I will be at IETI Marikina for a 2-hour talk with our future generation of I.T. Specialist from 5PM-7PM.
This will cover all new and enhanced Security Features of Windows 7. Mostly, the talk will focus on consumer awareness and protection from online threats.
Error code 0x8007042c is an error for "The dependency service or group failed to start".
This will indicate that there may not be a problem with the Windows Firewall Service (MpsSvc) but instead with other Services that it needs so that it can start itself.
So here are the necessary Services that Windows Firewall needs on Windows 7:
1. Base Filtering Engine (BFE)
2. Windows Firewall Authorization Driver (MPSDRV)
The two services/drivers should be started or running. BFE can be easily seen through the Services Console. But MPSDRV is not visually available in the same console window and instead available only by querying the service in a Command Prompt window.
Repairing services and drivers can be done via the command line of SFC /SCANNOW on an Elevated Command Prompt.
If the command did not fix the issue then reinstalling the drivers might be the best way to do it.
Although to accomplish this will not be an easy feat since both the Base Filtering Engine and Windows Firewall Authorization Driver could not be reinstalled on Windows 7 unless we repair install the Operating System.
Try running the following commands if SFC /SCANNOW did not resolve the issue with the Windows Firewall:
1. Open a Command Prompt as Administrator. To do this, type CMD in Start Search from the Start Menu. Right click on the result and choose "Run as Administrator".
2. Run now the following command lines:
a. netsh advfirewall reset
b. net start mpsdrv
c. net start bfe
d. net start mpssvc
e. regsvr32 firewallapi.dll
3. Confirm any boxes that comes up by clicking OK. The result on the last entry should say that it succeeded.
Note: If you receive any errors on any of the command lines, then there is definitely something wrong with any of the drivers and service. This may indicate a Registry error or a Corrupted file.
4. Reboot the system.
Another factor to consider is Malware infection. There are known strains of Malware infections that may stop or corrupt the entries and executable files of Windows Firewall along with other services and drivers it depends on.
Suggested online scanners:
Microsoft Online Safety Scanner
ESET Online Scan
Kaspersky Free Virus Scan
I became fascinated and intrigued by the most recent chat spams, email scams and malicious profile linking brought about from social networking sites, the most popular being Facebook. I have always wanted to do an article of the existing threats within social networking sites and this is a culmination of what I have personally seen and gathered recently. Several articles and blogs in the internet offers some advise of what, why and how to avoid it. Although, this is not an in-depth analysis but instead only an overview for your awareness of the machination behind the links, the cleverness, and intricate ways of how the programmers created the social networking threats.
If you are a Facebook user you should know “The Wall” where you can allow anyone to post their links, messages and other stuff depending on your own Privacy settings. Allowing everyone access to this feature will also allow anyone to spam you with different links to whatever they might fancy. Even though you have set posting to only those you know, this still does not safeguard you against malicious links, ads and spams. Besides, most of it can end up on your “News Feeds” anyway.
A trusted friend can become exposed to links and Apps that may end up on your wall or through your chat window. Some photos, videos and links can be very appealing to you that you may want to “click before you think” on it since they came from one of your friends. Usually the links can be very provocative, controversial or enticing, such as videos and photos that rouses your curiosity. Here are some examples:
The Securelist Team of Kaspersky Labs has identified an Advertising Botnet and the elaborate ways of how they’ll be able to get some cash out of the likes or clicks you make, they may even steal data from your system depending on the scripts running from those sites. Most specially if you download and install any add-ons, plug-ins or codecs for you to view the site, video or photo.
One form that I stumbled on was from a Facebook video link that will redirect you to a randomly named site that is directed to several DNS addresses that I was able to identify but I would rather conceal the result since the IP addresses belong to a legitimate server and data center provider. The host IP acts both as DNS server and a Reverse Proxy. Thus, when a client request is received by the DNS server it will retrieve the needed information from the “Author” server which is then forwarded to the client.
When we check the IP addresses from an online lookup tool for proxy testing we have a result of:
The author server behind the DNS addresses resolves the connection requests by generating a random and inventive URL response each time for every visitor such as the following:
Note: If you wish to know more about URL rewrites and Reverse Proxies follow the links below to several examples and descriptions:
1. Open Source Codes: http://urlrewriter.codeplex.com/
2. Rewrite engines: http://en.wikipedia.org/wiki/Rewrite_engine
3. Reverse Proxies: http://en.wikipedia.org/wiki/Reverse_proxy
3. Video: http://bit.ly/nObc1D
In actuality if we look closely at the links above they’re a set of 4 variable words randomly generated and stringed together which is done using Java scripting. After the site name gets resolved a series of events gets triggered, to be specific a variety of scripts within the HTML page will execute and some of which will also download into your Temporary Internet Folder. If you are using Internet Explorer as your default browser then the path of the folder will be located at: [Path=C:\%userprofile%\%appdata%\Local\Windows\Temporary Internet Files\]. If you may allow, let’s call the HTML embedded scripts as X-script, Y-script and Z-script for purposes of clarity later on.
As seen below, the first embedded script runs together with the HTML attribute inline with the Uniform Resource Identifier (URI) when it gets resolved. This is the X-script, which has a linked site that executes as an Application Program Interface (API) from the background and downloads as a Java Script (.JS file extension):
Although, when we copy the URL in a browser the file can be downloaded but will possess no file extension since it needs to be executed using a function within its scripting. When the API executes it creates an Internet Cookie through several scripting functions as follows:
If you will notice this is not exactly the full function of the entire script. There are two other preceding functions that downloads two other scripts which are GPL licensed Java Scripts. The first function is to download a Java Script for: “simplifying HTML document traversing, event handling, animating, and Ajax interactions for rapid web development” and the second function is to download another Java Script for: “pure-JavaScript CSS selector engine designed to be easily dropped in to a host library”. These 2 scripts are harmless and unmodified which are used to help render the main HTML page.
The created HTTP cookie will now wait further instructions from the site or another script that will need its information. Currently, the created cookie is harmless and does not contain any relevant data. The only time that it can become maliciously useful and gather data from the system is after a plug-in or codec gets installed to continue playback of the video. In reality, cookies are erased either after every session in most internet sites or if the browser detects that a cookie has expired. A similar script seen above can be found and compared to the scripting done by the author from this site: http://www.quirksmode.org/js/cookies.html. The only difference is that the script from the site has a function for cookie deletion.
The video itself is an Adobe® Flash Player® object that plays only at a specific time frame which acts as a teaser. Also, the video will load only after its done running the X-script. At this point, second script will now execute a needed function let me call it as the Y-Script which blocks or stops playback after the allowed time frame has been reached. Once the video stops playing, the Y-script executes several checks as part of its function. The Y-script is also found within the body of the HTML and later created in the same Temporary Internet Folder just like the X-script. Once the Y-script blocks further playback it will proceed to do a check for any enabled pop-up blocker:
1. If your browser’s pop-up blocker is not enabled, you will see a pop-up window asking you to finish a survey linked to another site. The links are determined through the response from the author server.
2. If Y-script finds that a pop-up blocker is enabled, it will continue with its normal function in asking you to install a required plug-in or codec for the video to continue its playback and no pop-ups are generated.
Although, the pop-up blocker check doesn’t affect Y-script’s ultimate function which is to wait for you to install a plug-in or codec. So whether you continue with the survey or not, it doesn’t really matter for the Y-script. Now if you still choose to install the required plug-in or codec, a third script will refresh the page, “unblock” the video and continue the playback. This is now the Z-script which will be tied into the plug-in or codec that has been installed and will be tied by a DLL from either the plug-in or codec. This DLL file will also later hook itself to Windows Explorer and your browser that will control multiple features for future use and is not limited to the following: exploits in your system, sending spam links to your online friends through chat, wall posts to new malicious links of video, download malware, browser hi-jacks, gather private information, email accounts, passwords, bank accounts, credit card information and pop-up advertisements.
Once you’re lured into thinking that the site you are in contains the video you want to watch, an app you want to install, a photo you like to see or simply liking a link, several things may have already transpired without you knowing about it (remember the scripts?).
The final nail should be the plug-in, codec or you agreeing to put in a Username and Password. Whatever the form of intrusion used will only result to your system becoming compromised. Several other Social Networking threats can be worse than what I have given as an example which may install Malware without you noticing it.
In the internet world where Malware constantly evolves and becomes more resilient with every new strain, I only have one piece of advice and I have repeatedly mentioned it to every owner of an infected machine to always think before you click.
