Geek Practitioners Blog

I have run into the scenario of checking an end user’s computer for signs of porn, or surfing porn sites, and seen ambiguity introduced by popups from sites that are not porn per se, or clicks that were unintended and aborted. Obviously, malware can not only cause popups, but also download files nefariously.

This is an extreme cautionary case, in which a worker was fired for child porn, had his reputation ruined, faced criminal charges, and was found to be innocent. Tech support completely failed and even helped persecute him. That’s bad.

Talk about feeling watched. No sooner did I remove the rogue links than they were replaced with similar ones off a different college URL.

I dropped everything to upgrade WordPress. Seems to be working so far.

I came over here to update the blogroll and noticed a funny thing:

Someone was able to hack WordPress in a way that gave them access to the blogroll. No idea when it happened, but the links all redirected through this WordPress blog using a trailing structure in the form of:

?q=cash-loans

At the end of the URL to which I linked. Not sure offhand what the ?q is and how it differs from the ?s format used to return search results. It did the job, anyway, redirecting to an entirely different location. I suspect the blog in question was also victimized and had no active role.

The lesson? This is probably why there have been security-related updates to WordPress that I should have installed periodically. I’m pretty sure none of the WP blogs in our “empire” are fully updated except the newest one. Oops.

The other lesson? If I posted here regularly as I really do plan to, I would notice these things promptly, limiting any benefit accruing from the linkage.

Now multiple WordPress updates are on my list of things that must be done sooner rather than later.

And in the process of showing Wayne Vista and geeking out some more, I noticed that in DOS the hidden folders that can’t be accessed and are in some cases obviously for backward compatibility are labeled [JUNCTION] instead of [DIR]. They are NTFS junction points, which act like folders (or files) but are pointers to other folders (or files). Also, I had set Explorer to show hidden files and folders, but for some reason that didn’t cascade to the user profile folder, so explicitly turning that on made the hidden stuff visible even from Vista in Explorer.

There is a switch for DIR that shows just junctions, so using /AL and /S redirected to a text file with > will give you a list of all of them on the machine.

There’s also a DOS command, MKLINK, for creating junctions. Who knew.

It’s NTFS security that makes the junctions inaccessible. They don’t need to be; they’re shortcuts to something you can get at elsewhere.

Very cool.

This is a good description of cleaning up a zombie computer that had been completely taken over by trojans and malware.

I always tend to forget the hosts file as a factor in these situation. Then again, I’m not sure I’ve ever encountered one so bad that it was a factor.

Via Dean Esmay, disturbing news about Zone Alarm and Firefox. Well, sounds like it’s also about XP SP2.

There’s a great discussion, entertainly and religiously tempestuous of course, going on over Firefox and Internet Explorer. Not about the browsers, at least not at first, but about whether the Firefox download can be trusted to be secured and the file you receive and install untampered with.

I’m following the comments in the Wizbang post, in which Kevin laughs at the post by a Microsoft employee that started the debate.

If you take it in the spirit of having pointed out a potential problem with Firefox distribution, it’s worth pondering. If you take it as a silly attempt to scare folks away from Firefox, it really is amusing.

In any event, I can’t recommend Firefox highly enough. It saves hours upon hours of work and boatloads of grief associated with malware that Internet Explorer all but invites onto computers. But hey, IE can be downloaded securely, with certainty you are getting the binaries Microsoft intended.

Eric has pointed out an interesting post on safe personal computing by security expert Bruce Schneier. Good advice, even if I tend to be overly “do as I say, not as I do” in my own practices. At a minimum place to start, use Firefox to block popups and seriously curtail the chances of malware installing itself. Most of that stuff relies on weaknesses or features of Internet Explorer.

Inspired by the Jay Tea post I linked previously, McGehee has pointed out that there is a blog called Spyware Warrior. It appears to be a nice resource.

Jay Tea describes an experience cleaning up malware, that is, adware and spyware, on an extended family computer. There’s that family tech support thing again. I can’t blame him for feeling dirty, as it was a particularly bad infestation.

He took a somewhat different approach from the hardcore one here and for that matter, here. Yahoo’s toolbar? I’d never have thought to do that.

One thing though; installing Firefox is priceless. It goes most of the way toward preventing the problem from happening again. And again and again and again.