Monthly Archives: November 2008

TDSS Trojan and Bediddle Adware – Hindsight Removal Guide

Last week, my indiscreet non-techie colleague encountered his yet-another-virus-attack experience. There should be nothing big as he had an antivirus product installed. However, after casually spending his routines for some days; beverages and snacks and tons of unproductive applications running from his laptop, he felt that his laptop became much slower than usual and also exercised some strange behaviors. He later asked me to investigate the oddities and construe what was actually going on.

To my surprise, normal simple procedure in detecting and destroying virus, trojan, and other malware didn’t work at the time. Antivirus reported nothing but the strange behaviors persisted. Still being unsatisfied and puzzled, i tried to verify antivirus’ finding by conducting online scanning and here the mystery started to unravel.

To make it short, my friend’s laptop was infected with TDSS rootkit. This rootkit is a combination of trojan and adware. Reported first time by Sophos, this attack has gained its notoriety as one of the hot trojan and malware attacks in November.

If you happen to experience symptoms below, you might infer that you have been infected by TDSS rootkit:

  • Slow browser
    Your browser unusually loads slower than it should be. Even though browser is the only application you run, the speed is still slow, invalidating assumption that the slow loading is caused by insufficient memory
  • Continuous high CPU percentage for System Idle Process
    If you press Ctrl-Alt-Del and see the list of running processes, you will notice that “System Idle Process” consumes most of the CPU cycles, usually more than 90%
  • Denied access to some files and folders
    If you enable System Restore, you will notice that if you click the folder “System Volume Information” that resides in the root directory of each drive, you will get message “Access is Denied”. You can also check some other files in system32 folder and raise the same message.
  • Redirection of results from search engine and unavailability to access antivirus and security websites
    If you try to search for remedy for the infection and type words related to antivirus like “virus removal, trojan removal, TDSS, antivirus vendors, etc” you will notice that every time you click the link from the result page you will be redirected to another search engine, that is bediddle (bediddle.com) or some other page that is different from the real link.
    You are also disabled from accessing antivirus providers’ websites and circumvented from conducting online scan.
  • Antivirus doesn’t work or only seems to work
    If you try to scan using your antivirus, it will say your system is safe. This is actually not true. Try updating your virus database definition and you will see error reported by the update engine. Also, if you want to install a new renowned antivirus, you will always fail the installation.

Continue reading

Groping for Worldwide IT Prospect After The US Presidential Election 2008

Obama, Biden, and IT Companies

It’s been a while since US presidential election ended. As reported by news, magazines, and other medias, Obama has carved unprecedented history of the first African-American US President. The rest of the world mostly succumbed in joy, celebrating the winning of a candidate who promised to bring changes to the States, the world’s number one in economic power and size.

Media has massively and intensively mentioned and discussed that Obama’s tasks won’t be easy ones. He will have to deal with complicated situations and big lump of problems left by current incumbent. Given the broadness of the problems, I’d like to focus -as usual- on IT and related fields. In one of my post, I wrote about the ramification of this year’s credit-crunch-led-to-economic-turmoil impact to IT sector. Although the post was not so elaborated in projecting the severity of short-term, medium-term, and long-term impact of current economic recession, it can be inferred that I was a bit wary about the impact of US recession to countries worldwide.

Continue reading

Quick Notes On Google Adsense Sidebar Widget for WordPress

Adsense on WordPressIn my earlier post, I contributed my updated version to Google Adsense Sidebar Widget on WordPress based on  previous work by Mike Smullin. I received some comments about errors in implementing the widget. This weekend, as I mentioned earlier, I decided to take further investigation to know the root cause of the malfunction.

I compared two references i could find. The first is right from the dashboard of my Google Adsense publisher account and the later is Google’s documentation for Adsense API. There should be another reference from Mike Smullin’s own work but since he’s now charging for the plugin, I’d better have someone send me the plugin to be analyzed and synchronized with my update.

After reading the documentation and  toying with my account, I’d like to provide some notes regarding google adsense implementation:

1. Google Adsense API

This API provides programmatical way to modify and manage the ads. It uses SOAP web service with available callbacks listed in its published WSDL. The API will enable a user to manage his adsense account without logging in into his Google Adsense account. Instead, the third party application communicates with Google server to update the modification executed by user while utilizing the application.

However, WordPress widget expects simple configuration values for each of the widget. Rearchitecting existing widget to support SOAP communication is a bit out-of-boundary and redundant. I’ll explain this in the subsequent point. Continue reading