Great report by Citizen Lab on FinSpy. Have a look into your logs based on the info below:
Here is a simple Python script which will output only American Standard Code for Information Interchange (ASCII) from Hex dump (hexadecimal view of computer data). Moreover, it is added up with the URL decode function. Personally, this script is very useful for me to perform analysis, eg. identify SQL injection parameter on the payloads captured by Snort.
Today we will learn about Python installation on Windows, where it will start from how to install Python on Windows and end with executing “Hello, World” in Python.
Download the latest version of Python from the official websites. To install it, just double click the .msi file (Microsoft Windows Installer). By default, Python installs to a directory with the version number embedded, e.g. C:\Python27\. To ensure we are able to run Python regardless of the working directory, we need to modify the PATH environment variable by adding in the directories for our default Python version. You can look for my earlier post to learn on how to set the PATH environment variable. We can also achieve this by including “Add python.exe to Path” feature during the installation.
So, we are now done with the installation. Let’s try to write our first simple program – “Hello, World”. Create a text file, and add in the line print “Hello, World”
Save the text file with file extension *.py. For my case, I named my file as “HelloWorld.py”. Execute the program by key in “python HelloWorld.py”
If you get “Syntax Error” when you try to run the program, please check on the version of Python which you are running.
For version 2.x – print “Hello, World”
For version 3.x – print (“Hello, World”)
For newbie like me, I prefer to use Pyhton 2.x first, as it is easier for me to get the tutorials.
According to Wikipedia:
“The %PATH% variable is specified as a list of one or more directory names separated by semicolon (;) characters. The Windows system directory (typically C:\WINDOWS\system32) is typically the first directory in the path, followed by many (but not all) of the directories for installed software packages. Many programs do not appear in the path as they are not designed to be executed from a command window, but rather from a Graphical User Interface. Some programs may add their directory to the front of the PATH variable’s content during installation, to speed up the search process and/or override OS commands.”
To set the PATH environment variable in Windows 7, you can follow the steps below (refer here):
(1) From the Desktop, right click Computer and click Properties.
(2) Go to Advanced System Settings and click on Environment Variables.
For instance, if your Python installation is in C:\Python27\, add C:\Python27\; to your PATH. Don’t forget to reboot your computer for the changes to take effect.
On January 23, GitHub had revealed its new search infrastructure which is powered by ElasticSearch. GitHub Inc. was founded in 2008 and it was the most popular open source code repository site as of May 2011.
Unfortunately, the new feature had been misused for malicious purposes. According to Help Net Security, a few individuals managed to obtain several private encryption keys and passwords via GitHub using this new search infrastructure. As highlighted by Sean Michael Kerner via InternetNews.com, it is NOT a GitHub’s security issue, as the search infrastructure is only expose what is already there.
I have tried the new search infrastructure on my own with the keyword “BEGIN RSA PRIVATE KEY“, and an interesting search result returned. Unfortunately, due to some “additional maintenance” by GitHub after they discovered this issue, I got a message “Nothing to see here yet. Move along.” when I wish to look further into the code.
For those who used to upload their code in GitHub, you are recommended to read the instructions provided by GitHub on removing sensitive data.
TrendLab had posted an article via its Security Intelligence Blog about malware infection via fake Java zero day fix. The team discovered that an unknown publisher had created a malware which tends to mislead the victim that it is a Java update, which is able to fix the Java zero day (CVE-2012-3174). Currently, the malicious website reported is [xxx]currencyreport.com/cybercrime-suspect-arrested/javaupdate11.jar. The fake Java fix javaupdate11.jar is detected by TrendMicro as JAVA_DLOADER.NTW while the malicious files downloaded by this malware are detected as BKDR_ANDROM.NTW.
In term of network traffic behaviour, JAVA_DLOADER.NTW will download up1.exe and up2.exe from [xxx]rencyreport.com/cybercrime-suspect-arrested/. It will also access lss.ini, ess.ini and igs.ini under the same URL to obtain the configuration files which contained information such as the file name, the URL of the files and the number of files. For BKDR_ANDROM.NTW, this backdoor will connect to [xxx]st.com/image.php to send and receive commands from a remote malicious user. It will also connect to update.microsoft.com to check for an Internet connection.
Please be on high alert if you detect such traffic! At the same time, always remind your end users to be more caution when they are updating the recent Java fix.
According to the latest update by Yahoo! Help on January 1, 2013, Yahoo finally got support for Hypertext Transfer Protocol Secure (HTTPS). But, not enabled by default. Please ensure that you enable it for your account right now!
How to Enable HTTPS for your Yahoo! Mail account?
(1) Once you sign in, click the gear icon in the upper right corner and select Mail Options.
(2) By default, you will now in the General menu. Scroll down, under Advanced Settings, check the box next to Turn on SSL.
According to Venkat, currently the browsers that support SSL for Yahoo Mail for Windows are:
- Internet Explorer 7.0 -10.0 and newer
- Chrome 5.0 and higher
- Firefox 3.5 and higher
- Safari 4.0 and newer
Till then, be safe on Internet!