Tools for Malware Analysis

As there are a running campaign to send malware by mail disguised as invoice or price enquiry, I’d like to have some clue on what those malwares are suppose to do.

I will update the article with what I learn about the process of analysing reverse engineering malware.

The first step is to list the tools, and secure malware handling practice.

Regarding malware handling, I recall you shall handle them in virtual environment but I’d like to read more about it before I attempt anything on that line.

Step 1 – the tools

Virtual machine:

Oracle VM VirtualBox

OS:

REMNUX

This is an OS distribution to analyze both windows and Linux malware. The distro is based on Ubuntu.

https://remnux.org/

Online courses: https://www.sans.org/ ($7000,00)

Tools for linux malware only:

Automating Linux Malware analysis using Limon sandbox:

https://www.blackhat.com/docs/eu-15/materials/eu-15-KA-Automating-Linux-Malware-Analysis-Using-Limon-Sandbox-wp.pdf

SEO for images

The image should be relevant to your article. The name of the file should be relevant to the content of the image.

The image should be served at the size it will be displayed

Use srcset for responsiveness

Serve compressed image if possible in webp.

The number one SEO factor for images is the file name. It should have a structure such as keyword-secondaryword-index.jpg

Use structured data for your content and include the image :

<script type="application/ld+json">
{
  "@context": "http://schema.org/",
  "@type": "Product",
  "name": "Reguleeritav kontorilaud",
    "image": "https://www.example.com/images/category-productname1.jpg",
      "description": "A compelling descritpion",
      "offers":{
    "@type": "Offer",
    "priceCurrency": "EUR",
    "price": "575"
  }
}
</script> 

Alt description and title should contain your keyword but it doesn’t seem to be a major ranking factor.

My hypothesis is that the content of the page itself gives the search engine enough context about the image. An image that is unrelated to the text around would be out-of-place and that might be a bad signal. The name of the file, if properly done contains already more specific information about the image. Alt and title are meant to be used if picture does not display and for assistive technology respectively.

Numbers loaded as text when opening csv in openoffice calc

Issue: the numbers are loaded as text, when a cell containing such a number is selected, it shows that the number is preceded by a single quote and a space. search for the quote and replace it by nothing does not work.

Solution: When opening the file in open office make sure that detect special number is enabled

If your decimal sperator is a dot, then the number might be changed into a date, turn it off and replace the dot by a coma when the csv is open.

Also the csv file was created with python using utf8-sig which had a BOM each time it happened something to the file. Encoding the file using utf-8 only solved the issue.

Issue remains when you have both number separated by a dot that can be change into a date and integer.

Keyword research

The number one place for your keyword research is Google Ads Keyword planner.

This tool will give you suggestions, amount of search for each suggestion during a given time frame as well as competition on the keyword regarding advertisement. A lot of useful information.

If your site is up and running, you will find another useful source of keyword to explore in google webmaster tools.

Other sources of keyword are ahref and semrush

Add the url parameters for Laravel search results pagination

Issue: If you paginate your search result, when clicking on the 2 page, or any other nth page of your pagination link, it will return an url with the page parameter but without your search parameter. This cause your filtering to be lost.

Solution:

Make sure to return your parameter variable from the controller function as you will need to call it on your blade view.

return view('my_view',compact( 'queryResult','my_variable'));

In your view:

@foreach($queryResult   as $stuff)
     {{$stuff->stuff_name}}
 @endforeach
{{$ queryResult ->appends(['search_variable=>$my_variable])->links('vendor.pagination.materializecss')}}

if you have several URL parameters you can align the ->appends() one after the other. Don’t forget to ad the varaible to the view in the controller.

Passing variables to Laravel parameter grouping function

Issue: A statement such as

$nb_votes = $request->input('nb_votes');
DB::table('users')
            ->where('name', '=', 'John')
            ->where(function ($query) {
                $query->where('votes', '>', $nb_votes)
                      ->orWhere('title', '=', 'Admin');
            })
            ->get();

will return an error:

Unknown variable $nb_votes 

The issue is due to the fact that $nb_votes in the anonymous function refers to the local scope, while the variable we want to use has been defined outisde of the function. We need to pass the variable to the anonymous function.

Solution: To pass a variable to an anonymous function you can do as follow:

$nb_votes = $request->input('nb_votes');
DB::table('users')
            ->where('name', '=', 'John')
            ->where(function ($query) use ( $nb_votes ) {
                $query->where('votes', '>', $nb_votes)
                      ->orWhere('title', '=', 'Admin');
            })
            ->get();

https://www.php.net/manual/en/functions.anonymous.php

see last example in example #3

For laravel queries documentation:

https://laravel.com/docs/5.8/queries#parameter-grouping

Check if a function is declared before using it in js

Issue: it may occurs that you have to call a function that is conditionally set. A frequent use case would be GDPR where you set your tracking script conditionally. You micht check the cookie for each event you track, but I think a better solution would be to track if he function is declared.

Solution:

There are two different options:

Option 1:

This option will still return an error in case the function to evaluate is not defined.

function isFunction(TrackingScript) {
   TrackingScript ('button-click','cart',10);
}

Option 2:

if (typeof( TrackingScript ) === typeof(Function)){
       TrackingScript ('button-click','cart',10); 
}

Control which modules are shown in the search result pages in joomla and virtuemart

Issue: When doing a search on the home page of a joomla/vituemart website, the layout used for the result pages will be the one of the home page. This might not be desirable if you are using modules to display home page specific content.

Solution: we will add a condition to control the display of specific module position in your template index.php

Step 1 get the URL

$url = filter_var (  $_SERVER['REQUEST_URI'],FILTER_SANITIZE_URL);

Step 2 check if a certain string is in the URL (‘keyword’ is a good candidate to filter out search result pages).

strpos($url ,'keyword')

Step 3 add a condition to control the display the module depending on the result of the check above.

if ($mobilehide && $this->params->get('top-b')  || strpos($url ,'keyword') !== FALSE){
//Do nothing
}
else{
//Display the module
}

Modify Virtuemart User Account Maintenance URL and page name.

Issue: user account maintenant pages are targeted by spammer to create fake account on your site.

To mitigate this issue on top of a solid firewall, you can change the default URL and page name so that the crawler won’t be able to automatically find it.

Solution:

1-Edit or create a menu item for the Virtuemart USer Account Maintenance page if you didn’t have one previously

2-Set the page title and the alias to whatever you think is more suitable. You might for instance localize the string.

How to prevent home page modules to show on virtuemart search results page?

Issue: Home page modules show on virtuemart search result pages, which in some cases might not be desirable.

Solution: The solution that is widely found searching on the internet is that you need to create a menu item for the search module. If you do so, and use the virtuemart search module, this should not give any results. The missing step is that you need to create an overwrite for your virtuemart seach module and edit it. In the search form action, replace index.php by “search” or whatever you set the search menu item alias to be.

In short:

1- Create menu item for joomla search

When selecting the menu item type, select “Search Form or Search Results”
Note the alias for the page, as you will need it at a later step.

2-In your templates customization page, create an override for the mod_virtuemart_search default.php file:

3- Open the override you created and modify the route to point it to the newly created search page:

JRoute::_ ('index.php?option=com_virtuemart&view=category&limitstart=0', FALSE);
JRoute::_ ('search?option=com_virtuemart&view=category&limitstart=0', FALSE);

4- Control where the modules are displayed as usual.