# Conficker checks the local clock every 90 minutes (in some cases even more frequently)
# The check is done with Windows GetSystemTime function
# GetSystemTime ignores time zones, and always replies in GMT time (aka UTC time)
# Because of this, machines around the world should report the same time
# However, clock skew affects this as well
# But not by much, as Windows machines will sync their local clock with time.windows.com once a week
# Once the local clock says it's April 1st, Conficker will check the date from the net
Tuesday, March 31, 2009
Conficker Activation: Still no Internet Apocalypse
It looks like the April 1st checkpoint has come to some parts of the world already and, as expected, the internet apocalypse forecast by several blogs, AV vendors and news media has yet to come. F-Secure did a good writeup explaining why this seems like its being written a day too early.
Monday, March 30, 2009
GhostNet Analysis
The big news for today is the paper released by a Canadian research firm and published today in the Information Warfare Monitor (site has been slow and/or down most of the day) on the GhostNet botnet.
Researchers at the Information Warfare Monitor uncovered a suspected cyber espionage network of over 1,295 infected hosts in 103 countries. This finding comes at the close of a 10-month investigation of alleged Chinese cyber spying against Tibetan institutions that consisted of fieldwork, technical scouting, and laboratory analysis.
Friday, March 27, 2009
Conficker Worm: Heads Up!
As we approach April 1st I thought I would remind everyone of our little friend, Conficker. Who is still alive and well and set to report back to the mothership on this day. Dark Reading had this snippet:
I think it is important to note (as it has been done elsewhere) that alot of the Conficker infections are already operating in a P2P mode, so the "phone home" is not really a hugely significant event as it would not be necessary to push out a particularly nasty task to infected machines via a download.
Regardless, this thing has proved very interesting so far... Personally, I think the fact that it is set for April 1st (April Fools Day for the non-celebrating countries) is telling.
"The so-called Conficker worm (a.k.a. Conficker/Downadup) is being billed as the next possible April Fool's Day threat. Machines infected with the third and latest version of the worm -- Conficker.C -- are expected to "phone home" and receive their updates on April 1."[link]
I think it is important to note (as it has been done elsewhere) that alot of the Conficker infections are already operating in a P2P mode, so the "phone home" is not really a hugely significant event as it would not be necessary to push out a particularly nasty task to infected machines via a download.
Regardless, this thing has proved very interesting so far... Personally, I think the fact that it is set for April 1st (April Fools Day for the non-celebrating countries) is telling.
Friday, March 20, 2009
Arduino on Fedora Core 9
I recently installed Fedora Core 9 on a personal laptop I had sitting around. While this was a good move for several reasons I didn't really think about the fact that this was the same machine I was doing most of my homebrew electronics stuff with. This afternoon I sat down and decided to have a look to see if the Arduino Processing environment would run with a minimal amount of effort in setting it up. (turns out it does!)
First step was to check the requirements from the arduino.cc home page. The three main pieces you need for this to work are:
At this point it should download and install the necessary avr packages. If you have already downloaded the arduino package you will want to extract that now.
If you get an error that looks like this:
You will need to also download the "swingx.noarch" package from Yum as well. Otherwise, when your Processing environment loads you will be left with no GUI.
Now go build some cool stuff!
First step was to check the requirements from the arduino.cc home page. The three main pieces you need for this to work are:
- The Arduino Processing package
- Sun's Java JRE (mine was 1.6.0)
- the GCC compiler for AVR (avr-gcc)
[tk@localhost ~]$ yum search avr
================================= Matched: avr =================================
avarice.i386 : Program for interfacing the Atmel JTAG ICE to GDB
avr-binutils.i386 : Cross Compiling GNU binutils targeted at avr
avr-gcc.i386 : Cross Compiling GNU GCC targeted at avr
avr-gcc-c++.i386 : Cross Compiling GNU GCC targeted at avr
avr-gdb.i386 : GDB for (remote) debugging avr binaries
avr-libc.noarch : C library for use with GCC on Atmel AVR microcontrollers
avr-libc-docs.noarch : AVR C library docs in html and pdf format
avrdude.i386 : Software for programming Atmel AVR Microcontroller
dfu-programmer.i386 : A Device Firmware Update based USB programmer for Atmel
: chips
uisp.i386 : Universal In-System Programmer for Atmel AVR and 8051
[tk@localhost ~]$ yum install avr-gcc.i386
At this point it should download and install the necessary avr packages. If you have already downloaded the arduino package you will want to extract that now.
[tk@localhost Download/]$ gunzip arduino-0013-linux2.tar.gz
[tk@localhost Download/]$ tar -xvf arduino-0013-linux2.tar
...lots of files listed...
[tk@localhost Download/]$ cd arduino-0013; ./arduino
If you get an error that looks like this:
java.lang.ClassNotFoundException: com.sun.java.swing.plaf.gtk.GTKLookAndFeel not found in
gnu.gcj.runtime.SystemClassLoader{urls=[file:lib/,file:lib/build/,file:lib/pde.jar,file:lib
/antlr.jar,file:lib/oro.jar,file:lib/registry.jar,file:lib/mrj.jar,file:lib/RXTXcomm.jar],
parent=gnu.gcj.runtime.ExtensionClassLoader{urls=[], parent=null}}
You will need to also download the "swingx.noarch" package from Yum as well. Otherwise, when your Processing environment loads you will be left with no GUI.
Now go build some cool stuff!
Subscribe to:
Posts (Atom)
Posts
