EVOSEC

Attention! «Live HTTP Headers» — a Chrome extension that tracks clicks

One of our clients has reported unusual behavior while using this extension to track / develop a website and the associated webapp.

Seems like the extension has been modified to inject tracking [that’s the least we found out from our quick investigation]. A part of the code used can be found here:
https://gist.github.com/mala/e87973df5029d96c9269d9431fcef5cb

We recommend anyone using this extension to uninstall it and carefully investigate.

Проблемы с доставкой почты в Hotmail, ICloud или Outlook?

Мы проверим ваш сервер DNS записи конфигурации, если как-то черный список IP-сервер (и, самое главное, почему) и мы будем выдавать отчет или пообщаться с ИТ-отдела/поддержки. После этого мы можем решить все проблемы для вас, или показать ваш ИТ-отдел/услуги как это сделать.

New IoT Malware? Anime/Kami

During August 2016, we came across several devices that were infected with a new malware that we couldn’t identify — for now. It resides in a read-write partition of some CCTV devices (most partitions on these devices are read-only), in a folder called .anime under the name .kami. It seems the attack used hard-coded telnet credentials and then downloaded the now-unknown malware(or maybe created the file via «echo» commands).

CCTV Malware

We failed to identify it, since it’s truncated — the final file seems to be bigger than the partition it was created on (mounted as /mnt/mtd).

.kami: ERROR: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linkederror reading (Invalid argument)

The MD5 of it:

cdd887f2112b3d87b96154ca492368a8 .kami

For now, all we can recommend is to move devices from DMZ to proper port-forwarding and, where needed, install a router as a firewall in front of them.

Автоматизация резервного копирования данных / синхронизация через RDP

One of our clients asked us if we could provide a solution to automate data backup (logs, DB files, documents etc) only via RDP.