Blog about jetlbue.com has been updated Wrong Spelling Brand Name Hijack
The hijacked mining computers are being recruited to mine for the group supportxmr.com. If you use the ‘address’ in ‘payment address’, you’ll find a list of websites running this code, actively contributing to the hackers project.
We recommend a Website Firewall, and regular scanning for Malware. Sucuri’s service picked up this obfuscated code on a client website, alerting us to the infection.
*** Update: As part of this find, we notified 25 websites about the infection, and many have since removed it. One organization claimed that there was a complaint lodged against them with the BBB, after I had sent a notification about a week prior. Businesses ranged from Public Libraries, to a Portable Bathroom company.
We spent a great deal of time in late 2017 reviewing NGAV products on the market. All of the testing was done using demo environments, directly from the vendor. Namely: Cylance, SentinelOne, Barkly, BitDefender GravityZone, CrowdStrike, and a handful of other endpoint products. The research was conducted to keep updated on the underlying technologies powering NGAV. As you might expect, a good deal of time was spent running Malware, and tampering with the AV processes themselves. We tested the features and functionality of the cloud consoles and any notable impacts on system performance. It is highly recommended that you perform your own testing, and using other resources than what the vendor provides, in terms of malware samples.
Highlights of the testing, and outcomes
*** Update – Panda Antivirus Adaptive 360 is the new winner out of these solutions, and we’re working on updating the blog.
BitDefender – Best all around Endpoint platform with NGAV functionality. The GravityZone product has HyperDetect (Pre-execution protection), Sandbox Analysis based on Exploits, Ransomware, and Grayware. Full Disk Encryption (FDE) as well. Best feature set for managing endpoints. Performance on machines is not impacted by scans, or processes. Very hard to tamper with in memory, or by attacking it’s program files. Web Filtering is effective, and often they were the only vendor on Virustotal blocking phishing pages. Overall stability is great, and configurability on the console is very good for putting machine in contains, and controlling active modules. Be on the lookout for BitDefender rolling out EDR, Hyperdetect, Sandboxing, and other new competitive features.… Read the article
Mcafee Security Scan 3x appears to come installed OEM on Dell Latitude laptops. There does seem to be an acceptance screen during the out of the box wizard, and if you’ve accidentally accepted, or imaged this into machines we’ve discovered the best way to remove it using a script, remotely, without any user intervention.
32-bit: "%ProgramFiles%\McAfee Security Scan\uninstall.exe" /S /inner
64-bit: "%ProgramFiles(x86)%\McAfee Security Scan\uninstall.exe" /S /inner
Office 2013/2016 fails to activate on a fresh build. We notice that “No Network Connection” is present on the adapter, running Windows 7 x64bit. The client has two adapters connected, one Ethernet, and the other is Wireless. Both say there is no “Internet Connection” when one clearly exists.
(If you notice that your inside network is set to Public Network, then click it and change to Work or Home)
The specific error on opening Office is “We are unable to connect right now. Please check your network, and try again later”. There is an offering to “Enter a product key instead”, but that won’t apply to Office 365.
One recommended fix item was a registry key pointed out for Active Probing, but it did not work.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\Active Probing (1)
We’ve also seen fixes that involved two keys which could be corrupt, or previously configured to block internet sign-in, but that wasn’t it:
After reviewing sources pointing to various Windows fixes, we had success with general network clean up commands. Here’s the script used to clean the box, and the network connection in the system tray was working right away. It’s likely one of these commands that’s doing the fixing, but for the purpose of revealing the entire fix, I’ve included all of it:
@echo off echo %time%: Beginning network repair process. :: BEGIN Callout A echo %time%: Releasing DHCP lease(s)... ipconfig /release > NUL :: END Callout A echo %time%: Renewing DHCP lease(s)...… Read the article