Search Information and Knowledge from my blog or around the web!!!

Know the Blogger!

My photo
United Arab Emirates
MCTS | MCITP Enterprise Administrator | ITIL V3 Certified. ----------------------------------------------------------------------------------- The Blogger has more than 6 years of experience in IT Infrastructure and Customer Services Management. Experience in Systems Analysis, Design and Implementation based on Microsoft Windows Server Platforms and Linux platforms, Management of Active Directory and Directory Services, DNS, DHCP, VPN, SCCM, ISA Server, Forefront Security, Exchange and Linux Mail Servers, Kaspersky Server Management and Connectivity Services with additional skills in Data Center Operations Responsibilities, Service Desk Strategy, Design, Transition and Operations expanding from customer services to problem and incident management. He has managed various projects driven on ITIL framework which is the most respectable framework and guideline to run IT projects and service management operations.

Thursday, October 13, 2011

Most Damaging Malware

All malware is bad, but some types of malware do more damage than others. That damage can range from loss of files to total loss of security -- even outright identity theft. This list (in no particular order) provides an overview of the most damaging types of malware, including viruses, Trojans and more.

Overwriting Viruses

Some viruses have a malicious payload that causes certain types of files to be deleted - sometimes even the entire drive contents. But as bad as that sounds, if users act quickly the odds are good the deleted files can be recovered. Overwriting viruses, however, write over the original file with their own malicious code. Because the file has been modified/replaced, it can't be recovered. Fortunately, overwriting viruses tend to be rare - in effect their own damage is responsible for their shorter lifespan. Loveletter is one of the better known examples of malware that included an overwriting payload.

 
Ransomware Trojans

Ransomware trojans encrypt data files on the infected system, then demand money from the victims in exchange for the decryption key. This type of malware adds insult to injury - not only has the victim lost access to their own important files, they've also become victim to extortion. Pgpcoder is perhaps the best known example of a ransomware trojan.

Password Stealers

Password stealing trojans harvest login credentials for systems, networks, FTP, email, games, as well as banking and ecommerce sites. Many password stealers can be repeatedly custom configured by attackers after they've infected the system. For example, the same password stealing trojan infection could first harvest login details for email and FTP, then a new config file sent to the system which causes it to turn attention to harvesting login credentials from online banking sites. Password stealers that target online games are perhaps the most commonly talked about, but by no means are games the most common target.

Keyloggers

In its simplest form, a keylogger trojan is malicious, surreptitious software that monitors your keystrokes, logging them to a file and sending them off to remote attackers. Some keyloggers are sold as commercial software - the type a parent might use to record their children's online activities or a suspicious spouse might install to keep tabs on their partner.

Keyloggers may record all keystrokes, or they may be sophisticated enough to monitor for specific activity - like opening a web browser pointing to your online banking site. When the desired behavior is observed, the keylogger goes into record mode, capturing your login username and password.

Backdoors

Backdoor trojans provide remote, surreptitious access to infected systems. Put another way, it's the virtual equivalent to having the attacker sitting at your keyboard. A backdoor trojan can allow the attacker to take any action you - the logged in user - would normally be able to take. Via this backdoor, the attacker can also upload and install additional malware, including password stealers and keyloggers.

Rootkits

A rootkit gives attackers full access to the system (hence the term 'root') and typically hides the files, folders, registry edits, and other components it uses. In addition to hiding itself, a rootkit typically hides other malicious files that it may be bundled with. The Storm worm is one example of rootkit-enabled malware. (Note that not all Storm Trojans are rootkit-enabled).

Bootkits

While said to be more theory than practice, this form of hardware targeting malware is perhaps the most concerning. Bootkits infect flash BIOS, causing the malware to be loaded even prior to the OS. Combined with rootkit functionality, the hybrid bootkit can be near impossible for the casual observer to detect, much less to remove.

Posted by at No comments:

Sunday, October 2, 2011

Tips for using device manager on virtual Windows Servers

By Rick Vanover (techrepublic.com)

August 24, 2011, 7:32 AM PDT

Takeaway: Even though virtual machines may be the de facto platform for new Windows Servers, the hardware management panel is still critical for troubleshooting issues on a system. Rick Vanover shares tips on using device manager for virtual machines.

When Windows Servers are running in a virtual machine, we rarely check into device manager. Given that systems built as a virtual machine have a much higher chance of being successful when the proper drivers are installed (such as VMware Tools), this issue is less of a problem for new builds. But some systems may have gone through a physical-to-virtual (P2V) conversion or a virtual-to-virtual (V2V) conversion. There’s a greater chance P2V systems will have some sort of carryover device in the device manager. Some devices (especially network interface controllers) might be inventoried in the server but not displayed. The goal of a device manager console is to be free of any issues, as shown in the virtual machine hardware inventory in Figure A.

Figure A

clip_image002

Click the image to enlarge.

For systems that have gone through a P2V conversion and had their virtualization drivers installed, there may be residual issues with previously enumerated hardware. One such issue is the “phantom” network interface; this is usually most visible when a single network adapter is visible, and it is called Local Area Network 2. Further, if a static IP address is assigned to the server that was the same when it was a physical server, a confusing warning message may appear before saving the changes. Removing the phantom network interfaces is an easy process.

The phantom network interface is one of the most common examples where a missing device may have a lingering configuration yet not be part of the device manager enumeration. Sometimes the option to show hidden devices in the device manager doesn’t show these either.

For all servers, Windows device manager is an important console that should be reviewed from time to time and not just after the server build. For virtual machines, this doesn’t change, and by making sure the device manager is accurate, it can ensure the virtual machine is performing as expected.

What do you do differently for support virtual hardware on Windows servers? Share your comments below.

Posted by at No comments:
Subscribe to: Posts (Atom)