Top Malwares Organizations should watch out for

Kovter is a Trojan, which has been observed acting as click fraud malware or a ransomware downloader. It is disseminated via malspam email attachments containing malicious office macros. Kovter is fileless malware that evades detection by hiding in registry keys. Some reports indicate that Kovter infections have received updated instructions from command and control infrastructure to serve as a remote access backdoor.
Emotet is a modular Trojan that downloads or drops banking Trojans. Initial infection occurs via malspam emails that contain malicious download links, a PDF with embedded links, or a macro-enabled Word attachment. Emotet incorporates spreader modules in order to propagate throughout a network. Emotet is known to download/drop the Pinkslipbot and Dridex banking Trojans. Currently, there are four known spreader modules: Outlook scraper, WebBrowserPassView, Mail PassView, and a credential enumerator.
Outlook Scraper: a tool that scrapes names and email addresses from the victim’s Outlook accounts and uses that information to send out phishing emails from the compromised account;
WebBrowserPassView: a password recovery tool that captures passwords stored by Internet Explorer, Mozilla Firefox, Google Chrome, Safari, and Opera and passes them to the credential enumerator module;
Mail PassView: a password recovery tool that reveals passwords and account details for various email clients such as Microsoft Outlook, Windows Mail, Mozilla Thunderbird, Hotmail, Yahoo! Mail, and Gmail and passes them to the credential enumerator module;
Credential Enumerator: a self-extracting RAR file containing a bypass and a service component. The bypass component is used for enumeration of network resources and either finds writable share drives or tries to brute force user accounts, including the administrator account. Once an available system is found, Emotet then writes the service component on the system, which writes Emotet onto the disk.
WannaCry is a ransomware worm that uses the EternalBlue exploit to spread. Version 1.0 is known to have a “killswitch” domain, which stops the encryption process. Later versions are not known to have a “killswitch” domain. WannaCry is disseminated via malspam.
ZeuS/Zbot is a modular banking Trojan which uses keystroke logging to compromise victim credentials when the user visits a banking website. Since the release of the ZeuS/Zbot source code in 2011, many other malware variants have adopted parts of its codebase, which means that events classified as ZeuS/Zbot may actually be other malware using parts of the ZeuS/Zbot code.
CoinMiner is a cryptocurrency miner that was initially disseminated via malvertising. Once a machine is infected, CoinMiner uses Windows Management Instrument (WMI) and EternalBlue to exploit SMB and spread across a network. CoinMiner uses the WMI Standard Event Consumer scripting to execute scripts for persistence.
Gh0st is a RAT used to control infected endpoints. Gh0st is dropped by other malware to create a backdoor into a device, allowing an attacker to fully control the infected device
NanoCore is a Remote Access Trojan (RAT) spread via malspam as a malicious Excel XLS spreadsheet. As a RAT, NanoCore can accept commands to download and execute files, visit websites, and add registry keys for persistence.
Ursnif, and its variant Dreambot, are banking trojans known for weaponizing documents. Ursnif recently upgraded its web injection attacks to include TLS callbacks in order to obfuscate against anti-malware software. Ursnif collects victim information from login pages and web forms
Mirai is a malware botnet known to compromise Internet of Things (IoT) devices in order to conduct large-scale distributed denial of service (DDoS) attacks. Mirai is dropped after an exploit has allowed the attacker to gain access to a machine.
Redyms is a click-fraud trojan that is primarily downloaded via exploit kit. Redyms has virtualization and sandbox detection and is primarily distributed in the United States.

Nigeria’s best Digital Marketplace

Nigeria has alot of online shops and Marketplaces but there seems to be little interest for Digital Marketplaces.

A place where you can sell your paintings, software, Books, Tutorials, Videos, Music, Domain names, Scripts etc.

Just about anything that can be downloaded can be listed by you for sell.

the great thing is that you get to own your own store list as many products under your store as you want and advertise your store.

Here at John.ng we have everything set up for you.

we call it, the Digital Marketplace!!!

https://shop.john.ng

while browsing the default homepage you can find it under the menu name “Marketplace”.

The platform has been built to be very robust and dynamic. Both buyers and sellers are assured an amazing time.

 

WHOIS Lookup

Whois Lookup Script

You can download a simple dns script below and host on your own server.

Simple-DNS-Lookup-master

Some Important htaccess codes you might need

During your website development stages, you might find the need to use some htaccess codes in order to achieve some tasks.

So i have made a list of some nifty codes you might find useful.


############################################
# CUSTOM SEO FRIENDLY URL REWRITING
############################################

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]

</IfModule>

############################################
## default index file

DirectoryIndex index.php

############################################
## The code below should help against Local and Remote File Inclusion attacks.

RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} (.*)(http|https|ftp):\/\/(.*)
RewriteCond %{QUERY_STRING} ^.*=(ht|f)tp\://.*$ [NC]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
RewriteRule .* - [F]
RewriteRule ^(.*)$ index.php [F,L]

############################################
## use URL encoding in the http:// part

RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http%3A%2F%2F [OR]

############################################
## Adding the following directive should give you an additional layer of security
## against this type of attacks using the proc/self/environ method.

RewriteCond %{QUERY_STRING} proc\/self\/environ [NC,OR]

###########################################
# disable user agent verification to not break multiple image upload

#php_flag suhosin.session.cryptua off

############################################
# PASS THE DEFAULT CHARACTER SET
############################################

AddDefaultCharset utf-8

############################################
# DISABLE THE SERVER SIGNATURE
############################################

ServerSignature Off

################################
# UPDATING TEMPLATES, JAVASCRIPT OR CSS FILE WITHOUT HITTING MOD_SECURITY.
# THIS SETTING MOSTLY HANDY WHEN YOU ARE MODIFYING TEMPLATES FROM ADMIN AREA.
################################

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

################################
# PREVENT FILE VIEWING WITH HTACCESS
################################

<Files ~ "\.(pl|jsp|cgi|py|sh|cgi|exe|dll|lo|shtml|phtml)$">
order deny,allow
deny from all
</Files>

################################
# PPROTECT CONFIG.* FILES
################################

<FilesMatch "^(.*)\.(inc|txt|dat|shtml|exe|dll|pl|cgi|jsp|asp|aspx|ini|sh|zip)$">
AddDefaultCharset UTF-8
Order deny,allow
Deny from all
</FilesMatch>

############################################
## workaround for HTTP authorization
## in CGI environment

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

<IfModule mod_expires.c>

############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires

ExpiresDefault "access plus 1 year"

</IfModule>

############################################
## If running in cluster environment, uncomment this
## http://developer.yahoo.com/performance/rules.html#etags

#FileETag none

.htaccess code to discourage search engines from indexing your website

.htaccess code to discourage search engines from indexing your website

For some reasons you might need to discourage search engines from indexing your website, most times if your website is still in development stage.

Using a robots.txt is no longer advised, according to this yoast article so using htaccess might just be what you need.

I will assume you know your way around creating a htaccess file or editing it if it already exists.

so just add these lines in your htaccess file.


<IfModule mod_headers.c>
Header set X-Robots-Tag "noindex, nofollow, noarchive"
<FilesMatch "\.(doc|pdf|png|jpe?g|gif)$">
Header set X-Robots-Tag "noindex, noarchive, nosnippet"
</FilesMatch>
</IfModule>

Explanation of Networks and Packets

Explanation of Networks and Packets

Packet. This is a small amount of computer data sent over a network. Any time you receive data from the Internet, it comes to your computer in the form of many littlepackets. Each packet contains the address of its origin and destination, and information that connects it to the related packets being sent.

Networks and Packets
2.12 Networks and Packets
The word “network” comes from fishing nets, where we have many strings tied together to form a mesh, and one could trace many different possible routes between any two knots or nodes on the net-work.
In the data communications business, we use the word network in the same way. Networks consist of network equipment connected together with high capacity circuits. Normally, there are redundant connections and multiple routes could be followed between any two pieces of network equipment. Access circuits are connected to each piece of network equipment, and users transmit data over the network by sending it into the network over an access circuit, whence it is transferred between network equipment to the receiving end, then delivered over the far-end access circuit.
Data to be transferred over a network is formatted into packets , which are sometimes also called datagrams or Network Protocol Data Units. We will avoid getting caught up in jargon and use the term packet.
Packets are blocks of data with network control information. The most interesting type of network control information is the network address , which indicates the final destination of the packet. All network equipment, such as routers, look at the network address to decide which route to take to get to that destination.
Data to be transferred over a network must be formatted into packets with network addresses regardless of which type of data circuit is used. Examples of protocols which do this are the Internet Protocol IP and Novell’s IPX.
Note that older-style data services offered by telecommunications carriers use the same principles, and require that any data you wish to transmit (even an IP packet!) be packaged into one of their packets to be transmitted over their circuits. In this case, the telecom service provider assigns the network addresses. The most common standard for this was called X.25, which is too slow for modern LAN-LAN communications.
The definition of a network is having to make a routing decision : which route to take to get to the destination. If there are no one-of-many route decisions being made, for example, if the data is broadcast to every station, then it is not, strictly speaking, a network.

Explanation of the Public Switched Telephone Network (PSTN)

Public Switched Telephone Network (PSTN)
1.05 The Public Switched Telephone Network
Many communication technologies are based on those used in the Public Switched Telephone Network (PSTN), so regardless of whether you’re interested in voice, data or networking, it is important to have an understanding of the structure and operation of the telephone network.
We begin with a basic model for the telephone network and will build on it in subsequent discussions. At the top of the diagram, we have a telephone and a telephone switch. The telephone is located in a building called a Customer Premise (CP), and the telephone switch is located in a building called a Central Office (CO). One could refer to the telephone as Customer Premise Equipment (CPE).
The telephone is connected to the telephone switch with two copper wires, often called a local loop or a subscriber loop, or simply a loop. This a dedicated access circuit from the customer premise into the network. We usually have the same arrangement at the other end, with the far-end telephone in a different customer premise and the far-end telephone switch usually in a different central office.
Copper is a good conductor of electricity – but not perfect: it has some resistance to the flow of electricity through it. Because of this, the signals on the loop diminish in intensity or attenuate with distance, and if the loop were too long, you wouldn’t be able to hear the other person. The maximum resistance allowed is usually 1300 ohms, which works out to about 18,000 feet or 18 kft, which is 3 miles or 5 km on standard-thickness 26-gauge cable, but could be as long as 14 miles or 22 km on thicker 19-gauge cable. Thus, COs traditionally had a serving area of three miles radius around them, about 27 square miles or 75 km2. With suburban sprawl, we can’t build COs every five miles, so in practice, new subdivisions are served from remote switches, which are low-capacity switches in small huts or underground controlled environment vaults. The remote provides telephone service locally on the loops in the subdivision. The remote and the loops are connected back to the nearest CO via a loop carrier system that uses fiber or radio.
Telephone switches are connected with trunks. While subscriber loops are dedicated access circuits, trunks are shared connections between COs. To establish a connection between one customer premise and another, the desired network address (telephone number) is signaled to the network (to the CO switch or remote) over the loop, then the switch seizes an unused trunk circuit going in the correct direction and the connects the loop to that trunk – for the duration of the call. When one end or the other hangs up, the trunk is released for someone else to connect between those two COs. This method for sharing the trunks is known as circuit switching. It was called dial-up when telephones had rotary dials. It is important to note that even though today there may be digital switching and digital transmission, the last 3 mi. / 5 km of the network, the subscriber loop, most often still has its original characteristics, which date back to the late 1800s (!).
Voice and data equipment which connects to the PSTN over regular telephone lines must work within the characteristics of the local loop, so an understanding of the characteristics and limitations of the local loop is essential.

Explanation of the OSI-7 Layer model

OSI 7-Layer Model
1.07 OSI 7-Layer Model
The OSI Reference Model is referred to as a 7-layer model because the total set of functions required to interwork diverse systems was defined and then broken up into seven groups or layers, and arranged in a hierarchy. Each layer has a name and a number. We start numbering at the bottom:
1: Physical Layer The physical layer provides a raw bit stream service. It moves 1s and 0s between the systems. This is all it does, but it has to do this completely. The physical layer includes the mechanical, electrical, functional and procedural specifications for moving binary digits over a physical medium.
2: Data Link Layer The data link layer manages communications on a single circuit, a single link . There may be several stations connected to the circuit – a multidrop circuit – but it is a single physical circuit. Typically sends frames or cells of data across the physical medium with an error check, and performs flow control on the link. This allows communications of blocks of data to another computer on the same circuit.
3: Network Layer What happens if we don’t have a single link, but 86 of them, and we do not want our data broadcast to all 86 destinations, but rather want it routed and delivered to just one destination? This is the definition of a network… moving data from one link to another, essentially a forwarding function.
4. Transport Layer If the receiver isn’t on our network, but on another one, and the networks are connected together with data circuits, or worse yet, multiple intervening networks, how do we know that our data got delivered? The transport layer provides end-to-end error checking to verify that the data was successfully delivered to the far end, and in some cases, retransmit data that was not.
5. Session Layer The session layer manages sessions between applications, including initiation, maintenance and termination of information transfer sessions. Usually this is visible to the user by having to log on with a password.
6. Presentation Layer The presentation layer is very important: this is the coding step. How are we going to represent our message in 1s and 0s? ASCII is an example of a presentation layer protocol. Compression and encryption can also be discussed here – they too are methods of coding messages into 1s and 0s.
7. Application Layer Sitting on top of all of this is the application layer. The application layer defines the format of the messages that will be exchanged, and is usually bundled with a Human-Machine Interface – the applications you and I use to get access to all of this wonderful distributed computing and communications.

Mobile Network Hackers Exploit SS7 Flaws To Drain Bank Accounts

Experts have been warning for years about security blunders in the Signaling System 7 protocol – the magic glue used by cellphone networks to communicate with each other.

These shortcomings can be potentially abused to, for example, redirect people’s calls and text messages to miscreants’ devices. Now we’ve seen the first case of crooks exploiting the design flaws to line their pockets with victims’ cash.

O2-Telefonica in Germany has confirmed to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7.

In other words, thieves exploited SS7 to intercept two-factor authentication codes sent to online banking customers, allowing them to empty their accounts. The thefts occurred over the past few months, according to multiple sources.

In 2014, researchers demonstrated that SS7, which was created in the 1980s by telcos to allow cellular and some landline networks to interconnect and exchange data, is fundamentally flawed. Someone with internal access to a telco – such as a hacker or a corrupt employee – can get access to any other carrier’s backend in the world, via SS7, to track a phone’s location, read or redirect messages, and even listen to calls.

In this case, the attackers exploited a two-factor authentication system of transaction authentication numbers used by German banks. Online banking customers need to get a code sent to their phone before funds are transferred between accounts.

The hackers first spammed out malware to victims’ computers, which collected the bank account balance, login details and passwords for their accounts, along with their mobile number. Then they purchased access to a rogue telecommunications provider and set up a redirect for the victim’s mobile phone number to a handset controlled by the attackers.

Next, usually in the middle of the night when the mark was asleep, the attackers logged into their online bank accounts and transferred money out. When the transaction numbers were sent they were routed to the criminals, who then finalized the transaction.

Inode usage on shared hosting

Inode

An inode is a data structure used to keep information about a file on your hosting account. The number of inodes indicates the number of files and folders you have. This includes everything on your account, emails, files, folders, anything you store on the server.

There is currently an limit of 100k/250k inodes on our shared accounts.

What is the 100k/250k inode limit?

Shared and Reseller servers only allow 100,000 files per cPanel. This is a “Soft limit” meaning that while the limit is reached, you will still be able to upload files. However once the account passes the 100,000 file threshold it will no longer be included in our weekly backups. Additionally, if the account happens to exceed 250,000 files then it will be in violation of our Terms of Service and can result in possible suspension.

How can I reduce my inode count?

Simply delete any files or emails you no longer need.

How can I see how many inodes I am using?

Shared customers can see the inode count in cPanel on the left-hand menu. You must be using the HG style for this feature.

Do you need the help of an IT Professional?
View My portfolio!!!

John is ready to assist you in your next project if you need the help of a freelancer.
If you need a long time boost in the productivity of your organization, I am also available for full time Employment.

Excerpts of my skill range covers!!!

  • Website security
  • Server Management
  • Database Managment
  • Website Development
  • Software Development
  • Entrepreneurship
  • Social media marketing
  • E-commerce
  • SEO (Search Engine Optimization)
  • Business Development
  • Project Management
  • Digital Marketing
  • Product Marketing
Contact John

Use the form below to contact me; I typically respond same day.

If you Need a Quicker Assistance you can call me instead!!!
+234 07038583101

Thank You!!!
I will Get Back To You as Soon As Possible!!!