Archive for the ‘Security’ Category

Vista Anti-Virus 2011– Seriously, Microsoft?

Monday, March 21st, 2011

Last night I was doing some Google queries to research a technical issue I was having with GlusterFS. I clicked on a link Google had suggested for me and suddenly the performance of my system had slowed to a crawl. I assumed that the site had JavaScript, or some other poorly implemented client-side code on it but it was really much worse.

I had been hit by malware…

(more…)

If you get less spam today, thank Microsoft

Friday, March 18th, 2011

Microsoft is usually the punch line of jokes related to the security of their software but apparently they take spam, botnets, and malicious code creators very, very seriously.

In an apparent raid coordinated between Microsoft and federal authorities yesterday (as the wall street journal first reported) one of the largest botnets in the world (known as “Rustock”) was shutdown. “Rustock” was believed to be in control of over one million infected PCs worldwide and responsible for more than a billion spam messages a day.

So if you notice that the spam in your inbox is a little lighter today than it was yesterday, You might just have Microsoft to thank.

Technorati Tags: ,,,

-Drew

The next open relay: VoIP

Tuesday, September 15th, 2009

In the mid to late 90s, the worst thing your organization could do is to have an open SMTP relay on your network. Spammers would use your mail server to send their spam which would lower the reputation of your server and get you black-listed. The next ‘open relay’ is likely to be insecure VoIP servers and unlike SMTP, VoIP is likely to cost you real money.

(more…)

A problem is preventing windows from accurately checking the license for this computer 0x80040002

Friday, June 20th, 2008

As I was trolling about the incident logs recently I noticed that two Windows Server 2003 hosts which were completely separate and had absolutely no interaction with one another were both presenting the same error message during the logon process. The error was:

"A problem is preventing windows from accurately checking the license for this computer 0x80040002" This error presented immediately after Authentication. A quick Google only revealed a few hits regarding Windows XP Home and a Dell specific problem so naturally it piqued my interest.

One machine could obviously be hardware related (file corruption, bad RAM, anything really..) but two? This was just way too juicy for me to ignore so I began investigating.

A reboot into safe-mode and I was in business. My first stop is always to check the services list in the registry editor. Indeed, a quick check in regedit led me to a service called ‘recovery2′ which I have never heard of. The ImagePath was "c:\program files\outlook express\recovery.exe" curious and more curious. This service obviously being spurious I removed the entry from the registry, deleted the file and restarted the server. The machine then processed my login normally.

The odd thing being that I could find any good references to this particular root-kit anywhere on Google.

If anyone comes across something similar, let me know how you fare in the comments.

-Drew