By "casing" can also be called enumeration, where the hacker reviews what type of systems that you have on the Internet.
It is the first step in attempting a breach into your infrastructure.
Here is where a scan would find out what type of programs you are running.
Then the (unethical of course) hacker attempts to break your defenses. Hopefully you have the latest patches, the passwords are tough to crack and so on.
Once the hacker has a beachhead the attacks are now different in nature, as now they are in the network and attacks are coming from the inside. One of the first things they do is to increase their capabilities by attaining more permissions and more systems.
Second, the hacker will create their own accounts, so they can come and go as they please.
Third, the hacker will take what they were looking for or use your computers to create more attacks. It depends on who the hacker is and their goals.
On today's Internet Storm Center Diary :
Johannes noticed an odd attack coming from what turned out to be a DVR in China.
This is a shape of things to come, unattended devices, which never get patched will be attacked and then used to attack your infrastructure.
This is why it behooves you to work hard to remove all the vulnerabilities one can.
Use our minimal Alpha Scan which allows a minimal scan and review, it is as unintrusive as viewing a webpage without any scripting.
It is important to patch all your Internet facing devices. Becasue if you don't eventually someone will use your Internet bandwidth and computing resources for their own uses.
Unfortunately in this day, it is not enough to have a person on staff to handle your IT work, or even be in charge of Security tasks.
How can you be certain that tasks are being done to a level of proficiency that is required?
A second person needs to review and test. that is where Fixvirus,com come in.
That is why we created www.oversightsentry.com to attempt to make this security process easier.
Security design, quality control and testing need to be incorporated in all facets of business, especially the outward facing computers and applications on the Internet.
When trying to login to WordPress
I got this message instead:
(output started at public_html/wp-content/plugins/twitter/widget_twitter_vjck.php:171) in public_html/wp-includes/pluggable.php on line 896)
Which is interesting to say the least.
So after searching the Internet for a similar problem I found this WordPress support page:
Which suggested to look at the error and look for missing ?> (in this case they wanted the person to delete all content and add the ending bookends for the php code.
So I went to public_html/wp-includes/pluggable.php and found out that it did not have ?> for some reason. So I added the bookend at end of file "?>" and now I can login again.
I remember a couple of days ago I was trying to install a plugin and had some trouble. I eventually did get it installed, but I tried with several logins and different browsers. These actions may have caused WordPress to perform a file edit.
Anyway it is always good to have a backup, but if you need some WordPress help let us know.
It is a good idea to get in the habit of patching your systems consistently.
Not wanting to reboot is sometimes a wish of all of us, as we do not want to close all of our windows down, and restart fresh.
But we have to get in the habit, at least once a week to reboot and patch if needed.
this week teh patch Tuesday fixes as Threatpost mentions the 17 vulnerabilities fixed in Internet Explorer, as well as a Zero-Day vulnerability.
Zero-day vulnerabilities are a problem since there is no fix for a while, so a malicious attack cannot be thwarted.
As an ethical hacker it is much harder to attack a system successfully with all the current patches on the system.
On patch Tuesday Microsoft has decided to roll up all the vulnerabilities found in the last month on one day, otherwise as each vulnerability gets created and fixed there would be many of them spaced out in a month and it thus becomes unmanageable in an enterprise environment(at more than 1000's of computers). On March 2014 nakedsecurity says there are 5 bulletins, with 2 critical, and even Mac)
So with patch Tuesday at Microsoft the other vendors with vulnerabilities have also instituted a release time in the month of their patches, causing the date of the month: "2nd Tuesday" a prominence in the calendar. IT departments everywhere are working around the new vulnerability patch releases and their resulting fixes.
We at Fixvirus.com are frequently tasked to ensure patches have been installed and do provide security capabilities by using our
Alpha(A), Sigma(Σ), and Omega(Ω) scans.
In the last 25 years the most common vulnerabilities are?
From VRT-Blog at snort.org
Total vulnerabilities and highly critical vulnerabilities were up in 2012 after a significant downswing over the previous few years; 2012 was a record-breaking year for the number of most critical vulnerabilities, those with a CVSS score of 10.
Buffer overflows continue to be the most important type of vulnerability, with 35% of the total share of critical vulnerabilities over the last 25 years.
Interesting to note that Microsoft also has been bumped as the top vendor (highest number of vulnerabilities)
Oracle (with Java) has replaced Microsoft.
Has a discussion of a warning about an analysis about a new toolkit that makes it easier to create malware or other attacks on the Windows platform, Java, and Adobe.
This is the actual link
AVG ThreatLabs has also discussed the Cool Exploit Kit.
What does this mean? - Be extra careful of links and attachments, as new malware is being developed.
Just fixed a computer with the Harbinger 'rootkit' virus.
Typical tools used to clean the computer, plus the Kaspersky bootkit removal tool called TDSSKiller Kaspersky webpage link.
If you do decide to download from other sources (when doing a Google search on TDSSKiller sometimes one get 3rd party mirrors, then download from CNET webpage
I tried downloading from some other sources, like It was interesting how it operated, it created audio soundtracks when a browser opened. The audio was from various sound files on the computer and from ads on the Internet. The virus ran in the background (not obvious it was running, but you could hear it). The rootkit likely ran and was doing its masters bidding.
The sound was odd advertisements, shows local to the area and other random noises. It was very odd, and of course annoying. After the Kaspersky tool ran (in safemode) then the system was clean.
Also remember to patch your machines, there are a lot of Microsoft vulnerabilities coming out soon.
Here is the Microsoft Techcenter Security Bulletin list: Microsoft webpage