21 December 2006
20 December 2006
14 December 2006
11 December 2006
08 December 2006
So I went to go and check the SANS site to see if my paper had been added and well, I couldn't wipe the grin off my face for the whole day. My paper ended up in the honors section of the GIAC site!
If anyone's interested the paper's titled "Securing Apache on Mac OS X", it covers securing OS X, Apache, PHP, mod_security, and setting up SSL.
You can find it online here: Securing Apache on OS X
Other news is, that I found out that I can send photo's from my cell phone, right onto this blog, so that's pretty cool, and hence the reason that I am updating this blog again, and why there are pictures of our 2 cats as well.
I'm hoping to put a load more articles up here in the near future as well, but I've also got a load of studying to do as well, as this coming Wednesday I'm sitting the Solaris 10 certification exam, well part one anyway. So wish me luck.
Well, let's see how long this round of blogging lasts shall we?
The Promise of Fever from the album "Damnation and a Day" by Cradle Of Filth
25 January 2006
18 January 2006
Installation to system Email-Worm.Win32.VB.bi is written in Visual Basic and compiled as p-code. The size of the main executable is about 95 kilobytes. When executed, it first copies itself to several locations: %Windows%\rundll16.exe %System%\scanregw.exe %System%\Update.exe %System%\Winzip.exe where '%Windows%' presents the system Windows folder. In Windows XP systems, it is usually C:\WINDOWS. '%System%' is the system32 folder. The worm installs the following registry key for ensuring it will be started on system startup: [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "ScanRegistry" = "%System%\scanregw.exe" Spreading in e-mails The worm collects e-mail addresses from files with following extensions: .HTM .DBX .EML .MSG .OFT .NWS .VC .MBX .IMH .TXT .MSF And from the files with the following string in name: CONTENT TEMPORARY The worm sends itself as attachment in the infected e-mail. The e-mail subject is one the following: The Best Videoclip Ever School girl fantasies gone bad A Great Video Fuckin Kama Sutra pics Arab sex DSC-00465.jpg give me a kiss *Hot Movie* Fw: Funny :) Fwd: Photo Fwd: image.jpg Fw: Sexy Re: Fw: Part 1 of 6 Video clipe You Must View This Videoclip! Miss Lebanon 2006 Re: Sex Video My photos The message body may be one of the following: Note: forwarded message attached. Hot XXX Yahoo Groups Fuckin Kama Sutra pics ready to be FUCKED ;) Note: forwarded message attached. forwarded message attached. VIDEOS! FREE! (US$ 0,00) i attached the details. Thank you. >> forwarded message ----- forwarded message ----- i just any one see my photos. It's Free :) The worm can attach itself as executable file. It uses one the following names in attachment: 007.pif School.pif 04.pif photo.pif DSC-00465.Pif image04.pif 677.pif New_Document_file.pif eBook.PIF document.pif DSC-00465.pIf Sometimes, the worm MIME-encodes the file. In these cases, the attachment name can be one of the following: Attachments.B64 3.92315089702606E02.UUE SeX.mim Original Message.B64 WinZip.BHX eBook.Uu Word_Document.hqx Word_Document.uu The filename inside MIME-encoding is one of the following: Attachments.B64 [spaces] .sCR 3.92315089702606E02.UUE [spaces] .sCR SeX,zip [spaces] .sCR WinZip.zip [spaces] .sCR ATT01.zip [spaces] .sCR WinZip.zip [spaces] .sCR Word.zip [spaces] .sCR Word XP.zip [spaces] .sCR Spreading in shared folders The worm searches for remote shared folders and tries to copy itself using one of the following filenames: \Admin$\WINZIP_TMP.exe \c$\WINZIP_TMP.exe \c$\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.exe Other details The worm attempts to disable several security-related programs.