your PC. Locate the F8 key on your PC’s keyboard; turn the PC on; and as soon as you see anything on the screen, press the F8 key repeatedly. This should bring up the Advanced Boot Options menu; there, select Safe Mode with Networking and press Enter.

You may find that your PC runs noticeably faster in Safe Mode. This could be a sign that your system has a malware infection, or it could mean that you have a lot of legitimate programs that normally start up alongside Windows.

Step 2: Delete Temporary Files

Now that you’re in Safe Mode, you’ll want to run a virus scan. But before you do that, delete your temporary files. Doing this may speed up the virus scanning, free up disk space, and even get rid of some malware. To use the Disk Cleanup utility included with Windows, select Start, All Programs (or just Programs), Accessories, System Tools, Disk Cleanup.

Step 3: Download Malware Scanners

Now you’re ready to have a malware scanner do it’s work–and fortunately, running a scanner is enough to remove most infections. If you already had an antivirus program active on your computer, you should use a different scanner for this malware check, since your current antivirus software may have not detected the malware. Remember, no antivirus program can detect 100 percent of the millions of malware types and variants.

There are two types of antivirus programs. You’re probably more familiar with real-time antivirus programs, which constantly watch for malware. Another option is on-demand scanners, which search for malware infections when you open the program manually and run a scan. You should have only one real-time antivirus program installed at a time, but you can keep a few on-demand scanners handy to run scans with multiple programs, thereby ensuring that you’re covered.

If you think your PC is infected, I recommend using an on-demand scanner first and then following up with a full scan by your real-time antivirus program. Among the free (and high-quality) on-demand scanners available are BitDefender Free Edition, Kaspersky Virus Removal Tool, Malwarebytes, Norman Malware Cleaner, and SuperAntiSpyware.

Step 4: Run a Scan With Malwarebytes

For illustrative purposes, I’ll describe how to use the Malwarebytes on-demand scanner. To get started, download it. If you disconnected from the Internet for safety reasons when you first suspected that you might be infected, reconnect to it so you can download, install, and update Malwarebytes; then disconnect from the Internet again before you start the actual scanning. If you can’t access the Internet or you can’t download Malwarebytes on the infected computer, download it on another computer, save it to a USB flash drive, and take the flash drive to the infected computer.

After downloading Malwarebytes, run the setup file and follow the wizard to install the program. Once installed, Malwarebytes will check for updates and launch the app itself. If you get a message about the database being outdated, select Yes to download the updates and then click OK when prompted that they have been successfully installed.

Once the program opens, keep the default scan option (‘Perform quick scan’) selected and click the Scan button.

Starting the scan in Malwarebytes.

Though it offers a full-scan option, Malwarebytes recommends that you perform the quick scan first, as that scan usually finds all of the infections anyway. Depending on your computer, the quick scan can take anywhere from 5 to 20 minutes, whereas the full scan might take 30 to 60 minutes or more. While Malwarebytes is scanning, you can see how many files or objects the software has already scanned, and how many of those files it has identified either as being malware or as being infected by malware.

If Malwarebytes automatically disappears after it begins scanning and won’t reopen, you probably have a rootkit or other deep infection that automatically kills scanners to prevent them from removing it. Though you can try some tricks to get around this malicious technique, you might be better off reinstalling Windows after backing up your files (as discussed later), in view of the time and effort you may have to expend to beat the malware.

If Malwarebytes’ quick scan doesn’t find any infections, it will show you a text file containing the scan results. If you still think that your system may have acquired some malware, consider running a full scan with Malwarebytes and trying the other scanners mentioned earlier. If Malwarebytes does find infections, it’ll bring up a dialog box warning you of the discovery. To see what suspect files the scanner detected, click the Scan Results button in the lower right. It automatically selects to remove the ones that are known to be dangerous. If you want to remove other detected items, select them as well. Then click the Remove Selected button in the lower left to get rid of the specified infections.

Removing infections in Malwarebytes.

After removing the infections, Malwarebytes will open a text file listing the scan and removal results; skim through these results to confirm that the antivirus program successfully removed each item. Malwarebytes may also prompt you to restart your PC in order to complete the removal process, which you should do.

If your problems persist after you’ve run the quick scan and it has found and removed unwanted files, consider running a full scan with Malwarebytes and the other scanners mentioned earlier. If the malware appears to be gone, run a full scan with your real-time antivirus program to confirm that result.

Article source:

View full post on National Cyber Security » Virus/Malware/Worms

Gergory Evans

(1) HIGH: Microsoft Windows Kernel TrueType Font Parsing Vulnerability

Category: Widely Deployed Software


  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7

View full post on @RISK: The Consensus Security Alert

View full post on National Cyber Security

(2) HIGH: Microsoft Windows Windows Kernel Networking Vulnerability

Category: Widely Deployed Software


  • Windows Vista
  • Windows Server 2008
  • Windows 7

View full post on @RISK: The Consensus Security Alert

View full post on National Cyber Security

Gergory Evans

Update: Duqu exploits zero-day flaw in Windows kernel

Computerworld – The Duqu trojan infects systems by exploiting a previously unknown Windows kernel vulnerability that is remotely executable, security vendor Symantec said today.

Symantec said in a blog post that CrySys, the Hungarian research firm that discovered the Duqu Trojan earlier this month, has identified a dropper file that was used to infect systems with the malware.

The installer file is a malicious Microsoft Word document designed to exploit a zero-day code execution vulnerability in the Windows kernel.

“When the file is opened, malicious code executes and installs the main Duqu binaries” on the compromised system, Symantec said.

According to Symantec, the malicious Word document in the recovered installer appears to have been specifically crafted for the targeted organization. The file was designed to ensure that Duqu would only be installed during a specific eight-day window in August, Symantec noted.

No known workarounds exist for the zero-day vulnerability that Duqu exploits. The installer that was recovered is one of several that may have been used to spread the Trojan.

It is possible that other methods of infection are also being used to spread Duqu, Symantec noted.

Jerry Bryant, Microsoft’s Trustworthy Computing group manager, said that the company is working “diligently” to address the issue.

“Microsoft is collaborating with our partners to provide protections for a vulnerability used in targeted attempts to infect computers with the Duqu malware,” Bryant said in an email.

The company will issue a security update to address the vulnerability “through our security bulletin process,” Bryant said.

The Duqu trojan was discovered earlier this month by CrySys and has garnered considerable attention because of its supposed link to last year’s Stuxnet worm that was used to disrupt industrial control equipment at Iran’s Natanz nuclear facility.

Symantec, one of the first researchers to release a detailed analysis of the Duqu malware, has labeled it a precursor to the next Stuxnet because of what it said are similarities in code and function.

Symantec said that its researchers determined that Duqu was likely created by Stuxnet’s authors, and was designed specifically to steal information from vendors of industrial control systems.

The company said it believes the information gathered from the systems will be used to craft another Stuxnet-like worm.

In today’s update, Symantec noted that once Duqu gains a foothold in an organization, it can be remotely commanded to infect other systems.

In one of the six organizations that are confirmed to have been infected by the malware, attackers remotely ordered Duqu to spread by using the Server Message Block protocol used for file and printer sharing functions, Symantec said.

In some cases, computers infected with Duqu did not have the ability to communicate with a central command and control server, so the malware was configured to use a file-sharing protocol to communicate with another compromised computer on the same network that could to connect to a server.

Article source:

View full post on National Cyber Security » Announcements

Page 10 of 13« First...«89101112»...Last »

My Twitter

Gregory D. Evans On Facebook