Malware Analysis Report
|
|
- Rose Kelley
- 8 years ago
- Views:
Transcription
1 NSHC Malware Analysis Report [ Xtreme RAT ] A server program of Xtreme RAT, a type of RAT (Remote Administration Tool), is distributed recently. The system which is infected with the server program becomes a client of attacker who control the system by remote control. The attacker can steal the information of the infected system such as inputting data from keyboard, MSN , and clipboard data. In the system that is suspected to be infected, countermeasures according to the action and treatment through A/V are required. Information Service about a new vulnerability Version 1.0 External 2014 Red Alert. All Rights Reserved.
2 Index 1. Malware Stub Technical Details Red Alert of Opinion Removal Recommendations Reference facebook.com/nshc.redalert 2014 Red Alert. All Rights Reserved. 1
3 Confidentiality Agreements This report was written from the Red Alert team. There is no problem user for research purpose, but we don t care about Legal responsibility. This code is a living document and will be updated from time to time. Please refer to the Red Alert SNS Page to download updates. ( Analysis reports that are updated on Facebook, including other materials and article, sample can offer premium services the ISAC on the page. ( facebook.com/nshc.redalert 2014 Red Alert. All Rights Reserved. 2
4 1. Malware Stub Malware Name pdfviewer.exe File Size 133,624 bytes MD5 50f7368f4b81d4c2891d7a890e8d5b44 Compiled Date :35:52 Etc N/A Table 1. File Info-1 Malware Name dmw.exe File Size 59,823 bytes MD5 c674a56b67332c033d1a041f32f0daac Compiled Date :22:17 Etc N/A Table 2. File Info-2 - dl.**********rcontent.com/s/pn*********5zhh/pdfviewer.exe Index Description OS Windows XP SP3 KR Browser Windows Internet Explorer 8 Table 3. Analysis Environment The malware runs by injecting its module to svchost.exe and explorer.exe. A dwm.exe is registered on Windows Auto-startup that it can the malware resides on the system. Figure 1. Drop Flow facebook.com/nshc.redalert 2014 Red Alert. All Rights Reserved. 3
5 This is a server which is connected with the malware information. Figure 2. IP Info-1 Figure 3. IP Info-2 The data of malware and Keylogging are stored in the specific folder. Figure 4. Malware Output Data facebook.com/nshc.redalert 2014 Red Alert. All Rights Reserved. 4
6 Also, users can see that explorer.exe is running more than one because the malware injects the module of explorer.exe. Figure 5. Injected Process When the infected explorer.exe is running, Windows that have the objects symbolizing the Xtreme RAT are created. Figure 6. Malware's Object facebook.com/nshc.redalert 2014 Red Alert. All Rights Reserved. 5
7 2. Technical Details The XtremeKeylogger created by the infected explorer.exe is registered as a clipboard viewer. Figure 7. Set Clipboard Viewer In XtremeKeylogger procedure, the routine exists that handling the message of WM_DRAWCLIPBOARD. The WM_DRAWCLIPBOARD occurs if the new data is generated to the clipboard. The data of clipboard can be checked in the Windows that is registered as the clipboard viewer. Figure 8. Branches 'WM_DRAWCLIPBOARD' In the routine of WM_DRAWCLIPBOARD message handling, it stores the Unicode text in the buffer. Figure 9. Get Clipboard Data The stored data is recorded separately in the file, and the file is as follows: - %APPDATA%\Microsoft\Windows\((Mutex)).dat - %APPDATA%\Microsoft\Windows\gzAdbdgue.dat Figure 10. Logging Data facebook.com/nshc.redalert 2014 Red Alert. All Rights Reserved. 6
8 The signatures that 0xAA, 0xFE is existed on the starting point in the data of file. And it is stored in single-byte encryption(xor 0x55) an Unicode characters excluding CRLF(Carriage Return Lin Feed : 0x0D, 0x0A) and 0x00. Figure 11. XOR Encode Routine The decoded data excluding the Unicode Text is as follows: Figure 12. Decoding Data facebook.com/nshc.redalert 2014 Red Alert. All Rights Reserved. 7
9 It attempts to hook the system using SetWindowsHookExW function on the XremeKeylogger windows made by the infected explorer.exe. Figure 13. Set Keyboard Hook A routine that processing of keyboard input message is existed on LowLevelKeyboardProc which is executing through global hooking. - WM_SYSKEYDOWN : Input System key - WM_KEYDOWN : Input Keyboard key Figure 14. Branches Key Down Messages It is divided the windows using Foreground Window. Figure 15. Get Foreground Wnd Caption facebook.com/nshc.redalert 2014 Red Alert. All Rights Reserved. 8
10 The time information is also recorded in the form of DATE_SHORTDATE along with the name of windows caption. Figure 16. Local Time Format It is saved the contents with single byte encryption (XOR 0x55) in the keylogging data file the same way as Clipboard Hooker. The decoded data excluding the Unicode type is same the below. Figure 17. Key Logging Data The keylogging data file is sent with the clipboard data to FTP Server. Figure 18. Logging File Transfer facebook.com/nshc.redalert 2014 Red Alert. All Rights Reserved. 9
11 It attempts to hook the system using SetWindowsHookExW function on the XremeKeylogger windows made by the infected explorer.exe. Figure 19. Set Mouse Hook A routine that processing of mouse input message is existed in LowLevelMouseProc. - WM_LBUTTONDOWN : Click the left button of mouse - WM_RBUTTONDOWN : Click the right button of mouse - WM_MBUTTONDOWN : Click the wheel of mouse - WM_LBUTTONDBLCLK : Double click the left button of mouse - WM_RBUTTONDBLCLK : Double click the right button of mouse Figure 20. Branches Mouse Click Messages It is also divided the windows using Foreground Window. Figure 21. Get Foreground Wnd Caption facebook.com/nshc.redalert 2014 Red Alert. All Rights Reserved. 10
12 By using BtiBlt function, it captures the screen contents in the memory. Figure 22. Screen Capture The captured screen is stored as a.jpg. Figure 23. Saved Capture facebook.com/nshc.redalert 2014 Red Alert. All Rights Reserved. 11
13 3. Red Alert of Opinion The RAT (Remote Administration Tool) can do Capture screen, Keylogging, Steal clipboard data, proxy server, handle process, handle windows, and handle registry. The case to exploit for stealing the personal information is increasing. Please note the damage of RAT.. 4. Removal Recommendations By releasing the check box of Hide protected operation system files (Recommended) and applying Show hidden files and folders in the folder option of Windows Explorer. After this, please delete the files are as follows: - %APPDATA%\Microsoft\Windows\((Mutex)).cfg - %APPDATA%\Microsoft\Windows\((Mutex)).dat - %APPDATA%\Microsoft\Windows\gzAdbdgue.cfg - %APPDATA%\Microsoft\Windows\gzAdbdgue.dat - %APPDATA%\Microsoft\Windows\gzAdbdgue.xtr - %APPDATA%\System\dmw.exe Figure 24. Folder Option facebook.com/nshc.redalert 2014 Red Alert. All Rights Reserved. 12
14 Delete the registry related on the malware. - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name : HKLM Value Data : %APPDATA%\System\dmw.exe - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name : HKCU Value Data : %APPDATA%\System\dmw.exe - HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\ {54F31X8D-X7YK-MYWP-XFCM-1M6UNSJ65AWU} Name : StubPath Value Data : %APPDATA%\System\dmw.exe restart - HKCU\Software\gzAdbdgue - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows Value Name : Load - HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Value Name : Load Please get a thorough system examination by referring Reference. [1] Virus Total and treat the malware through A/V. facebook.com/nshc.redalert 2014 Red Alert. All Rights Reserved. 13
15 5. Reference [1] Virus Total d4cc62604a6a20/analysis/ [2] Xtreme RAT facebook.com/nshc.redalert 2014 Red Alert. All Rights Reserved. 14
This report is a detailed analysis of the dropper and the payload of the HIMAN malware.
PAGE 5 Check Point Malware Research Group HIMAN Malware Analysis December 12, 2013 Researcher: Overview This report is a detailed analysis of the dropper and the payload of the HIMAN malware. This malware
More informationUser Guide - escan for Linux File Server
1 User Guide - escan for Linux File Server 2 I. Required escan for Linux RPMS / Debian packages RPM Package Name File name mwadmin mwav escan escan-rtm mwadmin-x.x-x..i386.rpm mwav-x.x-x.
More informationCloud Services Prevent Zero-day and Targeted Attacks
Cloud Services Prevent Zero-day and Targeted Attacks WOULD YOU OPEN THIS ATTACHMENT? 2 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS Duqu Worm Causing Collateral Damage in a Silent Cyber-War Worm exploiting
More informationVISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE. Summary. Distribution and Installation
VISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE Distribution: Merchants, Acquirers Who should read this: Information security, incident response, cyber intelligence staff Summary Kuhook
More informationHide and seek - how targeted attacks hide behind clean applications Szappanos Gábor
Hide and seek - how targeted attacks hide behind clean applications Szappanos Gábor Principal Malware Researcher 1 Honourable mentions: 2010. Stuxnet digitally signed drivers: stolen certificate June 2012.
More informationSHINOBOT/SHINOC2 MANUAL
SHINOBOT/SHINOC2 MANUAL Sh1n0g1 V E R : 1. 3. 2. 1 1 OVERVIEW ShinoBOT/ShinoC2 are penetration test tools for APT prevention. PURPOSE The purpose of ShinoBOT/ShinoC2 is to evaluate your protection against
More informationLatest Business Email Compromise Malware Found: Olympic Vision
A TrendLabs Report Latest Business Email Compromise Malware Found: Olympic Vision Technical Brief TrendLabs Security Intelligence Blog Jaaziel Carlos Junestherry Salvador March 2016 Introduction Olympic
More informationKASPERSKY FRAUD PREVENTION FOR ENDPOINTS
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com 2 Fraud Prevention for Endpoints KASPERSKY FRAUD PREVENTION 1. Ways of Attacking The prime motive behind cybercrime is making money, and today
More informationOperation Liberpy : Keyloggers and information theft in Latin America
Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation
More informationAdvanced Event Viewer Manual
Advanced Event Viewer Manual Document version: 2.2944.01 Download Advanced Event Viewer at: http://www.advancedeventviewer.com Page 1 Introduction Advanced Event Viewer is an award winning application
More informationRedline Users Guide. Version 1.12
Redline Users Guide Version 1.12 Contents Contents 1 About Redline 5 Timeline 5 Malware Risk Index (MRI) Score 5 Indicators of Compromise (IOCs) 5 Whitelists 5 Installation 6 System Requirements 6 Install
More informationAnVir Task Manager v5.2 User's Guide
AnVir Task Manager v5.2 User's Guide Introduction AnVir Security Suite is utility software that gives users a comprehensive set of tools to put them in full control of their computer. AnVir Security Suite
More informationVPS Hosting. The Guide to Bet Angel VPS. Getting started with Bet Angel VPS. Revised August 2013. Page 1
The Guide to Bet Angel VPS Getting started with Bet Angel VPS Revised August 2013 Page 1 Contents VPS Hosting Connecting to a Windows Server for the first time... 3 1 Ensuring that your Server has been
More informationRelease Notes for Websense Email Security v7.2
Release Notes for Websense Email Security v7.2 Websense Email Security version 7.2 is a feature release that includes support for Windows Server 2008 as well as support for Microsoft SQL Server 2008. Version
More informationSpyware Doctor Enterprise Technical Data Sheet
Spyware Doctor Enterprise Technical Data Sheet The Best of Breed Anti-Spyware Solution for Businesses Spyware Doctor Enterprise builds on the strength of the industry-leading and multi award-winning Spyware
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,
More informationSecuraLive ULTIMATE SECURITY
SecuraLive ULTIMATE SECURITY Home Edition for Windows USER GUIDE SecuraLive ULTIMATE SECURITY USER MANUAL Introduction: Welcome to SecuraLive Ultimate Security Home Edition. SecuraLive Ultimate Security
More informationSSH Secure Client (Telnet & SFTP) Installing & Using SSH Secure Shell for Windows Operation Systems
SSH Secure Client (Telnet & SFTP) Installing & Using SSH Secure Shell for Windows Operation Systems What is SSH?: SSH is an application that protects the TCP/IP connections between two computers. The software
More informationGlobal Image Management System For epad-vision. User Manual Version 1.10
Global Image Management System For epad-vision User Manual Version 1.10 May 27, 2015 Global Image Management System www.epadlink.com 1 Contents 1. Introduction 3 2. Initial Setup Requirements 3 3. GIMS-Server
More informationAdvanced Malware Cleaning Techniques for the IT Professional
Advanced Malware Cleaning Techniques for the IT Professional Mark Russinovich Microsoft Technical Fellow This section of the Microsoft Security Intelligence Report provides information and guidance for
More informationViRobot Management System 4.0
USER GUIDE As this document is the property of HAURI Inc., Unauthorized distribution or leaking of this document is prohibited. Copyright c HAURI Inc 2 Contents 1. ViRobot Management System 4.0... 5 1.1
More informationViRobot Desktop 5.5. User s Guide
ViRobot Desktop 5.5 User s Guide ViRobot Desktop 5.5 User s Guide Copyright Notice Copyright 2007 by HAURI Inc. All rights reserved worldwide. No part of this publication or software may be reproduced,
More informationSophos Endpoint Security and Control Help. Product version: 11
Sophos Endpoint Security and Control Help Product version: 11 Document date: October 2015 Contents 1 About Sophos Endpoint Security and Control...5 2 About the Home page...6 3 Sophos groups...7 3.1 About
More informationKaseya 2. User Guide. Version 7.0. English
Kaseya 2 Remote Control Tools User Guide Version 7.0 English December 22, 2014 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept
More informationXI'AN NOVASTAR TECH CO., LTD
Notes and FAQ 1 Some conflicts between decoders may cause media play error. Do not install decoders or media players arbitrary. They may conflict with each other and thus cause errors when NovaStudio plus
More informationDesktop Release Notes. Desktop Release Notes 5.2.1
Desktop Release Notes Desktop Release Notes 5.2.1 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval
More informationDetecting Malware With Memory Forensics. Hal Pomeranz SANS Institute
Detecting Malware With Memory Forensics Hal Pomeranz SANS Institute Why Memory Forensics? Everything in the OS traverses RAM Processes and threads Malware (including rootkit technologies) Network sockets,
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Secure Bytes, October 2011 This document is confidential and for the use of a Secure Bytes client only. The information contained herein is the property of Secure Bytes and may
More informationOnline Payments Threats
July 3, 2012 Introduction...2 Tested Products...2 Used Configuration...3 Real Malware Inspiration...3 Total Scores Chart...4 Conclusion...4 About matousec.com...4 Detailed Descriptions of Tests...5 Detailed
More informationKaseya 2. User Guide. Version R8. English
Kaseya 2 Remote Control Tools User Guide Version R8 English December 22, 2014 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept
More informationSophos Endpoint Security and Control Help
Sophos Endpoint Security and Control Help Product version: 10.3 Document date: June 2014 Contents 1 About Sophos Endpoint Security and Control...3 2 About the Home page...4 3 Sophos groups...5 4 Sophos
More informationCloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer. [Restricted] ONLY for designated groups and individuals
Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer Facts 2 3 WOULD YOU OPEN THIS ATTACHMENT? 4 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS 5 Check Point Multi-Layered
More informationHoneyBOT User Guide A Windows based honeypot solution
HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3
More informationAlert (TA14-212A) Backoff Point-of-Sale Malware
Alert (TA14-212A) Backoff Point-of-Sale Malware Original release date: July 31, 2014 Systems Affected Point-of-Sale Systems Overview This advisory was prepared in collaboration with the National Cybersecurity
More informationPrinted Documentation
Printed Documentation Table of Contents K7AntiVirus Premium...1 K7AntiVirus Premium Help... 1 Feature Summary... 2 Online Help Conventions... 3 Managing the Alerts... 9 Configuring Alerts... 9 Backing
More informationContents Minimum Requirements... 2 Instructions... 2 Troubleshooting... 7
Emdeon Remote Desktop Services Contents Minimum Requirements... 2 Instructions... 2 Troubleshooting... 7 Minimum Requirements 1. A high-speed Internet connection. DSL or Cable Internet are recommended.
More informationSecurepoint Security Systems
HowTo: VPN with OpenVPN, certificates and OpenVPN-GUI Securepoint Security Systems Version 2007nx Release 3 Contents 1 Configuration on the appliance... 4 1.1 Setting up network objects... 4 1.2 Creating
More informationCONNECT-TO-CHOP USER GUIDE
CONNECT-TO-CHOP USER GUIDE VERSION V8 Table of Contents 1 Overview... 3 2 Requirements... 3 2.1 Security... 3 2.2 Computer... 3 2.3 Application... 3 2.3.1 Web Browser... 3 2.3.2 Prerequisites... 3 3 Logon...
More informationKaspersky Security 9.0 for Microsoft SharePoint Server Administrator's Guide
Kaspersky Security 9.0 for Microsoft SharePoint Server Administrator's Guide APPLICATION VERSION: 9.0 Dear User! Thank you for choosing our product. We hope that this document will help you in your work
More informationBe Prepared for Java Zero-day Attacks
Threat Report Be Prepared for Java Zero-day Attacks Malware Analysis: Malicious Codes spread via cloud-based data storage services December 19, 2013 Content Overview... 3 Distributing Malicious E-mails
More informationBest Practices for Deploying Behavior Monitoring and Device Control
Best Practices for Deploying Behavior Monitoring and Device Control 1 Contents Overview... 3 Behavior Monitoring Overview... 3 Malware Behavior Blocking... 3 Event Monitoring... 4 Enabling Behavior Monitoring...
More informationRemote Access and Control of the. Programmer/Controller. Version 1.0 9/07/05
Remote Access and Control of the Programmer/Controller Version 1.0 9/07/05 Remote Access and Control... 3 Introduction... 3 Installing Remote Access Viewer... 4 System Requirements... 4 Activate Java console...
More informationWEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project
WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure
More informationE-Map Application CHAPTER. The E-Map Editor
CHAPTER 7 E-Map Application E-Map displays the monitoring area on an electronic map, by which the operator can easily locate the cameras, sensors and alarms triggered by motion or I/O devices. Topics discussed
More informationRelease Notes, February 2009
Release Notes, February 2009 Contents New Design... 2 Drag & Drop File Transfer... 2 Remote Sound... 3 Settings on the Remote Control Toolbar... 3 Remote Sound Preferences... 3 Increased Control over Remote
More informationFor keyboard and touchscreen BlackBerry devices User manual
TSMobiles Terminal Service client for Mobiles For keyboard and touchscreen BlackBerry devices User manual Introduction... 3 System Requirements... 3 1. Configuring Remote Desktop on computer... 4 2. Installation...
More informationLogMeIn Rescue+Mobile for Android
LogMeIn Rescue+Mobile for Android Contents How to Connect to an Android Device...3 How to Start a Code Session on an Android Device...4 How to Chat with the Customer...5 How to Manage Files on a Customer's
More informationShinoBOT ShinoC2. Can you prevent APT like me? Author: Shota Shinogi. - the pentest tool to measure the defense against APT/RAT -
ShinoBOT ShinoC2 Can you prevent APT like me? - the pentest tool to measure the defense against APT/RAT - Author: Shota Shinogi 1 >whoami Name: Shota Shinogi pronounce: ʃota ʃinogi @sh1n0g1 work in the
More informationNet Protector Admin Console
Net Protector Admin Console USER MANUAL www.indiaantivirus.com -1. Introduction Admin Console is a Centralized Anti-Virus Control and Management. It helps the administrators of small and large office networks
More informationMicrosoft Labs Online
Microsoft Labs Online Self-Service Student Guide Welcome to Microsoft Labs Online powered by Xtreme Velocity. This document provides stepby-step instructions on how to: Create an account. Use your virtual
More informationescan Corporate Edition User Guide
Anti-Virus & Content Security escan Corporate Edition (with Hybrid Network Support) User Guide www.escanav.com sales@escanav.com The software described in this guide is furnished under a license agreement
More informationHP ProtectTools Embedded Security Guide
HP ProtectTools Embedded Security Guide Document Part Number: 364876-001 May 2004 This guide provides instructions for using the software that allows you to configure settings for the HP ProtectTools Embedded
More informationWhat is WS_FTP? How WS_FTP Works
What is WS_FTP? WS_FTP is the leading file transfer client with millions of users worldwide. You can easily and securely transfer files between your home and office and to and from customers, clients,
More informationHow to remove Encrypted File guide. How to manually remove Encrypted File
How to remove File guide This guide can be used only by Advanced PC users! If you are not an Advanced PC user, you can harm your PC. For fast and easy File removal you can download OSHI Defender. DOWNL
More informationTeamViewer 10 Manual Remote Control
TeamViewer 10 Manual Remote Control Rev 10.3-201506 TeamViewer GmbH Jahnstraße 30 D-73037 Göppingen www.teamviewer.com Table of contents 1 About TeamViewer 5 1.1 About the software 5 1.2 About the manual
More informationAppendix E. Captioning Manager system requirements. Installing the Captioning Manager
Appendix E Installing and configuring the Captioning Manager The Mediasite Captioning Manager, a separately sold EX Server add-on, allows users to submit and monitor captioning requests through Automatic
More informationMicrosoft Labs Online
Microsoft Labs Online Self-Service Student Guide Welcome to Microsoft Labs Online powered by Xtreme Velocity. This document provides stepby-step instructions on how to: Create an account. Use your virtual
More informationHow To Use Secureanything On A Mac Or Ipad (For A Mac)
User Guide for Mac OS X Copyright Webroot SecureAnywhere User Guide for Mac OS X March, 2013 2012-2013 Webroot Software, Inc. All rights reserved. Webroot is a registered trademark and SecureAnywhere is
More informationdotdefender for IIS User Guide dotdefender for IIS - Manual Version 1.0
dotdefender for IIS User Guide dotdefender for IIS - Manual Version 1.0 Table of Contents Chapter 1 Introduction... 5 1.1 Overview... 5 1.2 Components... 5 1.3 Benefits... 6 1.4 Organization of this Guide...
More informationWhat is new in Switch 12
What is new in Switch 12 New features and functionality: Remote Designer From this version onwards, you are no longer obliged to use the Switch Designer on your Switch Server. Now that we implemented the
More informationConnectIT. How to Connect and End a Remote Support Session. (for Windows & IE / Firefox)
Information Technology Services Page 1 of 7 ConnectIT How to Connect and End a Remote Support Session (for Windows & IE / Firefox) This document shows how to respond to a remote support request from ITS
More informationWEB ATTACKS AND COUNTERMEASURES
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationAdvancements in Botnet Attacks and Malware Distribution
Advancements in Botnet Attacks and Malware Distribution HOPE Conference, New York, July 2012 Aditya K Sood Rohit Bansal Richard J Enbody SecNiche Security Department of Computer Science and Engineering
More informationOutlook Web Access 2003 Remote User Guide
UNITED STATES COAST GUARD Outlook Web Access 2003 Remote User Guide Using Common Access Card Access TISCOM TIS-42 07/29/2008 Version 1.0 CAC Enabled Outlook Web Access CAC Enabled OWA is a way to view
More informationKeyloggers ETHICAL HACKING EEL-4789 GROUP 2: WILLIAM LOPEZ HUMBERTO GUERRA ENIO PENA ERICK BARRERA JUAN SAYOL
Keyloggers ETHICAL HACKING EEL-4789 GROUP 2: WILLIAM LOPEZ HUMBERTO GUERRA ENIO PENA ERICK BARRERA JUAN SAYOL Contents Abstract: Keyloggers... 3 Introduction... 3 History... 4 Security... 4 Implementation...
More informationGuidance for the verification of qualified digital signatures following Swiss signature law
Guidance for the verification of qualified digital signatures following Swiss signature law Swiss signature law (ZertES) is the legal basis for qualified digital signatures for details see http://www.admin.ch/ch/d/sr/c943_03.html.
More informationUser Guide for the Identity Shield
User Guide for the Identity Shield Copyright Webroot SecureAnywhere User Guide for the Identity Shield January, 2013 2013 Webroot Software, Inc. All rights reserved. Webroot is a registered trademark and
More informationOS Security. Malware (Part 2) & Intrusion Detection and Prevention. Radboud University Nijmegen, The Netherlands. Winter 2015/2016
OS Security Malware (Part 2) & Intrusion Detection and Prevention Radboud University Nijmegen, The Netherlands Winter 2015/2016 A short recap Different categories of malware: Virus (self-reproducing, needs
More informationVoice over IP. Orator Dictation Voice-over-IP Quick Start Installation Guide
Voice over IP Orator Dictation Voice-over-IP Quick Start Installation Guide Orator VoIP Installation Guide Overview This guide is intended to walk a user through the process of installing and configuring
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationBestSync Tutorial. Synchronize with a FTP Server. This tutorial demonstrates how to setup a task to synchronize with a folder in FTP server.
BestSync Tutorial Synchronize with a FTP Server This tutorial demonstrates how to setup a task to synchronize with a folder in FTP server. 1. On the main windows, press the Add task button ( ) to add a
More informationWindows Operating Systems. Basic Security
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
More informationRDM+ Desktop for Windows Getting Started Guide
RDM+ Remote Desktop for Mobiles RDM+ Desktop for Windows Getting Started Guide Introduction... 3 1. Installing RDM+ Desktop on a computer... 3 2. Preparing for remote connection... 4 3. RDM+ Desktop window...
More informationTroubleshooting OMERO
1 Troubleshooting OMERO If you have any problems with OMERO the following points may help you resolve them. Error reports The commonest form of error report is a pop-up in either OMERO.insight or OMERO.web.
More informationModule 5. Control Panel Utilities
Module 5 Control Panel Utilities Objectives 1. 1.5 Use Control Panel Utilities 2 CONTROL PANEL 3 Control Panel 1. Use Control Panel to change settings for Windows 2. Control nearly everything about how
More informationAppendix F: Instructions for Downloading Microsoft Access Runtime
Appendix F: Instructions for Downloading Microsoft Access Runtime The Consumer Products Reporting Tool is designed to work with Microsoft Access 2010 or later. For the best compatibility, please refer
More informationAXIS Camera Station Quick Installation Guide
AXIS Camera Station Quick Installation Guide Copyright Axis Communications AB April 2005 Rev. 3.5 Part Number 23997 1 Table of Contents Regulatory Information.................................. 3 AXIS Camera
More informationHow To Stop A Malware From Running On A Computer
A CUCKOO S EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND CONTAINMENT FOR LARGE NETWORKS CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS MALWARE
More informationChapter 8 Objectives. Chapter 8 Operating Systems and Utility Programs. Operating Systems. Operating Systems. Operating Systems.
Chapter 8 Objectives Chapter 8 s and Utility Programs Describe the two types of software Understand the startup process for a personal computer Describe the term user interface Explain features common
More informationProduct Guide. McAfee Endpoint Security 10
Product Guide McAfee Endpoint Security 10 COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee DeepSAFE,
More informationHow To Use An Apple Macbook With A Dock On Itunes Macbook V.Xo (Mac) And The Powerbar On A Pc Or Macbook (Apple) With A Powerbar (Apple Mac) On A Macbook
QNS OSX instructions. CONTENTS 1 The Apple and Finder 2 The Dock 3 Navigating OS X 4 System Preferences 1 OS X tutorial: the apple The apple menu The apple menu is hidden under the apple at the top left
More informationServer Internet Veiligheidspakket Administrator s guide. Administrator s Guide Internet Veiligheidspakket voor Server s
Server Internet Veiligheidspakket Administrator s guide Administrator s Guide Internet Veiligheidspakket voor Server s Server IVP Administrator s Guide Versie 1.0, d.d. 01-08-2011 Inhoudsopgave 1 Introduction...
More informationK7 Business Lite User Manual
K7 Business Lite User Manual About the Admin Console The Admin Console is a centralized web-based management console. The web console is accessible through any modern web browser from any computer on the
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationKaspersky Password Manager
Kaspersky Password Manager User Guide Dear User, Thank you for choosing our product. We hope that you will find this documentation useful and that it will provide answers to most questions that may arise.
More informationDetermining Your Computer Resources
Determining Your Computer Resources There are a number of computer components that must meet certain requirements in order for your computer to perform effectively. This document explains how to check
More informationMcAfee.com Personal Firewall
McAfee.com Personal Firewall 1 Table of Contents Table of Contents...2 Installing Personal Firewall...3 Configuring Personal Firewall and Completing the Installation...3 Configuring Personal Firewall...
More informationInstalling NetSupport School for use with the NetSupport School Student extension for Google Chrome
Installing NetSupport School for use with the NetSupport School Student extension for Google Chrome NetSupport School delivers the tools you need to help maximise the effectiveness of computer led teaching
More informationHallpass Instructions for Connecting to Mac with a Mac
Hallpass Instructions for Connecting to Mac with a Mac The following instructions explain how to enable screen sharing with your Macintosh computer using another Macintosh computer. Note: You must leave
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationZeroAccess. James Wyke. SophosLabs UK
ZeroAccess James Wyke SophosLabs UK Abstract ZeroAccess is a sophisticated kernel-mode rootkit that is rapidly becoming one of the most widespread threats in the current malware ecosystem. ZeroAccess ability
More informationUsing the CCNY Server Space with Secure Shell 3.0 for Windows Created by Doris Grasserbauer dgrasserbauer@ccny.cuny.edu
Using the CCNY Server Space with Secure Shell 3.0 for Windows Created by Doris Grasserbauer dgrasserbauer@ccny.cuny.edu Topics: 1. Logging on to the server space 2. How to create a new folder on the server
More informationPhysical Memory Standard Operating Procedures
MORGAN STANLEY Physical Memory Standard Operating Procedures HBGary Memory Forensic Tools Phil Wallisch 5/11/2010 This document details the procedures that Morgan Stanley CERT will perform to acquire and
More informationCertified Secure Computer User
Certified Secure Computer User Course Outline Module 01: Foundations of Security Essential Terminologies Computer Security Why Security? Potential Losses Due to Security Attacks Elements of Security The
More informationEnterprise Incident Response: Network Intrusion Case Studies and Countermeasures
Enterprise Incident Response: Network Intrusion Case Studies and Countermeasures Eric J. Eifert Vice President, Cyber Defense Division ManTech s Mission, Cyber, & Technology Solutions Presentation Overview
More informationOutpost Network Security
Administrator Guide Reference Outpost Network Security Office Firewall Software from Agnitum Abstract This document provides information on deploying Outpost Network Security in a corporate network. It
More informationRedline User Guide. Release 1.14
Redline User Guide Release 1.14 FireEye and the FireEye logo are registered trademarks of FireEye, Inc. in the United States and other countries. All other trademarks are the property of their respective
More informationHyperoo 2.0 A (Very) Quick Start
Hyperoo 2.0 A (Very) Quick Start Download and install the Hyperoo 2.0 beta Hyperoo 2.0 is a client/server based application and as such requires that you install both the Hyperoo Client and Hyperoo Server
More informationImplementation of Web Application Firewall
Implementation of Web Application Firewall OuTian 1 Introduction Abstract Web 層 應 用 程 式 之 攻 擊 日 趨 嚴 重, 而 國 內 多 數 企 業 仍 不 知 該 如 何 以 資 安 設 備 阻 擋, 仍 在 採 購 傳 統 的 Firewall/IPS,
More informationWithout a Trace: Forensic Secrets for Windows Servers. BlackHat Windows 2004. Presented by Mark Burnett and James C. Foster
Without a Trace: Forensic Secrets for Windows Servers BlackHat Windows 2004 Presented by Mark Burnett and James C. Foster Agenda Introduction Server Time Settings File Changes Tool Demo: Logz Recreating
More information