Mac OSX “Bubble” Malware Browser Infection

Had a curious case of a Macbook Pro which had a browser hijack from what appeared to be some nasty Malware.

It was overlaying a small window in the bottom left of every new browser window in both Google Chrome and Safari (both latest versions as of 11/03/2015).

The window usually suggested a Russian Bride or pyramid “investment” advert. The malware was also subverting any links clicked from legitimate pages and returning the request (mostly) but also opening an additional tab to more advertising websites (bettering, bridges, “investments” etc).

 

Booting the system into a live USB 10.10 environment allowed me to Sophos 9.2.2 scan the drive which highlighted an infected “Install paint.dmg” file but nothing else.

 

Having removed that I began some web searching and came across an informative HowToGeek article: http://www.howtogeek.com/210589/mac-os-x-isn%E2%80%99t-safe-anymore-the-crapware-malware-epidemic-has-begun/

Also some informative results on an Apple discussions thread : https://discussions.apple.com/thread/6673353

This led me to :

  1. Searching /Library/Launch Agents/ where I found a “com.bubble.plist”, looking at the file it was indeed making references to /Library/Application Support/Launch Agents/bubble
  2. I then removed  /Library/Launch Agents/com.bubble.plist and also  /Library/Application Support/Launch Agents/bubble
  3. Rebooted the Macbook Pro and the problem seemed to be resolved! I’m never 100% confident in these areas but Sophos is happy (it failed to install during the infection but installed happily afterwards).

Windows: WLAN WPA Deployment

to deploy a wlan profile along with WPA2 key (in plain text so be warned!):

1. Create the profile first and then use:

Netsh Wlan Export Profile Name="<<PROFILE NAME>>" key=clear

this dumps an xml in the current working directort with the password in plain text.

 

2. You can then run:

netsh wlan add profile filename="<<new xml file name>>" user=all

to reimport it on another machine

 

Other netsh WLAN commands:
http://windows.microsoft.com/en-GB/windows-8/manage-wireless-network-profiles

Task
Instructions

Delete a profile

At the command prompt, type:

netsh wlan delete profile name=”ProfileName”

Show all wireless profiles on the PC

At the command prompt, type:

netsh wlan show profiles

Show a security key

At the command prompt, type:

netsh wlan show profile name=“ProfileName” key=clear

Move a network up in the priority list

Connecting to a new network and choosing Connect automatically will place it at the top of the list.

Stop automatically connecting to a network within range

Tap or click the network in the network list, then clickDisconnect.

Stop automatically connecting to a network that’s out of range

At the command prompt, type:

netsh wlan set profileparameter name=”ProfileName” connectionmode=manual

courses.edx.org : tr, tee, wc, cut

The tr utility is used to translate specified characters into other characters or to delete them. The general syntax is as follows:

$ tr [options] set1 [set2]

The items in the square brackets are optional. tr requires at least one argument and accepts a maximum of two. The first, designated set1 in the example, lists the characters in the text to be replaced or removed. The second, set2, lists the characters that are to be substituted for the characters listed in the first argument. Sometimes these sets need to be surrounded by apostrophes (or single-quotes (‘)) in order to have the shell ignore that they mean something special to the shell. It is usually safe (and may be required) to use the single-quotes around each of the sets as you will see in the examples below.

For example, suppose you have a file named city containing several lines of text in mixed case. To translate all lower case characters to upper case, at the command prompt type cat city | tr a-z A-Z and press the Enter key.

Command Usage
$ tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ Convert lower case to upper case
$ tr ‘{}’ ‘()’ < inputfile > outputfile Translate braces into parenthesis
$ echo “This is for testing” | tr [:space:] ‘t’ Translate white-space to tabs
$ echo “This   is   for    testing” | tr -s [:space:] Squeeze repetition of characters using -s
$ echo “the geek stuff” | tr -d ‘t’ Delete specified characters using -d option
$ echo “my username is 432234” | tr -cd [:digit:] Complement the sets using -c option
$ tr -cd [:print:] < file.txt Remove all non-printable character from a file
$ tr -s ‘n’ ‘ ‘ < file.txt Join all the lines in a file into a single line

tee:
tee takes the output from any command, and while sending it to standard output, it also saves it to a file. In other words, it “teesthe output stream from the command: one stream is displayed on the standard output and the other is saved to a file.

For example, to list the contents of a directory on the screen and save the output to a file, at the command prompt type ls -l | tee newfileand press the Enter key.

Typing cat newfile will then display the output of ls –l.

 

wc
wc (word count) counts the number of lines, words, and characters in a file or list of files. Options are given in the table below.

By default all three of these options are active.

For example, to print the number of lines contained in a file, at the command prompt type wc -l filename and press the Enter key.

Option Description
–l display the number of lines.
-c display the number of bytes.
-w display the number of words.

cut
cut is used for manipulating column-based files and is designed to extract specific columns. The default column separator is the tab character. A different delimiter can be given as a command option.

For example, to display the third column delimited by a blank space, at the command prompt type ls -l | cut -d” ” -f3 and press the Enter key.

 

courses.edx.org : sort, uniq, paste, join

Syntax Usage
sort <filename> Sort the lines in the specified file
cat file1 file2 | sort Append the two files, then sort the lines and display the output on the terminal
sort -r <filename> Sort the lines in reverse order

To remove duplicate entries from some files, use the following command:

sort file1 file2 | uniq > file3

To count the number of duplicate entries, use the following command:

uniq -c filename

PASTE:
To paste contents from two files one can do:

$ paste file1 file2

The syntax to use a different delimiter is as follows:

$ paste -d, file1 file2

Common delimiters are ‘space’, ‘tab’, ‘|’, ‘comma’, etc.

JOIN:
To combine two files on a common field, at the command prompt type

join file1 file2

and press the Enter key.

SPLIT:
By default split breaks up a file into 1,000-line segments. The original file remains unchanged, and set of new files with the same name plus an added prefix is created. By default, the x prefix is added. To split a file into segments, use the command

$ split  

Access VBA Loop

MS Access VBA – Looping through records


Sub LoopRecExample()
On Error GoTo Error_Handler
Dim db As DAO.Database
Dim rs As DAO.Recordset
Dim iCount As Integer

Set db = CurrentDb()
Set rs = db.OpenRecordset("TableName") 'open the recordset for use (table, Query, SQL Statement)

With rs
If .RecordCount <> 0 Then 'Ensure that there are actually records to work with
'The next 2 line will determine the number of returned records
rs.MoveLast 'This is required otherwise you may not get the right count
iCount = rs.RecordCount 'Determine the number of returned records

Do While Not .BOF
'Do something with the recordset/Your Code Goes Here
.MovePrevious
Loop
End If
End With

rs.Close 'Close the recordset

Error_Handler_Exit:
On Error Resume Next
'Cleanup after ourselves
Set rs = Nothing
Set db = Nothing
Exit Sub

Error_Handler:
MsgBox "MS Access has generated the following error" & vbCrLf & vbCrLf & "Error Number: " & _
Err.Number & vbCrLf & "Error Source: LoopRecExample" & vbCrLf & "Error Description: " & _
Err.Description, vbCritical, "An Error has Occured!"
Resume Error_Handler_Exit
End Sub

Night Porter Email (Pyinstaller, PiP etc)

1. Install Python 2.7

2. Install PIP (from http://stackoverflow.com/questions/4750806/how-to-install-pip-on-windows)
Python 2.x and Python ≤ 3.3

Flying in the face of its ‘batteries included’ motto, Python ships without a package manager. To make matters worse, Pip was–until recently–ironically difficult to install.

Official instructions

Per http://www.pip-installer.org/en/latest/installing.html

Download get-pip.py, being careful to save it as a .py file rather than .txt. Then, run it from the command prompt.

python get-pip.py
You possibly need an administrator command prompt to do this. Follow http://technet.microsoft.com/en-us/library/cc947813(v=ws.10).aspx

Alternative instructions

The official documentation tells users to install Pip and each its dependencies from source. That’s tedious for the experienced, and prohibitively difficult for newbies.

For our sake, Christoph Gohlke prepares Windows installers (.msi) for popular Python packages. He builds installers for all Python versions, both 32 and 64 bit. You need to

Install setuptools http://www.lfd.uci.edu/~gohlke/pythonlibs/#setuptools
Install pip http://www.lfd.uci.edu/~gohlke/pythonlibs/#pip
For me, this installed Pip at C:Python27Scriptspip.exe. Find pip.exe on your computer, then add its folder (eg. C:Python27Scripts) to your path (Start / Edit environment variables). Now you should be able to run pip from the command line. Try installing a package:

pip install httpie
There you go (hopefully)! Solutions for common problems are given below:

Proxy problems

If you work in an office, you might be behind a HTTP proxy. If so, set the environment variables http_proxy and https_proxy. Most Python applications (and other free software) respect these. Example syntax:

http://proxy_url:port
http://username:password@proxy_url:port
If you’re really unlucky, your proxy might be a Microsoft NTLM proxy. Free software can’t cope. The only solution is to install a free software friendly proxy that forwards to the nasty proxy. http://cntlm.sourceforge.net/

Unable to find vcvarsall.bat

Python modules can be part written in C or C++. Pip tries to compile from source. If you don’t have a C/C++ compiler installed and configured, you’ll see this cryptic error message.

Error: Unable to find vcvarsall.bat

You can fix that by installing a C++ compiler such as MinGW or Visual C++, but again it’s often easier to check Christoph’s site for your package http://www.lfd.uci.edu/~gohlke/pythonlibs/

3. Install Pyinstaller
http://pythonhosted.org/PyInstaller/#installing-using-pip

4. Apply updated to porters.py via BitBucket

5. Using updated porters.py run
pyinstaller –onefile –noconsole –icon=portericon.ico porters.py

Maintenance MySQL – Timesheets Android: time_sheet_last

1. time_sheet_last_sub
CREATE VIEW time_sheet_last_sub AS
SELECT DISTINCT MAX(ts_id) ts_id, ts_userid, ts_WE, MAX(ts_scandt) ts_last_synch
FROM time_sheet GROUP BY ts_userid, ts_WE;

2. time_sheet_last
CREATE VIEW time_sheet_last AS
SELECT time_sheet.* from time_sheet, time_sheet_last_sub
WHERE time_sheet.ts_id=time_sheet_last_sub.ts_id
ORDER BY time_sheet.ts_id DESC;