#!/bin/bash
This post isn’t about a specific security breach, but rather a post to educate you on how to better protect your online identity. The term “anonymize” is used loosely for lack of a better word.
Malcontents are sneaky. In their latest ploy, they are counting on you misspelling “.com” so they can send you to one of their fake domains. So instead of going to netflix.com, you end up at netflix.om–a phony site determined to infect you with malware. If you are not paying attention, you might not realize you are on the wrong domain. Continue reading “Automatically Change .om to .com To Prevent Malware”
Apple has already shut down the ransomware found in the Transmission torrent client. You can easily prevent this from happening to you in the future by adding a Hazel rule to your downloads folder, which will automatically determine the checksum, so you can compare it with the one the legitimate file has. Continue reading “Prevent Ransomware By Automatically Finding The Checksum Of Downloaded Files”
Yes, a DNSthingy (the consumer-facing name is Netbender). It’s an (ASUS) router running some custom firmware (based on asuswrt-merlin) that does cool stuff using DNS, such as:
Continue reading “If You Like The Pi-hole, You Will Like Rolling-your-own DNSthingy (Netbender)”
If you want Wi-Fi by the campfire or down at the dock this weekend, you can make a cantenna for as low as $23 (it will be more if you need some of the tools or common supplies). You can either connect the canntena to your computer or your router. Either method will allow you to connect to your network from a long distance. I used my cantenna last weekend to pick up my network (over 700 meters away) while sitting in a boat in the middle of the lake. Continue reading “Get Lakeside Wi-Fi At Your Cabin By Making A Cantenna For ~$23”
[UPDATE] It appears the command and control infrastructure has been neutralized.
Palo Alto has already written a script that will detect the Wirelurker malware. It basically scans for the files known to be malicious. Just download the script and run it from Terminal:
curl -O https://raw.githubusercontent.com/PaloAltoNetworks-BD/WireLurkerDetector/master/WireLurkerDetectorOSX.py</code> python WireLurkerDetectorOSX.py
With this trick, you can get alerted if your system gets infected and then take steps to manually neutralize it. The Ventir Trojan is a keylogger, which means all of your keystrokes are recorded. Continue reading “Roll-you-own Ventir Trojan Detector for OS X”
My roll-your-own malware detection has been having troubles in OS X Yosemite. It appears that it increases CPU usage to abnormal amounts. I have come up with two alternative solutions that you may want to try.
To detect many pieces of malware, you will want to monitor these folders:
/Library/LaunchAgents /Library/LaunchDaemons /Users/your_user/LaunchAgents
There are other folders to watch, which detect specific pieces of malware like the Backdoor.iWorm, but the three above should offer decent detection.
This will be the easiest, but you also have to pay for the app.
Set up the Hazel rules as seen below for each of the folder mentioned above.
You will get a notification with the filename if something gets placed in those folders. It will then open the folder so you can decide if it needs to be deleted or if it is a legitimate file.
Unfortunately, this method is more technical and does not work as well as Folder actions because the file and folder name do not get passed as arguments to the script. So those nice alert dialogs you used to get won’t have all the nifty information. But if you don’t feel like paying for Hazel, or having your CPU go crazy using Folder Actions, and still want to at least know if something is going on, then read on.
Ironically enough, you will be creating a file and putting it in one of the folders that Folder Actions may have previously been monitoring. This should also give you some insight as to why hackers are always trying to put files into these folders.
First, you will need a script that will execute when a new item is added into one of the folders. Since launchd won’t pass arguments to the script, you can just make a basic dialog that tells you an item was added to them.
#!/bin/bash osascript -e 'display dialog "Possible launchd threat detected..." with title "Roll-your-own Malware Detection"'
The next process is much easier if you use a program like Lingon X, but I will show you how to manually create the file. I suggest using an app like TextWrangler because it works better for writing code. If you want to use TextEdit or some other editor, be sure it is set to plain-text and not rich-text.
Create a new file called RollYourOwn.MalwareDetection.Yosemite.plist with the following content:
Then, save it to /Library/LaunchAgents . Make sure the file has the correct user, group, and permissions by running these commands:
sudo chown root:wheel /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist sudo chmod 644 /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist
You will also want to make sure any extended attributes are gone. Check if there are any with this command:
ls -l@ /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist
If the result has an “@” symbol in it, then there are some extended attributes and they will be listed below the filename. For example, this is what mine look liked:
-rw-r--r--@ 1 root wheel 582B Oct 20 14:05 /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist
com.apple.FinderInfo 32B
com.apple.TextEncoding 15B
To remove these, use xattr with the -d (delete) option
sudo xattr -d com.apple.FinderInfo /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist sudo xattr -d com.apple.TextEncoding /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist
If you instead edited the text file from the command line in vim or nano , there are probably not any extended attributes to remove.
Now the launchd plist is ready. What you just made was your own little program that runs a custom script (for all users at login). It will run automatically and in the background. Now you might understand why hackers will try to install things in a similar fashion. They can have their malicious code executed every time someone logs into their Mac. But the file you just made runs code that will help rather than hinder.
The launchd plist utilized QueueDirectories, which will basically run the script as long as there is an item in it. You can also use WatchPaths, but it it much more sensitive to changes. Experiment with both to find out what is best for you.
Use your LastPass usernames and passwords in Safari on your iOS device without paying for a LastPass Premium subscription. Using a bit of scripting, you can roll-your-own Last Pass freemium without paying a dime!
That said, it is far from perfect (see caveats below), but it is a great way to have access to your LastPass passwords on iOS without paying for a premium subscription (although, it is reasonably-priced). Continue reading “Roll-your-own LastPass Premium”
[UPDATE]: Advanced settings added below
When the Mac.BackDoor.iWorm malware gets installed via pirated software, your computer and becomes part of a botnet. While you may not be able to stop it from getting there, you can be alerted when it does and then take steps to manually neutralize it. Continue reading “Roll-your-own Defense Against Mac.BackDoor.iWorm”