Apologies again about the light blogging. It might have something to do with the fact that my computer got infected by a nasty evil demon virus from HELL yesterday, which took me over 6 hours to get rid of completely. This evil monster blocked me from accessing antivirus related sites, hijacked my Google searches, crippled my AV software so I couldn’t download updates, blocked my attempts to use Regedit (so I could go into the registry), and constantly crashed Firefox. It also corrupted any antivirus software I tried to download too. Only by renaming Regedit and figuring out where the virus was getting its cues from in the registry was I finally able to disable it and download the needed software to remove it from the system altogether. Gads.

And that might have been the end of it, except that I’m minding my own business watching a Netflix movie and trying to unwind from all the stress before, when I get an IM from a friend letting me know my blog was down.

Uhhhhhh?

So I surf in and sure enough the only thing left of my blog was a weird PHP error. After doing some quick googling, the error usually occurs when the site has been hacked.

Oh no, oh no no no no no….

I logged in, checked some of my files and noticed right away many of them had been changed only minutes before. Upon opening the PHP files I saw malicious javascript code had been injected at the top, explaining why my blog was no longer functioning. Left to itself, once the code was operational it would have spread and potentially infected any subsequent visitor to the site who didn’t have their browsers appropriately shielded (you know, like dumbass me.) The irony of it is that the unique setup of my blog prevented the code from working properly, the one saving grace from having so much junk on my blog to begin with.

I contacted support in a panic, and they responded almost immediately, and restored my entire site within a few short minutes. I asked them to investigate and they found FTP logins that were out of the ordinary and didn’t match the IP addresses I normally used. After some investigating of my own, I confirmed it was the same group that infected my PC with a virus before. Evidently the trojan I was infected with had sent them my FTP passwords, and the hackers’ server later used that info to log in and inject my blog with all kinds of malicious crap. Fun times.

My host sent me the FTP logs and from there I was able to determine exactly who the culprit was, a server in Norway that appears to be a clearinghouse for Russian criminal activity. I’m pretty sure what happened to me was all automated, and that I was just one of many victims of what’s become a well organized setup designed to do what else, make money. The Google searches I tried when I was infected hijacked my searches and redirected me to spam sites instead. I also discovered 419 type scams as well coming from the same server (including my personal favorite, one from a Russian “single mother” pleading for money so she could feed her starving family, and oh by the way, she’s 30 and a hottie too.)

Glad the nightmare’s finally over though (I think). Can I go back to watching my movie now?

Tags: antivirus, blog, code, computer, criminal, firefox, googling, hackers, javascript, nightmare, norway, pc, registry, scams, script, server, software, spam, support, trojan, virus
Categories: Tangled Webs
 
(  Print This Post | | 109 views )

I’ve been using the Torrify Browser at my job for a few weeks now, and man did I fall completely in love with it. Ever since I got into it with my boss over his refusal to accommodate my disabilities (among other things), and watching him piss all over my efforts to go back to school, I no longer felt safe using my work PC to surf the net and blog when things at work got slow, at least not with him lurking around. So I started exploring my options. When I somehow stumbled onto Torrify, I found something that not only enabled me to keep my browsing contents off the servers, it also enabled me to install the StumbleUpon and ScribeFire plugins as well (something I couldn’t do on my work PC). I now had a completely portable browser on my USB thumbdrive with all the goodies I needed for secure blogging (and *ahem* a little bit of stumbling too). It even bypassed the server filters so I could once again access Pandora and other streaming radio sites, something I USED to enjoy until the party crashing snotballs in ISD (Information Systems Department) decided to block it all.

Only problem was Torrify’s ability to access the Tor network (for anonymous web surfing). Initially it was slow (which was to be expected), but then it suddenly stopped working altogether. I’m not sure why, but I wasn’t too concerned about it since I rarely used it anyway. My main concern was keeping my content, cookies and whatnot off ISD’s servers, and Torrify was able to accomplish that for me quite nicely.

Now it looks like Torrify has become XeroBank, which will eventually offer anonymous email and a completely portable virtual machine (??????). It also offers hi-speed access for anonymous Internet surfing (the cheapest package being ten dollars a month), and I had to admit its touted features looked impressive. Offering a true broadband solution for secure and anonymous surfing had been an elusive quest for many privacy minded users, so if XeroBank is able to deliver here, this could be the start of something big.

I, of course, already signed up for a 3 day demo.

Sign up for your own XeroBank Account

Important Update and Review:

After receiving email instructions on how to download Xerobank, I went to the site to choose the 3 day demo, but then it it forwarded me to a signup page for an account even though I had one already. Oh well, a minor hiccup that didn’t affect my account status, since I was able to download the browser from my Profile page without any further issues.

When I went to extract the files into my thumbdrive though, my antivirus software AVG suddenly started to throw a FIT, insisting that one of the XeroBank files was a trojan (Generic4.XXX). The name of the offending file was called KillProc.dll, and after a quick Google search I learned some antivirus products like to make a false hit on this particular file, even though it did have legitimate uses (which is to kill processes, duh). Still, this is probably gonna freak some people out if their AV also starts going bat crazy because of this particular file. AVG was still trying to grab and quarantine the file in my case, so I couldn’t get it to extract properly when I ran Xerobank the first few times, and sure it enough when I closed the browser, the processes were still running in Task Manager. I finally disabled the AVG shield and extracted it successfully, but then had to flush and recopy the files on to the thumbdrive a few times because the Firefox add-ons seemed to lock up on me for some reason.

When I finally got it running smoothly, I noticed the start page gave some some IPSpy statistics on the network I was currently using to surf anonymously. I was being rerouted through a server in Germany, but there was definitely a clear difference in speed compared to the Tor network. Wheeeeeeeee!!!!!!!!!!! At long last, anonymous BROADBAND!!

From what I could tell, I wasn’t actually using the Tor network anymore (even though oddly enough, the add-on to access the network still came pre-installed as it did in Torpark). My guess is that it’s being relegated as a backup option now, while your real connection is granted via an assigned static IP address as regulated by XeroBank. I’m assuming if I signed up for a Plus account that I would probably still be maintaining the same static IP, though this could really just be a unique characteristic of the demo version.

The important thing was that my connection was now effectively proxied, AND it was operating at broadband level speeds. If XeroBank can maintain this level of service, then man it’s definitely worth the 10 dollars a month it costs to use the Plus version at least. I can finally entertain my delusions of grandeur of being the faceless superhero who hacks his way through the Internet in an endless pursuit of truth and justice.

Update 2:

After being contacted by one of the administrators of XeroBank, I learned that if you wish to downgrade to the free “Torpark” version of the browser after installation, simply delete the two files in Data/XeroBank and you’re good to go. It was also confirmed the the static IP I was initially assigned would eventually be followed up with a broader range of IP addresses as they continue to expand their network and work out the remaining kinks.

Tags: anonymous internet, anonymous surfing, anonymous web, antivirus, boss, broadband, browser, disabilities, firefox, goodies, hi speed, job, little bit, mobile, pandora, portable, scribefire, streaming radio, stumbleupon, thumbdrive, tor, tor network, torrify, trojan, usb drive, virtual machine, whatnot, xerobank
Categories: Blog Fog
 
(  Print This Post | | 7,870 views )