Wednesday, February 25, 2015

How to get rid of spyware toolbars and other crapware in Google Chrome

It's very easy to infect our browser with all kinds of malware. I'm sure that, at some point, everyone has experienced the problems with the useless toolbars in the browsers. Remember Delta toolbar, or Conduit toolbar? They're often included within a free application, and you can even voluntarily download and install them!!! (don't try it).

Fortunately, Google has released a Beta version of their 'Software removal tool'. What this tool do is basically 'reset' your Google Chrome browser, and it leaves it clean of malware. Of course, this is just a Beta version of the tool, but I think it's a great idea that could be implemented for Firefox too. However, now I'll show how to use this tool to remove some malware from my own Chrome browser. I infected it with the Conduit toolbar:

Conduit infected Chrome


Now, I'll use the Google Software removal tool. You can download it here. Just download it and place it somewhere you know.

Software removal tool desktop
Now, just run it. It will scan the computer looking for malware. Once it finishes, it will show the results. In my case:
Software removal tool results

Click 'Remove suspicious program'. After a few seconds, you'll see this:
Click Restart and the computer will reboot and that's it. Simple, right? Of course, you cannot rely on this tool to fully protect your computer, but it's a simple and easy-to-use tool to get rid of problems in a simple way. The interesting thing is that the tool also helped with other browsers, like Internet Explorer 11. Give it a try, it won't disappoint you!

Monday, February 23, 2015

Freenet: another option to browse anonymously (how to for Linux)

Privacy is one of the most controversial issues regarding Internet today. Thus, the popularity of tools like TOR and i2p is increasing all the time. Another tool available now is Freenet, and it could be a good option if, for whatever reason, you need to protect your privacy. It's important to mention that this tool has been widely used in China and the Middle East, and it acquired more importance and academical relevance with the paper "Freenet: A Distributed Anonymous Information Storage and Retrieval System".

With that in mind, I'll show you now how to use Freenet in Linux (Ubuntu).

Requirements:

  • Java installed.
  • I first tried with the Java Web Installer, but I had some errors. So, the steps for installing Freenet will be done with commands.

Steps:

1. Open a Terminal
2. Enter the following commands:

wget 'https://freenetproject.org/jnlp/freenet_installer.jar' -O new_installer_offline.jar
 java -jar new_installer_offline.jar

3. A java prompt will be displayed. Just click 'Run'
4. Select your language and click 'OK'
Language Selection
5. A welcome screen will be displayed. Just press 'Next'
Welcome screen
6. Select the folder where you'll install Freenet and click Next twice.
Freenet installation
7. Once you reach the following screen, click Next three times:
Freenet installation finished
8. Finally, click Done. A browser will be automatically opened with the Freenet configuration wizard.
Freenet set up
Note: The configuration I'll choose will allow you to connect to any Freenet user. If you are concerned about security, you should choose another configuration.

9. Click 'Choose low security'
10. Click Next
11. In the 'Datastore size' screen, select the Datastore size. It is recommended to set as much space as possible, but I'll just leave the default value. Then click Next
Datastore size
12. In 'Bandwidth Limits' click Yes if you connection has a monthly data limit. Otherwise, click No.
13. Select speed of your connection and click Next.
Connection speed
If there are any other configurations, set them and click Next until the wizard finishes. OK, we have Freenet installed, but how do we 'browse' on Freenet? Simple, you need to obtain Freenet 'keys'. These are like URLs. You load one and you can see its content. For example, we have the following key, corresponding to the 'Bluish Coder' blog:

USK@1ORdIvjL2H1bZblJcP8hu2LjjKtVB-rVzp8mLty~5N4,8hL85otZBbq0geDsSKkBK4sKESL2SrNVecFZz9NxGVQ,AQACAAE/bluishcoder/-10/

In the main screen of Freenet, go to the 'Key' field and paste the key there. After that, click 'Fetch'
Freenet keys
Then you'll the download progress. Yes, Freenet downloads the page first:
Page downloading
After the download is complete, you'll finally see the page:
Loaded page

Wednesday, February 18, 2015

Chocolatey: apt-get, but for Windows

Chocolatey logo

Well, not exactly. This is not like an emulator of apt-get, but it's like its equivalent for the Microsoft OS.

I always hear that installing things in Windows is easier, but that's not always the case. For example, installing things in Linux with apt-get is as easy as using the Apple app store or Google Play: You have all the software you need centralized in a single place (from the point of view of the user), and you just select it and everything will be downloaded, installed and configured. The only problem is that the Linux terminal is ugly and some inexperienced users are instantly scared, but once you get used to it, is really easy and convenient. That's why some Linux users miss this feature for Windows. Well, here's a great tool that's just like apt-get or yum, but for Windows. It's Chocolatey. I'll show you how to use it with a practical example, from the installation of Chocolatey to the installation of an application.

Installation of Chocolatey:

1. Open a command line console with administrative privileges. I'm using Windows 8.1, so:

  • Open the right menu and click Search
Search Windows 8.1
  • Enter 'cmd' and rick click Command Prompt>Run As Administrator
Run as administrator
  • Click Yes
2. In the Command Prompt, paste the following command:

@powershell -NoProfile -ExecutionPolicy unrestricted -Command "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))" && SET PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin

Install command
Now just press enter. After that, you should see something like this:
Chocolatey installed
Congratulations! You just installed Chocolatey. Easy, right?

Installing Firefox:

1. Open a new Command Prompt with administrative privileges.
2. Enter the following command:
choco install firefox

choco install firefox
Press enter and relax...
Installing Firefox
3. After a couple of minutes you'll see this confirmation message:
Confirmation message
As you can see, there are a lot of possibilities for this tool. For example, it can be used for silent installations from automated scripts. For now, I'll leave you with this example, and I'll write a lot more about this in a near future. Don't forget to visit the official Chocolatey page.

Tuesday, February 17, 2015

Do you want to get rid of this malware? Destroy your disk

We all know about the Flame malware attacking middle east countries. It's one of the most complex and effective pieces of malware ever made and, according to certain sources, it was developed by the infamous NSA. Well, it looks like they're back on the game.

On a report recently released by Russian security company Kaspersky (download the full report here), we can read about a new group called the 'Equation Group' has been developing and distributing extremely complex malware. I'm not kidding, these are the exact words used there to describe the group en its software:

The Equation group is a highly sophisticated threat actor that has been engaged in multiple CNE (computer network exploitation) operations dating back to 2001, and perhaps as early as 1996. The Equation group uses multiple malware platforms, some of which surpass the well-known “Regin” threat in complexity and sophistication. The Equation group is probably one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen.

The following is a list of the arsenal owned by the Equation group. They work together, depending on each other for certain actions, and some are "upgraded versions":
  • EQUATIONDRUG – A very complex attack platform used by the group on its victims. It supports a module plugin system, which can be dynamically uploaded and unloaded by the attackers.
  • DOUBLEFANTASY – A validator-style Trojan, designed to confirm the target is the intended one. If the target is confirmed, they get upgraded to a more sophisticated platform such as EQUATIONDRUG or GRAYFISH.
  • EQUESTRE – Same as EQUATIONDRUG.
  • TRIPLEFANTASY – Full-featured backdoor sometimes used in tandem with GRAYFISH. Looks like an upgrade of DOUBLEFANTASY, and is possibly a more recent validator-style plugin.
  • GRAYFISH – The most sophisticated attack platform from the EQUATION group. It resides completely in the registry, relying on a bootkit to gain execution at OS startup.
  • FANNY – A computer worm created in 2008 and used to gather information about targets in the Middle East and Asia. Some victims appear to have been upgraded first to DoubleFantasy, and then to the EQUATIONDRUG system. Fanny used exploits for two zero-day vulnerabilities which were later discovered with Stuxnet.
  • EQUATIONLASER – An early implant from the EQUATION group, used around 2001-2004. Compatible with Windows 95/98, and created sometime between DOUBLEFANTASY and EQUATIONDRUG.
But this is not the most impressive achievement of the Ecuation group. I quote the report:

Although the implementation of their malware systems is incredibly complex, surpassing even Regin in sophistication, there is one aspect of the EQUATION group’s attack technologies that exceeds anything we have ever seen before. This is the ability to infect the hard drive firmware.

What does it mean? Basically, if you get infected, formatting the disk won't help you to get rid of the malware, nor re-installing the OS. Also, this malware is impossible to detect. There are some specific brands of affected hard drives, including Samsung, Maxtor and Toshiba.

But what is the reach of the infection? Here's a map provided in the document:
Although this is a huge hacking operation, you shouldn't be worried if you are an average citizen, but if you work anywhere and if you have a computer at work, chances are that you have been infected, and you'll never know it.

Monday, February 16, 2015

How to install Debian for beginners

Debian logo
Debian is one of the most famous Linux distros. The fame comes from the stability, robustness and low hardware requirements. The only thing is that it can be trickier than Ubuntu to use, so it's not the first choice for many beginners. However, this article will show you how to install it in a Virtual Machine with some useful tips. Let's begin.

Requirements:

The Debian .iso files. There are various different ways to install Debian. In this tutorial I'll use the Debian .iso files because I don't want to depend on an Internet connection that could fail any moment. So, I downloaded the DVD's corresponding to a 64 bit architecture from here. There are many other options, but in most cases you'll need to download the DVD's corresponding to i386 or amd64, for 32 and 64 bit respectively.

Steps:

1. Open vmWare Workstation.
2. Go to File>New Virtual Machine...
New virtual machine
3. Select 'Custom' and click Next
4. Click Next
5. Select 'I will install the operating system later'. Click Next.

6. Select Linux and Debian 7.x 64bit.
Select Linux
7. Click Next.
8. Enter a name and a location for the Virtual Machine
9. You can leave all the next options with the default value and click Next until you reach the last dialog. Then click Finish.
Finish dialog
Now, go to VM>Settings>CD/DVD (IDE) and select the fist Debian DVD and click OK.
10. POwer on the VM. When it boots up, select 'Graphical install' and press Enter.
Graphical install
11. Select the language and press Continue.
12. Select the location and press Continue.
13. Select the keyboard configuration and click Continue.
14. Enter a hostname. This is to identify the machine in a network, so unless you are doing this in a particular network, you can leave that with the default name. Then click Continue.
Hostname
15. Enter a domain name. In this case, it can be anything, so I'll enter 'testools.net'. Then click Continue.
Domain name
16. Enter a password for the root and click Continue.
17. Enter a name for the user that will be used for non-administrative activities. This is the real name for the user, so enter something like John Smith. Click Continue.
18. Select the name for the user account. This name should begin with a lower-case letter. For example, you could choose 'john'.
Username for the account
19. Enter a password for the new user account.
20. Select the time zone and click Continue.
21. In this case, I'll select 'Guided - use entire disk' as partition method.
Guided - use entire disk
22. There's only one disk in this example, so select it and click Continue.
23. For the partition scheme I selected the first option (all the files in a single partition). To know more about which partition scheme to choose, read this. Click Continue three times and the installation will begin.
All files in one partition
24. After all the contents of the first DVD are read, a dialog will prompt you to scan another disk.  Now, go to VM>Settings>CD/DVD (IDE)
25. Browse and select the second Debian DVD. Then click OK.
Second DVD
26. A dialog warning about the lock to the CD will be displayed. Just click Yes.
CD-ROM lock
27. Back to the VM, Select Yes and click Continue. If it fails, open the VM settings again and check 'Connected' in 'Device Status' to get the .iso file connected.
Scan another DVD
28. After the second DVD was scanned, select 'No' to scan another DVD, an click Continue.
29. Now, the wizard will prompt you to insert the first DVD again. Do it and click Continue.
30. IN the popularity-contest configuration, select No.
31. In the software selection screen you can select additional software to install. I just installed the core components.
Software selection
32. In the step to install GRUB, select Yes and click Continue.
33. After a moment, you'll see the following screen. It means that the installation is over! Click continue.
Installation complete
34. Finally, the VM will restart and there you have it! Enjoy!
Related Posts Plugin for WordPress, Blogger...