RSS

Tag Archives: computer

Turn on Remote Desktop in Windows 7 or Vista

Turn on Remote Desktop in Windows 7 or Vista

Remote Desktop is disabled by default in Windows 7 or Vista, but it’s easy enough to turn it back on. If you need to access your Vista PC from another box, it’s an essential thing to turn on.

Important note: Remote desktop is only included in the Professional, Business, or Ultimate versions of Windows. Home editions do not have remote desktop.

To get to the configuration page, you can either right-click the Computer icon and choose properties, or you can type in system into the start menu search box, and then find the entry for System.

Now you’ll want to click the Remote Settings link on the left hand side:

Now you can finally turn it on:

To connect from another Vista / Win7 PC on the same network, click the bottom radio button. If you need to connect from an XP/2k machine, click the “Allow connections from computers running any version of Remote Desktop” radio button.

Don’t worry about setting up firewall rules, Vista or Windows 7 does that for you automatically.

Note: This should work for both Windows 7 and Vista.

 
Leave a comment

Posted by on July 11, 2010 in Computers

 

Tags: ,

New P2P Trojan Discovered

Once launched, the malware will install itself in the WINDOWS directory where it installs a registry key to ensure that it loads on startup.

Security researchers at Arbor Networks researchers have discovered a new botnet that compromises machines infected with the Heloag Trojan that is specifically designed to manage the downloading and installation of a spectrum of additional malicious software.

“Upon detailed inspection, this bot does not appear to have any DDoS capabilities built into it, it appears to only manage downloads on the infected PC,” say researcher Jose Nazario.

The way it works is that the trojan is downloaded from either 7zsm.com or elwm.net. Once on an infected PC, it then install itself in the WINDOWS directory.

Names observed include:

  • C:\WINDOWS\csrse.exe
  • C:\WINDOWS\ThunderUpdate.exe
  • C:\WINDOWS\conme.exe

The malware then installs a registry key to ensure that it loads on startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon = [filename]

(Where [filename] refers to the installed filename from above)

It then makes a connection to the C&C server for the botnet, often on TCP port 8090, to register itself and await commands. Traffic is usually preceded by a single byte to indicate the message purpose:

  • 01 – initial hello
  • 02 – keep alive, idle message
  • 03 – download the named file
  • 04 – connect to other peers
  • 05 – send hostname to server
  • 06 – clear
  • 07 – close connection

Trojan.Heloag infected hosts often download other malcode over HTTP from a central server, and can also connect to other bots over TCP, often using ports 7000-7010.

Nazario said that the Trojan not only calls out to the command-and-control server in order to download new EXEs to load onto the infected PC, it will also connect with other infected machines over TCP.

“It’s unclear what the purpose of this is, but it appears to be some form of peer-to-peer,” adds Nazario.

 
Leave a comment

Posted by on April 15, 2010 in Computers

 

Tags: ,

Ransom Malware Hits Internet

A Wave of Ransom Malware Hits Internet

from : John E. Dunn, Techworld.com

Criminals reused an attack from 2008 to hit the Internet with a huge wave of ransomware in recent weeks, a security company has reported.

In the space of only two days, February 8 and 9, the HTML/Goldun.AXT campaign detected by Fortinet accounted for more than half the total malware detected for February, which gives some indication of its unusual scale.

The attack itself takes the form of a spam e-mail with an attachment, report.zip, which if clicked automatically downloads a rogue antivirus product called Security Tool. It is also being distributed using manipulated search engine optimisation (SEO) on Google and other providers.

Such scams have been common on the Internet for more than a year, but this particular one features a more recently-evolved sting in the tail. The product doesn’t just ask the infected user to buy a useless license in the mode of scareware, it locks applications and data on the PC, offering access only when a payment has been made through the single functioning application left, Internet Explorer.

What’s new, then, is that old-style scareware has turned into a default ransom-oriented approach. The former assumes that users won’t know they are being scammed, while the latter assumes they will but won’t know what to do about it.

The technique is slowly becoming more common — see the Vundo attack of a year ago — but what is also different is the size of this attack, one of the largest ever seen by Fortinet for a single malware campaign.

Fortinet notes that Security Tool is really a reheat of an old campaign from November 2008, which pushed the notorious rogue antivirus product Total Security as a way of infecting users with a keylogging Trojan.

“This is a great example of how tried and true attack techniques/social engineering can be recycled into future attacks,” says Fortinet’s analysis.

According to Fortinet, the “engine” pushing the spike in ransom-based malware is believed to be the highly-resilient Cutwail/Pushdo botnet, the same spam and DDoS system behind a number of campaigns in the last three years including the recent pestering of PayPal and Twitter sites.

Ransom Malware Article From TechWorld.Com

 
Leave a comment

Posted by on April 8, 2010 in Computers

 

Tags: ,