2013-09-28

Remove delta-homes.com virus (Removal Guide)

Removedelta-homes.com virus (Removal Guide)


Delta-Homes is a browser hijacker, which is promoted via other free downloads, and once installed it will change your browser homepage and default search engine to delta-homes.com.
This in itself is not considered malicious as there are many legitimate programs that change these settings as well. What is considered malicious, though, is that it will also append the argumenthttp://www.delta-homes.com/ to random Windows shortcuts on your desktop and your Windows Start Menu.


delta-homes.com will display advertisements and sponsored links in your search results, and may collect search terms from your search queries. The delta-homes.com hijack is used to boost advertising revenue, as in the use of blackhat SEO, to inflate a site’s page ranking in search results.

delta-homes.com it’s technically not a virus, but it does exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a “PUP,” or potentially unwanted program.

delta-homes.com homepage got on your computer after you have installed a freeware software (video recording/streaming, download-managers or PDF creators) that had bundled into their installation this browser hijacker.
For example, when you install Vplay, you will also agree to change your default browser homepage and default search engine to delta-homes.com.
However when you uninstall Vplay from your computer, your web browser’s default settings will not be restored. This means that you’ll have to remove delta-homes.com homepage from your favorite web browser manually.


You should always pay attention when installing software because often, a software installer includes optional installs, such as this delta-homes.com hijacker. Be very careful what you agree to install.

Always opt for the custom installation and deselect anything that is not familiar, especially optional software that you never wanted to download and install in the first place. It goes without saying that you should not install software that you don’t trust.

delta-homes.com redirect- Virus Removal Guide

This page is a comprehensive guide, which will remove Delta-Homes.com from your Internet Explorer, Firefox and Google Chrome.
Please perform all the steps in the correct order. If you have any questions or doubt at any point,STOP and ask for our assistance.

STEP 1: Remove Delta-Homes.com browser hijacker from your computer with AdwCleaner
STEP 2: Remove Delta-Homes.com from Internet Explore, Firefox and Google Chrome with Junkware Removal Tool
STEP 3:Clean up the various Windows shortcuts that have been hijacked by Delta-Homes.com virus
STEP 4: Remove Delta-Homes.com malicious files with Malwarebytes Anti-Malware Free
STEP 5: Double-check for the Delta-Homes.com infection with HitmanPro

STEP 1: Remove Delta-Homes.com browser hijacker with AdwCleaner

The AdwCleaner utility will scan your computer for Delta-Homes.com malicious files that may have been installed on your computer without your knowledge.

1.     You can download AdwCleaner utility from the below link.
ADWCLEANER DOWNLOAD LINK (This link will automatically download AdwCleaner on your computer)

2.     Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.
     If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.

3.     When the AdwCleaner program will open, click on the Scan button as shown below.
     AdwCleaner will now start to search for Delta-Homes.com malicious files that may be installed on your computer.

4.     To remove the Delta-Homes.com malicious files that were detected in the previous step, please click on the Clean button.
     AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button.

STEP 2: Remove Delta-Homes.com from Internet Explore, Firefox and Google Chrome with Junkware Removal Tool

Junkware Removal Tool is a powerful utility, which will remove Search.Delta-Homes.com from Internet Explorer, Firefox or Google Chrome, and will double-check for any other compromised Windows shortcuts.

1.     You can download the Junkware Removal Tool utility from the below link:
JUNKWARE REMOVAL TOOL DOWNLOAD LINK (This link will automatically download the Junkware Removal Tool utility on your computer)

2.     Once Junkware Removal Tool has finished downloading, please double-click on the JRT.exe icon as seen below.
     If Windows prompts you as to whether or not you wish to run Junkware Removal Tool, please allow it to run.

3.     Junkware Removal Tool will now start, and at the Command Prompt, you’ll need to press any key to perform a scan for the Delta-Homes.com virus.
     Please be patient as this can take a while to complete (up to 10 minutes) depending on your system’s specifications.

4.    When the scan Junkware Removal Tool will be completed, this utility will display a log with the malicious files and registry keys that were removed from your computer.

STEP 3: Clean up the various Windows shortcuts that have been hijacked by Delta-Homes.com virus

1.     Search for your browser shortcut (Desktop, Taskbar or Start Menu Shortcut), then right click on it and select Properties.


2.     In the Shortcut tab, in the Target field, remove the http://www.Delta-Homes.com argument. Basically, there should be only the path to browser executable file. Nothing more.

If you are experiencing problems while trying to remove the Delta-Homes.com search shortcut hijack, you can download Shortcut Cleaner from the below link, and then you’ll just need to run this utility to fix your Windows shortcuts. When it is done, it will show you a log that contains a list of shortcuts that were cleaned.

SHORTCUT CLEANER DOWNLOAD LINK (This link will open a new webpage from where you can download Shortcut Cleaner on your computer)

STEP 4: Remove Delta-Homes.com malicious files from your computer with Malwarebytes Anti-Malware Free

1.     You can download Malwarebytes Anti-Malware Free from the below link,then double click on it to install this program.
MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK (This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)

2.     When the installation begins, keep following the prompts in order to continue with the setup process.
Do not make any changes to default settings and when the program has finished installing, click on the Finish button.

3.     On the Scanner tab, select Perform quick scan and then click on the Scan button to start scanning your computer.

4.     Malwarebytes’ Anti-Malware will now start scanning your computer as shown below.

5.    When the Malwarebytes scan will be completed,click on Show Result.

5.     You will now be presented with a screen showing you the malware infections     that Malwarebytes’ Anti-Malware has detected.Please note that the infections   found may be different than what is shown in the image.Make sure that    everything is Checked (ticked) and click on the Remove Selected button.


STEP 5: Double check for the Delta-Homes.com infection with HitmanPro

1.     You can download HitmanPro from the below link, then double click on it to start this program.
HITMANPRO DOWNLOAD LINK (This link will open a new web page from where you can download HitmanPro)

2.     HitmanPro will start and you’ll need to follow the prompts (by clicking on the Next button) to start a system scan with this program.

3.     HitmanPro will start scanning your computer for malware, as seen in the image below.

4.     Once the scan is complete,you’ll see a screen which will display all the infected files that this utility has detected, and you’ll need to click on Next to remove these malicious files.

5.     Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer.

Your computer should now be free of the Delta-Homes.com infection. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future.

If you are still experiencing problems while trying to remove Delta-Homes.com hijacker from your machine, please start a new thread in our Malware Removal Assistance forum.

Linux 的 /tmp 目錄變成 1MB 的 overflow 檔案系統如何解決

Linux 的 /tmp 目錄變成 1MB 的 overflow 檔案系統如何解決


今天有台 Linux 系統的硬碟滿了,導致系統發生異常,將空間清出之後,大部分的程式都可以正常運作,但是一個用 PHP 寫的網站卻出了點小問題,所有功能都能運作,MySQL 資料庫也能跑,但只要上傳超過 1MB 的檔案卻怎樣也上傳不成功 (UPLOAD_ERR_CANT_WRITE),查了好久才終於發現,原來是系統的 /tmp 暫存目錄只剩下 1MB 而已,而且檔案系統為沒聽過的 overflow 這個名稱,這篇文章用來解釋這個檔案系統的由來,以及解決方法。

先看看目前的檔案系統變成這樣:


其實我的 /tmp 根本沒有一個獨立的分割區,所以這個分割區是自動被建立的,而建立的時間點就在「磁碟空間不足」的時候,而且 Linux 系統預設這個暫時的 /tmp 分割區只會有 1MB 這麼大而已,主要目的是為了讓系統其他服務能夠維持一個基本的運作,有時候沒有這個 /tmp 目錄會導致許多服務無法正常啟動。

然而,解決的方法很簡單,只要把 overflow 檔案系統給 umount 掉即可,指令如下:

sudo umount overflow

如果因為檔案被鎖定的問題,而導致無法 umount 的話,可以先進入單人模式 ( telinit 1 ),然後再 umount 即可,否則就要重開機才能解決。

原文出處

駭客全面發動RoR漏洞攻擊 劫持伺服器打造殭屍網路

駭客全面發動RoR漏洞攻擊 劫持伺服器打造殭屍網路


近日駭客正積極入侵RoR(Ruby on Rails)Web應用開發框架上的重大安全漏洞,進而劫持Web伺服器並打造殭屍網路。

事實上,RoR開發團隊早在今年1月之際,便已對外釋出針對該安全漏洞的安全修補程式,其公告編號為CVE-2013-0156。即使如此,許多伺服器管理人員仍尚未進行Rails安裝套件的更新作業。

RoR是一個基於Ruby程式語言的熱門Web應用開發框架,並廣泛於各大知名網站,包括Hulu、Groupon、GitHub與Scribd等。


「令人感到驚訝的是,很少漏洞攻擊會花這麼長的時間才在網上廣為流行,但對於仍有不少人持續執行有漏洞的Rails安裝套件,並沒有什麼好驚訝的,」安全公司Matasano Security安全諮詢顧問Jeff Jarmoc在週二部落格貼文指出。目前被駭客採用的漏洞入侵程式,添加了客製化cron Job,亦即一個在Linux機台上的排程任務,以執行一系列的指令。

這些指令會從遠端伺服器下載惡意C語言來源檔,並在本地端進行編譯與執行。由此會產生一個會與網路聊天系統伺服器(IRC)相連接的殭屍電腦,並且加入一個會等待惡意攻擊者指令的預定義通道。

一旦受劫持系統上的編譯程序失敗,會隨即下載一個預先編譯好的惡意程式至該系統中。

「雖然功能有限,但卻具備依照指令下載與執行檔案,以及變更伺服器的能力,」Jarmoc表示:「由於不需要任何身分驗證,所以凡有心人皆可透過IRC伺服器的加入來劫持這些殭屍電腦,並對外發佈適當的命令。」

圖片/資料來源:PCWorld
轉載自《網路資訊雜誌》

Apache HTTP server 的 mod_rewrite 模組漏洞

Apache HTTP server 的 mod_rewrite 模組漏洞


該漏洞是利用 modules/mappers/mod_rewrite.c 文件中的 Rewritelog() 函數不正確的處理某些轉義序列,導致惡意攻擊者發送特製的 HTTP 請求可以注入到 LOG 檔,並可能允許攻擊者無需管理員權限即可執行命令。

漏洞編號:CVE-2013-1862

影響範圍:
Apache HTTP server versions
1.3 branch from 1.3.28
2.0 branch from 2.0.46
2.2 branch from 2.2.0

mod_rewrite.c 的漏洞參考:
http://www.askapache.com/servers/mod_rewrite.c.html

官方網站修正程式:
http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch

Red Hat Enterprise Linux 的修正程式:
https://rhn.redhat.com/errata/RHSA-2013-0815.html

相關參考:
http://secunia.com/advisories/53154/

原文出自:RedHat
轉載自《網路攻防戰》

研究:專家用戶比一般用戶更容易忽略瀏覽器安全警告

研究:專家用戶比一般用戶更容易忽略瀏覽器安全警告


根據最新的安全研究報告指出,當前Web瀏覽器所顯示的安全警示訊息,在阻止危險網路行為的效益上,比起過去認為的還有效。


該調查研究主要在進行使用者對Mozilla Firefox與Google Chrome瀏覽器,在網路釣魚、惡意程式攻擊與無效SSL憑證之安全警示上的回應狀況。

基於2002年到2009年之間的許多研究,普遍皆認為大部分使用者多半會忽略安全警示。不論如何,過去4年來,瀏覽器的安全警示已經重新設計,但全新設計對使用者的影響到底如何的研究卻尚未進行過。

就以過去會用來警示可能釣魚攻擊風險的工具列來說,如今已然被一整頁的警示所取代,其對使用者的瀏覽行為勢必會造成影響,執行該研究報告的研究人員表示。

在5月與6月間,已經分析過超過2,500萬Chrome及Firefox的安全警示。該資料已被Mozilla與Google所進行的遙測計畫所蒐集,該計畫會從經同意箟的使用者瀏覽器上,進行研究人員所謂「匿名資料」的蒐集作業。

在上述兩個瀏覽器的專案中,不到25%的使用者會對惡意程式與網路釣魚的安全警示不予理會,同時只有1/3的使用者會透過Firefox的SSL安全警示來瀏覽網頁。

該分析同時揭露了另一個有趣的現象,亦即愈具備技術專業的使用者,反而愈會有意避開安全警示。研究人員認為,這些具備技術底子的用戶,多半是使用Linux與Beta版瀏覽器的人。

圖片/資料來源:PCWrold
轉載自《網路資訊雜誌》