Prevent Ransomware By Automatically Finding The Checksum Of Downloaded Files

Apple has already shut down the ransomware found in the Transmission torrent client.  You can easily prevent this from happening to you in the future by adding a Hazel rule to your downloads folder, which will automatically determine the checksum, so you can compare it with the one the legitimate file has. Continue reading “Prevent Ransomware By Automatically Finding The Checksum Of Downloaded Files”

How I Went Paperless And Clutter-free For $32

Ever since I discovered Dropbox, I felt weighed down by the clutter of physical documents.  I use it for all of my digital documents.  After a while, physical documents and pieces of paper began to get on my nerves.  It was much easier to have searchable PDFs that I could access anywhere.  To that end, I wanted to be able to convert any physical document I received into a searchable PDF.  See the video below for the entire workflow in action. Continue reading “How I Went Paperless And Clutter-free For $32”

Automatically Sort Dropbox Camera Uploads Based On Their Geographical Data

I have been a long time fan of using Dropbox to manage my photos, even with the release of Photos.  I have especially liked it ever since Dropbox enabled Camera Uploads from their iOS app.  With my latest script, I can now upload photos from my iPhone and have them automatically sorted into folders based on the city they were taken in.

To accomplish this, OS X’s Spotlight (mdls ) is used to extract the coordinates from the photo, and then those are sent to Google to get the city (or the state, address, and more). Continue reading “Automatically Sort Dropbox Camera Uploads Based On Their Geographical Data”

Batch Rotate Photo Files With Hazel and sips

If you have a ton of photos that are all facing the wrong direction and don’t want to do them individually, you can use Hazel to automatically go through a folder and rotate the images for you.  All it takes is a one-line bash script and a Hazel rule.

sips -r 90 "$f"

This rotates the image 90 degrees.  You can set it to 180 or whatever else you want. Continue reading “Batch Rotate Photo Files With Hazel and sips”

Trigger Scripts Via Dropbox And Hazel

I haven’t found a great use for this yet, but you can have your Mac automatically run a script by simply creating a file/folder in your Dropbox.  To do this, you need to set up Hazel to watch your Dropbox folder for a certain file/folder, and if it appears, trigger a script.  You could also use folder actions, or launchd, but it will be much more challenging.

In the example below, I simply play a sound byte of the Borg claiming that resistance is futile. Continue reading “Trigger Scripts Via Dropbox And Hazel”

Reduce And Resize Dropbox Camera Uploads Automatically With Hazel

I usually use my iPhone to take pictures for my Website and then upload them via the Dropbox app so they appear on my computer.  This is a nice feature, but the photos are way too large to use on a Website.  Instead of opening each one in Preview, scaling it down and saving it.  I created a Hazel workflow that does this for me automatically.  It then copies the original file to the Photos folder. Continue reading “Reduce And Resize Dropbox Camera Uploads Automatically With Hazel”

Detecting Wirelurker Malware

[UPDATE] It appears the command and control infrastructure has been neutralized.

Palo Alto has already written a script that will detect the Wirelurker malware.  It basically scans for the files known to be malicious.  Just download the script and run it from Terminal:

curl -O https://raw.githubusercontent.com/PaloAltoNetworks-BD/WireLurkerDetector/master/WireLurkerDetectorOSX.py</code>
python WireLurkerDetectorOSX.py

Continue reading “Detecting Wirelurker Malware”

Folder Actions On Yosemite Broken? Use launchd Instead

My roll-your-own malware detection has been having troubles in OS X Yosemite.  It appears that it increases CPU usage to abnormal amounts.  I have come up with two alternative solutions that you may want to try.

To detect many pieces of malware, you will want to monitor these folders:

/Library/LaunchAgents
/Library/LaunchDaemons
/Users/your_user/LaunchAgents

There are other folders to watch, which detect specific pieces of malware like the Backdoor.iWorm, but the three above should offer decent detection.

Two Methods to Replace Folder Actions On Yosemite

Malware Detection Using Hazel (Paid, But Easy)

This will be the easiest, but you also have to pay for the app.

Set up the Hazel rules as seen below for each of the folder mentioned above.

ryo-malware-hazel

You will get a notification with the filename if something gets placed in those folders.  It will then open the folder so you can decide if it needs to be deleted or if it is a legitimate file.

hazel-alert-malware

Malware Detection Using launchd (Free, More Technical, and Severely-limited)

Unfortunately, this method is more technical and does not work as well as Folder actions because the file and folder name do not get passed as arguments to the script.  So those nice alert dialogs you used to get won’t have all the nifty information.  But if you don’t feel like paying for Hazel, or having your CPU go crazy using Folder Actions, and still want to at least know if something is going on, then read on.

Ironically enough, you will be creating a file and putting it in one of the folders that Folder Actions may have previously been monitoring.  This should also give you some insight as to why hackers are always trying to put files into these folders.

Script To Run When Items Are Added To The Folders

First, you will need a script that will execute when a new item is added into one of the folders.  Since launchd won’t pass arguments to the script, you can just make a basic dialog that tells you an item was added to them.

#!/bin/bash
osascript -e 'display dialog "Possible launchd threat detected..." with title "Roll-your-own Malware Detection"'

launchd .plist To Watch The Folders For Changes

The next process is much easier if you use a program like Lingon X, but I will show you how to manually create the file.  I suggest using an app like TextWrangler because it works better for writing code.  If you want to use TextEdit or some other editor, be sure it is set to plain-text and not rich-text.

Create a new file called RollYourOwn.MalwareDetection.Yosemite.plist  with the following content:

Then, save it to /Library/LaunchAgents .  Make sure the file has the correct user, group, and permissions by running these commands:

sudo chown root:wheel /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist
sudo chmod 644 /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist

You will also want to make sure any extended attributes are gone.  Check if there are any with this command:

ls -l@ /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist

If the result has an “@” symbol in it, then there are some extended attributes and they will be listed below the filename.  For example, this is what mine look liked:

-rw-r--r--@ 1 root wheel 582B Oct 20 14:05 /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist
     com.apple.FinderInfo&nbsp; 32B
     com.apple.TextEncoding&nbsp; 15B

To remove these, use xattr  with the -d  (delete) option

sudo xattr -d com.apple.FinderInfo /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist
sudo xattr -d com.apple.TextEncoding /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist

If you instead edited the text file from the command line in vim  or nano , there are probably not any extended attributes to remove.

Now the launchd plist is ready.  What you just made was your own little program that runs a custom script (for all users at login).  It will run automatically and in the background.  Now you might understand why hackers will try to install things in a similar fashion.  They can have their malicious code executed every time someone logs into their Mac.  But the file you just made runs code that will help rather than hinder.

The launchd plist utilized QueueDirectories, which will basically run the script as long as there is an item in it.  You can also use WatchPaths, but it it much more sensitive to changes.  Experiment with both to find out what is best for you.

Roll-your-own Defense Against Mac.BackDoor.iWorm

[UPDATE]: Advanced settings added below

Get Alerted If Your Computer Gets Infected

When the Mac.BackDoor.iWorm malware gets installed via pirated software, your computer and becomes part of a botnet.  While you may not be able to stop it from getting there, you can be alerted when it does and then take steps to manually neutralize it. Continue reading “Roll-your-own Defense Against Mac.BackDoor.iWorm”