Posts Tagged ‘network’

The not so “indestructible” botnet

Kaspersky Lab announced that a new botnet (an array of infected computers controlled by criminals), called TDL-4 is a serious attempt at making the botnet “indestructible”.

TDL-4 is the fourth generation of the botnet. The first TDL was born in 2008 and has been modified several times over the last years. Kaspersky announced that they have found that TDL-4 is colossal improvement over its predecessors.

On the SecureListblog experts wrote that:

The malware writers extended the program functionality, changed the algorithm used to encrypt the communication protocol between bots and the botnet command and control servers, and attempted to ensure they had access to infected computers even in cases where the botnet control centers are shut down. The owners of TDL are essentially trying to create an ‘indestructible’ botnet that is protected against attacks, competitors, and antivirus companies.”

According to Kaspersky Lab, an integral part of the TDL-4 upgrades is the improved encryption algorithm for the communications between the controlled computers and the botnet’s command.

To protect itself against anti-malware software, TDL-4 infects the master boot record, allowing it to run before the OS. What is even more interesting is that TDL-4 deletes other malicious files, thus preventing the AV software from alerting the user of the presence of any problems.

TDL-4 downloads fake AV programs, adware and a spambot known as Pushdo.

The biggest feature of TDL-4 is the fact that it uses the Kad network. Now botnets controlled through P2P are not something new, but most of the time they use protocol connections created by the cybercriminals. However, using a public P2P network to control the bontet is a whole different approach. Basically the botnet issues a command to create a new Kad P2P whose clients are only infected computers.

However, the most interesting part of TDL-4 is not its colossal improvement in comparison to its predecessors, it’s the panic that it caused. In the article on SecureList, the main accent was on the fact that:

The owners of TDL are essentially trying to create an ‘indestructible’ botnet that is protected against attacks, competitors, and antivirus companies.”

However, most reviewers either did not read the entire article (big mistake) or misinterpreted that particular sentence. The internet was flooded with articles which stated that the malware was indestructible and stuff like that, which is not true. TDL-4 is destructible. In fact, Kaspersky’s TDSS Killer can kill it quite easy.

In conclusion, we must state that we find it quite disturbing that the numerous recent attacks performed by various hacker groups have brought up so many insecurities not only among ordinary computer users, but among high-rated and respected media.

VN:F [1.9.18_1163]
Rating: 0.0/10 (0 votes cast)

Hide Shutdown and Logoff buttons in Start Menu

When we have to administrate an Windows System used by users which have to be able to do only some restricted jobs, we need to limit the actions which they can do.

If this machine is network connected, with started some network service, like web, printer, file ot any other type of server first and very important thing is to disable shuting down, restart and logoff the user.

To do this we have to Hide and Disable Shutdown and Logoff buttons in Windows Start Menu like shown in the picture below: Read the rest of this entry »

VN:F [1.9.18_1163]
Rating: 0.0/10 (0 votes cast)

Set Evolution Mail and Calendar to use proxy

In the last few years Evolution Mail and Calendar has become the standard email software coming with the most commonly used Linux Gnome based distributions like Ubuntu, Fedora Core, Arch Linux, Suse and much more. It became a standard in Gnome sometime in 2004 and has significantly increased its functionality for the last 5 years. []Evolution Mail and Calendar is now the package”s official title and as you can guess it gives you a variety of features available for personal organizer software. Evolution development is primarily sponsored by Novell. team has prepared other tutorials for our favorite email client. Check out our Evolution Mail and Calendar category

The prerequisites for this tutorial are to have Evolution Mail and Calendar installed and have at least one email account configured. Once you start the application go to the menus at the top of your screen and do as show on the picture. (Edit -> Preferences) Read the rest of this entry »

VN:F [1.9.18_1163]
Rating: 0.0/10 (10 votes cast)

How to Use or Get Dynamic IP Address for Host

If you are using Internet connection to your Internet service provider by a dialup, adsl or cable modem or you don”t have a static IP address, every time when you connect you probably get different (dynamic) IP address. If you want to play online games directly with your friend or want to use some network service like web server, mail server, ftp server or just need to connect to your PC outside through Remote Desktop this will be problem for you, because every time the network service will be with different IP Address.

If you in this situation, there is one solution for you – There is a free service, which give you a fixed sub domain name from DynDNS region and assign to this address your host, no matter what is current IP adress at each moment. Read the rest of this entry »

VN:F [1.9.18_1163]
Rating: 0.2/10 (10 votes cast)

How to change my MAC address in Windows XP

Today I have prepared a very basic but nevertheless useful tutorial for you all. Well It might not be useful everybody but since more and more network administrators enjoy deploying additional security policies in the segment they are responsible for one of the options they like is to apply MAC address filtering. If you are not completely familiar what the MAC address is I would recommend to spent some time to read this article What is MAC address.

Now it is time to begin with the step by step instructions. There are many different way that you can get to the LAN card properties but I have chosen for you the most straight forward approach. The first point is to get to the Network Connections screen. You can get there basically in few ways also.
Since i have on my desktop My Network Places icon I simply right click on it and go to Properties. Another way yo get to Network connections is from the Control Panel in Windows XP but in my personal opinion it takes too much clicks that way.

OK once you are there you have to choose the Network Connection that uses the NIC (Network Interface Card) that we need the MAC address changed. To get the tutorial more visual I have used Windows XP PC with only one LAN card and only one Network connection : the Local Area Connection. Read the rest of this entry »

VN:F [1.9.18_1163]
Rating: 0.0/10 (0 votes cast)

How to configure additional IP address in Linux

This tutorial will show you how to configure additional IP address on NIC under Red Hat Linux or Fedora Core.

The following procedure uses eth0 as an example for assigning a second TCP/IP address.

Use the following command to add the IP address: Read the rest of this entry »

VN:F [1.9.18_1163]
Rating: 7.5/10 (4 votes cast)