Kryptowire announced on 2016-11-15 the discovery of malware in Android-based smart phones sold by, among others, Amazon US and BestBuy. The malware was allegedly created by Shanghai ADUPS Technology Co., Ltd. Kryptowire claims the malware sends all your text messages, all your contacts, all your call history, etc., to the domain names listed below. The ADUPS company issued a statement claiming its services are simply spam countermeasures.
Kryptowire claims these domain names resolved to the IP address 188.8.131.52.
Today, 2 days later, these domain names resolves to the IP address 184.108.40.206. The domain name rebootv5.adsunflower.com still resolves to the IP address 220.127.116.11. Be sure to adjust your ACLs if you have entered the previously known IP addresses.
A student came to my office today. His browser showed our fronter.com instance protected by a peculiar SSL certificate issued by royalvulkan.com. The norm for fronter.com instances are SSL certificates issued by COMODO CA Limited. The intrusive SSL certificate has a validity period spanning from 1996 to 2056, which is very odd. The certificate probably has a wildcard Common Name, causing it to cover all conceiveable hostnames. I have no idea how this certificate got introduced into our student’s computer. Luckily, Google Chrome spotted the faulty certificate and the student was wise enough to come and see me. Shortly after, I had to leave the student and go to class. I’ll try and update this post if he shows up again with the same problem.
I pondered this issue during the weekend. Maybe the student has somehow activated the proxy setting, sending all his (sensitive) internet traffic to an unknown third party.
I was installing Autodesk Vault Professional 2017 in the wee hours today, and I noticed the Autodesk Network License Manager was installed in C:\Autodesk\Network License Manager. That’s a bit strange when C:\Autodesk has until now been a temporary location for extracting the setup files.
I can confirm moving the files to a saner location like C:\Program Files\Autodesk\Autodesk Network License Manager doesn’t work at all. The NLM simply won’t start and nothing gets logged.
It gets even stranger as one of the LMTOOLS shortcuts wants to run lmtools.exe from the C:\Program Files\Autodesk\Autodesk Network License Manager directory, i.e. the old location. Note, this was done on a newly installed Windows Server.
In short: Be very careful when emptying the C:\Autodesk directory.