Reversing some WordPress malware

Reversing some WordPress malware

Aug 2016 update: Back in 2015, some kind of spam bot wormed its way into my site. I quickly cleaned it up, then decoded the attack and posted details here. Not long after, the spambot started directing traffic to this post, because it contains enough of the magic words, I guess. Only instead of serving up spam, it’s serving up my analysis. I’d rather you read this than spam, so I’ve left this page up.

On to the original post…

A few minutes ago I received an alert that some files had changed on my site (thanks to All-In-One WP Security). But I hadn’t changed anything and WordPress hadn’t updated itself.

Here’s what I found, and how I fixed it.

Read more

How I turned a junker PC into a trap for scammers

Note: I wrote this almost a year ago. It wasn’t good enough to publish then, I thought. This week I’m slammed, and it’s better than anything I can write this week, so, it’s time to release it. -Dave

As my regulars will be aware, for the past few weeks I’ve been getting lots of phone calls from “Peggy” from “Computer Maintenance Department.” What I’ve found during these phone calls is that debating with them does no good, and saying that your computer is crazy fast gets them to hang up on you, but they’ll call back again in a few days anyway.

Last week, I had lunch with a group of future coworkers–I’ll be joining them once my background check results come in–and I mentioned these phone calls. The guy sitting across the table from me said he wants their malware, so he can reverse-engineer it. So I said I would cooperate the next time I got a phone call. Read more

This “Computer Maintenance Department” sure doesn’t know much about computer maintenance

“Peggy” from “Computer Maintenance Department” (1-645-781-2458 on my caller ID) called again. Lots of people are aware of these phone calls. They call, make vague claims about receiving a report that your computer is running slow and giving you errors, and are very careful not to say who they are or who they work for. Usually I just do whatever I can to get them off the phone.

But after having lunch with some other computer security professionals last week, a couple of them talked me into finding out how these guys operate. So I fired up a PC that turned out to have a real, legitimate issue. After resolving that issue myself, I turned the caller loose on my semi-functional PC so I could see what these scammers actually do. He had me connect to Teamviewer.com and run their remote access software. I followed his instructions, watched him connect, then slyly unplugged my network cable.

When my network connection dropped, “Peggy” quickly transferred me to a “senior technician” who used the name “Roy.” Read more

Antivirus progress

When Microsoft Security Essentials first came out, it was an improvement in antivirus performance. Now, it’s middle of the pack, according to PC Magazine. That’s great. Vendors are finally taking performance seriously.

What that means is that by replacing MSE with F-Secure Anti-Virus 2013, Kaspersky Anti-Virus (2013), Sophos Anti-Virus 10.2, ESET NOD32 Antivirus 6, Norton Antivirus (2013), Avast Free Antivirus 8, or Bitdefender Antivirus Plus 2013, you can speed up your computer. Considering Norton Antivirus was once bottom-of-the-barrel in the performance arena, I see this as a good thing.

Of the bunch, Avast is the only freebie. Though if your ISP offers one of the others as part of your subscription, or you don’t mind paying for antivirus, the others are an option. But maybe, just maybe, if I replace Microsoft Security Essentials with Avast, Peggy will quit calling me at dinnertime and telling me my computer is slow. But I doubt it. Read more

The best free antivirus

I’ve been re-evaluating free antivirus programs in an effort to find the best free antivirus. I think Microsoft Security Essentials is adequate if you don’t engage in risky behavior, and it doesn’t nag and doesn’t expire, both of which are good things. The best detection in the world is no good to you the day after it expires.

If you want something better, the place to look is AV-Comparative’s most recent test. In that roundup, I see four serious contenders: Bitdefender, Avira, Avast, and AVG. Those are the only four programs available for free that passed all of their tests with at least one star. Read more

Bitdefender 60-second virus scan: a review

I mentioned Bitdefender 60-second virus scan the other day, but didn’t give it a proper review. It’s time I remedy that.

It’s a small 160K stub that downloads a few more megabytes worth of stuff after you run it. Unlike most other free antivirus apps, this one is intended to be secondary–a marketing tool to show you what your primary antivirus isn’t catching that Bitdefender would, I suppose. But I think it’s useful as a second line of defense, and recommend using it as such.

Read more

The men (boys) who spy on women through webcams

Ars Technica made a bit of a splash this week with this provocative headline. This is real.

The article gives the usual advice, like not opening e-mail from strangers, not clicking attachments from strangers, and not visiting dodgy websites. That’s all good advice, as is staying off torrent and other file sharing sites, but even all that is not enough.
Read more

Avast 8 is out and already well-regarded

Avast 8 is out, and the initial reviews are positive.

If you use Avast, either as your primary or as your secondary AV, updating it is a good idea. One critical improvement is that virus database updates happen more frequently now. There’s no such thing as too frequently when it comes to database updates.

How to save money on tech

CNN offered up some good tips on saving money on tech. But of course I want to analyze and comment on it myself. Anything else would be out of character. Here’s how I save money on tech.

Read more

Mobile malware is coming. Get prepared.

One thing I’m seeing in the predictions-for-2013 columns is that mobile malware is going to increase this year. While I can’t be certain it’s going to happen, all of the ingredients are there. The only thing stopping it is motive.

I’m familiar with Avast antivirus on Android. It’s nice. Whenever I download an app from the Google Play store, it scans it, and if it finds something it doesn’t like, it intervenes. Read more

WordPress Appliance - Powered by TurnKey Linux