--------------------------------------------------| Welcome to My blog | Hope You Enjoy The Blog | :) ---------------------------------------------------------------------

2009/05/13

Conficker Viruses

Conficker is a fairly sophisticated type of virus, this virus has some abilities that are categorized as advanced. Some ability is Auto Update that can renew itself with the ability to continue to make updates its virus routines. In addition, this virus can also spread through network by using Remote Procedure Call, when detecting the virus infected computers to connect into the network and then look for another computer and tried to break into the password entered by the user who is logged with brute-force attack techniques, once again the ability of this rare there are at most viruses.


After successfully break through the system, the virus will place a dll file on the target pc and then schedule a scheduled task to register the dll file that has been copy to the target computer so that at a certain time the virus could be active by itself. In addition, this virus can be detected if he runs on a virtual machine, the virus will not want to commit crimes if run on a virtual machine. Another capability that is not less exciting is to do blocks of antivirus sites by doing a hook on the dynamic link library that regulates the Domain Name System.
 
With the sophistication like that, it looks like this virus mades is not only for fun but wanted to perform a specific purpose that has not been done until now.


deal with this virus?

Several antivirus vendors have identified this virus very well so it is with one of the domestically produced antivirus antivirus has issued the latest release to overcome the Conficker. Read More.. Made's Blog
di 12:38 AM 0 komentar
Label:

2008/07/19

Setting DNS Bind9 On Ubuntu 7.10

Setting bind on ubuntu distro, almost the same as setting bind on fedora distro, only the location of the file are slightly different.
In ubuntu we modify the named.conf file and the file db.local, need I remind you here do not change the file db.local without making a copy first.
The second file can be found in the directory /etc/bind


first step we create a domain name, ie add the domain name you want on the named.conf file as follows:
zone "domain.com" {
type master;
file "/etc/bind/db.domain";
};
save the configuration, and then copy the db.local to db.domain with the following command :
cp db.local[space]db.domain
open the file db.domain with your favorite text editor such as gedit / vi. In db.domain contain alot of configuration code wich is have their own function, few of them :

@ : is a name. On SOA sing with @
IN : is an address class , in this case is INTERNET
SOA : Start Of Authority (is a record type of DNS)
localhost. : is a name server used(localhost is default)
root.localhost : is contact email address

then change the following string:

server IN A 192.168.0.2{your machine ip address}

the sub domain created as the following code :
www IN CNAME server.domain.com
admin IN CNAME server.domain.com

Next you must to set your DNS server by editing the file resolv.conf wich is on /etc directory
Add the following code :

domain domain.com
nameserver 192.168.0.2

Done??
Not yet :(
We must to restart the Bind daemon on /etc/init.d/ bind
/etc/init.d/bind9 restart

Now test the server by typing :

nslookup server
Then test the sub domain also

nslookup www

Read More.. Made's Blog
di 8:19 AM 0 komentar
Label:
Subscribe to: Posts (Atom)