Yearly Archives: 2013

Robot Dispensador Para MSDN Video : Un Clasico!

Parece ser que el enlace para descargar mi pequeño libro, ha dejado de funcionar.

Muchos de vosotros me habéis preguntado explícitamente “desde donde puedo descargármelo?”

Simplemente haz clic :-)

   

Feliz Reencuentro y Feliz 2014!
PepLluis,

Controle los límites de almacenamiento de su granja SharePoint y evite sorpresas

Si usted quiere evitar que el almacenamiento de disco de su servidor SQL de su implementación SharePoint no se llene totalmente y por lo tanto no le hablen durante vacaciones decembrinas, asegúrese de contar con un plan de capacidad que le permita asegurar que pase lo que pase, el crecimiento de las bases de datos de contenido no impactara o sobrepasara las capacidades de almacenamiento de su servidor.

Cuando diseñamos una implementación SharePoint es muy importante identificar el aproximado de almacenamiento en GB o TB que se va a requerir. La economía cambia y por lo tanto las empresas cambian constantemente por ende es obvio que es un poco complicado de estimar sin embargo usted puede definir límites de almacenamiento de sus bases de datos de contenido y con base en ello tener un mejor control sobre el crecimiento de las mismas y por ende controlar mejor la capacidad de almacenamiento disponibles.

¿Como?

Defina quotas de almacenamiento.

Una quota es un control de configuración que podemos establecer a nivel colección de sitios donde puede especificar el tamaño máximo de almacenamiento para una colección de sitios determinada. Especificando el tamaño máximo de almacenamiento y el número de colecciones de sitios que nuestras bases de datos de contenido pueden tener es que podemos asegurar que nuestro sistema no excederá los límites disponibles. Justamente por excederse es que se llenan los discos duros y de pronto el servicio en general  se puede ver afectado al grado de que es inoperable o está fuera de línea.

En la herramienta central de administración usted encontrara dos opciones disponibles para configurar lo mencionado anteriormente:

Manage content databases

En esta opción usted puede crear nuevas bases de datos de contenido o editar las existentes para especificar el estado o controles de configuración útiles para monitoreo de los límites y la disponibilidad de su base de datos.

Note como tenemos el número actual de colecciones de sitio, el número máximo de colecciones de sitios que podemos almacenar y el número de nivel de advertencia con el cual como administradores de SharePoint y también los administradores de la colección de sitios podrán ser notificados cuando estamos llegando a los límites de almacenamiento y con base en ello tomar alguna acción. 

Entonces si somos capacidad de definir quotas de almacenamiento y el máximo número de colecciones de sitio que podemos almacenar en una determinada base de datos de contenido podremos ser más proactivos respecto a cómo el sistema crece de forma orgánica y organizadamente.

Specify quota templates

Retomando lo mencionado anteriormente sobre las quotas veamos que en esta opción tenemos disponible un formulario para crear nuestras propias plantillas de quotas que posteriormente podrán ser asignadas a nuestras colecciones de sitios que a su vez existirán sobre nuestras bases de datos de contenido las cuales tienen un límite máximo.

Una propuesta de plantillas de quota puede ser esta planteada por Chris Mullendore un Premier Field Engineer de Microsoft en su post llamado “Why I love charge back model”:

  • MySite: 100MB
  • Free: <500 MB
  • Small: 501 – 1,000MB
  • Medium: 1,001 – 5,000MB
  • Large: 5,001 – 25,000MB
  • Isolated: 25,001 – 100,000MB
  • Dedicated: >100,000 (multiple site collections or a single dedicated corporate service such as Enterprise Records Management)







Normal
0




false
false
false

EN-US
X-NONE
X-NONE


















































































































































































































































































































































































































Veamos entonces como registrar una nueva quota en SharePoint:





Resumen



Defina cuantas bases de datos de contenido convienen tener en su granja SharePoint. Cada base de datos establezca un límite máximo de 200 GB a nivel SQL Server. A nivel SharePoint defina cuantas colecciones de sitios puede almacenar y muy importante el nivel de advertencia para que usted sepa reaccionar con anticipación cuando una base de datos de contenido se está quedando sin espacio. También defina quotas que le permitan contabilizar cuantas colecciones de sitio podría tener en una base de datos de contenido de acuerdo a su número máximo de almacenamiento de colecciones de sitio. Por ejemplo, si tengo una base de datos de contenido de 200 GB y tengo una quota “Large” de 25 GB, esto quiere decir que esa base de datos de contenido solo puede almacenar 8 colecciones de sitio basado en la quota antes mencionada, pero ¿si puede ver a lo que me refiero?



Con estos controles usted puede estar siempre al tanto de los límites y capacidades del servicio, tome el tiempo de hacer un plan de capacidad de su granja SharePoint y sobre todo evite las sorpresas que lo tengan que sacar de las reconfortantes vacaciones de diciembre.
Saludos y feliz año nuevo, le deseo todo el éxito del mundo en sus proyectos personales y profesionales.


 


 


 

Tracking CryptoLocker with Malcovery & IID

On December 19th, Malcovery malware analysts found two spam campaigns that were actively distributing malware that lead to CryptoLocker. The first of these was the focus of that day’s T3 report, on AT&T-themed spam. The AT&T spam and the Visa spam from that day both dropped a small “downloader” piece of malware.

The AT&T email had an attached .zip file named VoiceMail.zip which was 8,810 bytes in size and had the MD5 be7d2f4179d6d57827a18a20996a5a42. When unpacked, the included .exe file, VoiceMail.exe, was 15,872 bytes in size and had the MD5 d1ca2dc1b6d1c8b32665fcfa36be810b. At the time of the report, the only VirusTotal detections for that piece of malware were 5 of 49, with most major AV companies failing to detect.

VirusTotal Report 5 of 49

thelabelnashville.com/wp-content/uploads/2013/12/wav.exe206.190.147.141373,248
yellowdevilgear.com/wp-content/uploads/2013/12/wav.exe206.217.194.251373,248

The downloaded Zeus sample, wav.exe had an MD5 of a4bdb44128ca8ee0159f1de3cf11bee0 and was also very poorly detected. The VirusTotal report at that time showed only 8 of 49 detections. Of the major US-based AV, McAfee and TrendMicro detected it, both confirming a Zeus variant.

VirusTotal Report 8 of 49 detects

Immediately after becoming infected with the GameOver version of Zeus, the machine downloaded cryptolocker malware from another site.

marybuenting.com/download/files/dss.exe173.255.213.142806,912
That file, dss.exe, had the MD5 of db482a193060f7d5b81d7779b9414009 and was almost entirely undetected, registering only 1 of 49 on VirusTotal at the time of the report, although now detected by more than 30 AV products. Only Chinese-based Rising software detected this as malware at the time we first saw it at Malcovery Security.

VirusTotal 1 of 49.

CryptoLocker

There are several interesting things we found as we examined this CryptoLocker sample. Perhaps the best way to explain them is to show some of these screenshots first.

#1. This was the first screen that we saw after infection, letting us know we needed to pay a $300 ransom if we anted to decrypt our files.

#2. Our Windows wallpaper was replaced with this image, so we couldn’t miss the fact that we were infected.

#3. There was a pull-down menu that gave us two choices of how we wanted to pay. The first choice was to pay 0.6 BitCoins.

#4. This is the BitCoin Account we were supposed to send our money to. We would appreciate anyone else who is infected sending out a tweet with the hashtag “#CryptoBitCoin” letting us know which BitCoin purse you were supposed to send payment to.

#5. Something we believe was new was that we were also given an option to pay with a GreenDot MoneyPak. Although we tried to make a payment this way, two valid MoneyPak’s that we tried to send were rejected.

CryptoLocker & IID

The CryptoLocker malware has a Domain Generation Algorithm that causes it to generate as many as a thousand domain names based on the date of the infection. As we ran the malware on several different occasions, we realized that of the thousands of tested domains, the domains that resolved always resolved tended to resolve to the same IP address, 188.65.211.137.

Malcovery Security’s daily “Today’s Top Threat” reports share details about the top spam campaigns that are distributing malware. Recipients of the T3 reports would have been provided with all of the IP addresses, MD5s, and VirusTotal reports above as part of this report:

As happens in so many cases, the IP address warned about in this report provides lasting protection, as the same IP was used for CryptoLocker from that day forward. But were there other IP addresses involved as well?

Because Malcovery Security is a partner with Internet Identity, we ran the IP against their Passive DNS Database. IID’s President Rod Rasmussen and Threat Intelligence Manager Paul Ferguson gave us permission to share some of what we learned there.

CryptoLocker Domains found on 188.65.211.137

Dec 13, 2013mqagyenfbebsau.org
Dec 13, 2013ahqnsclgckkpho.org
Dec 13, 2013urkitujgkhsjl.org
Dec 14, 2013kgvmmylyflrqml.org
Dec 16, 2013shjeyrqelevega.org
Dec 16, 2013ohmfbedvtftg.org
Dec 16, 2013rldrrlcakwnumbe.org
Dec 16, 2013hgfcqopaylrvyht.org
Dec 18, 2013wxntojirxraawe.org
Dec 18, 2013jlbrdhtbkmhkryk.org
Dec 18, 2013rwmhbmtauqgyhcqhizinljirjr.org
Dec 18, 2013pdfaayxydaqpyrouwrkydmneu.org
Dec 18, 2013qplmkjrolbvc.org
Dec 18, 2013mdaodtaifpkqkk.org
Dec 19, 2013lnxbofsriihe.org
Dec 20, 2013mpcljoupkkipyl.org
Dec 20, 2013cuxsdtynsyml.org
Dec 20, 2013oxgufearvtqkwh.org
Dec 20, 2013jnptslhlsqise.org
Dec 23, 2013pqulnjwedvbpm.org
Dec 23, 2013vcbetblhrykeyxv.biz
Dec 24, 2013huqenkdqtoatvnc.biz
Dec 24, 2013omeidojwwtmalsy.biz
Dec 24, 2013klufixwglgyb.biz
Dec 24, 2013wwrahwrdcfhygp.org
Dec 24, 2013wnjoalurtgqpd.biz
Dec 24, 2013uwelewosqoirmt.org
Dec 26, 2013yxmbwneyurhxfv.org
Dec 26, 2013mgkppyunffvvd.org
Dec 27, 2013teeusgcggvys.biz
Dec 27, 2013ooqgdlwctrpt.org
Dec 27, 2013www.eliferxmart.com
Dec 28, 2013bsgxxguicafc.org
Dec 28, 2013aemivjtujaddhab.org
Were these other domains also used for CryptoLocker? YES! And here is one of the ways that we can tell. When you visit a CryptoLocker domain, there are two very interesting things about them. First, they offer Technical Support for their decryption service on these domains

As we examine the NAMESERVER choices on the domains above, we can use the Passive DNS service to find other IP addresses that use some of the same Nameservers.

The fact that at various times this DNS server, known to be associated with CryptoLocker Domain Generation Algorithm-created Domain names, has been seen on these IP addresses makes these IP addresses of interest. But does it look like they are hosting CryptoLocker Domains as well as the DNS? We used the IID Passive DNS to find lists of domain names hosted on these various IP addresses, and then checked to see whether they were used for Technical Support *OR* for distribution of Binaries associated with the CryptoLocker malware. Let’s look at what we found!

Our original IP address, 188.65.211.137, was very frequently associated with spam domains related to “Ruby Casino” a criminally operated online gaming service. The IID Passive DNS service showed us dozens of “Ruby” related domains on many of these other domains as well. For each of the other IP addresses, we’ll ask

– was a CryptoLocker TechSupport website found on this IP?
– was evidence of CryptoLocker Malware found on this IP?
– was this IP used by Ruby Casino spam domains?

On 188.65.211.137 – aemivjtujaddhab.org – Positive for CryptoLocker TechSupport!
Confirmed (VT 40/48) CryptoLocker malware = mgkppyunffvvd.org file at /0388.exe!
Confirmed Ruby Casino domains!

On 109.234.154.254 – yxmbwneyurhxfv.org – Positive for CryptoLocker TechSupport!
Confirmed CryptoLocker malware = jingo-deny-hosting.com file at /0388.exe
Previously used for Fake AV – see 0x3a blog post on Fake AV
Many Ruby Casino domains, such as arubylifeclub.com, erubylifeclub.com, irubylifeclub.com.

On 188.20.255.37 – aemivjtujaddhab.org – Dec 28, 2013 – Positive for CryptoLocker!
Same binary (0388.exe) available here.
No Ruby Casino

On 195.2.77.48 – usyusdoctfpnee.org – most CryptoLocker prior to December 6th.
Hosted malware on “AdobeFlasherUp1.com” on October 31, 2013.
Many Ruby Casino domains, including zrubywinclub.com and orubywinclub.com.

On 46.149.111.28 (Ukraine) – wwfcogdgntlxw.biz – most CryptoLocker prior to December 3rd.
Confirmed to have hosted Cryptolocker binary on November 21, 2013.
Many Ruby Casino domains, including lrubystardream.com and orubywindream.com.

On 62.76.45.1 – teeusgcggvys.biz – confirmed CryptoLocker on December 29th.
0388.exe binary available at IP or domain level.
Many Ruby Casino domains, including yrubyeurodream.com and zrubyeurodream.com

(194.28.174.119), linked by IID Passive DNS based on common Ruby Casino domains on the previous IP address, was found to be actively hosting CryptoLocker Domains found here on October 30th confirmed to be CryptoLocker by our friends at Malware Must Die, including kwajtnjddqetolh.biz. The most recent Crypto look alike was from December 10th. ukyfkufdi7ytdfuit.ru.

83.69.233.176 – mdaodtaifpkqkk.org – confirmed CryptoLocker domain on December 27th
. This IP has not been seen prior to December 27th.

83.69.233.25 – not confirmed as CryptoLocker by passive DNS.
This IP *WAS* declared to be CryptoLocker in a new paper from Dell Secureworks’ Keith Jarvis, more below.

95.172.146.68 – mdaodtaifpkqkk.org – confirmed CryptoLocker domain on December 29th
. Also hosted the AdobeFlasherUp1.com domain mentioned above.
Hosted several Ruby Casino domains, including rubypowerland.com and krubywindream.com

95.59.26.43 – dozens of CryptoLocker domains – confirmed TechSupport domains live on December 29th
0388.exe binary available on live domains, including ooqgdlwctrpt.org
Hosted several Ruby Casino domains, including rubystarsland.com, krubymasterclub.com and others.


Just on these IPs in the month of December, we find the following CryptoLocker domains:


1 Dec lbmuvpwgcmquc.org
1 Dec jknuotworuebip.org
3 Dec usyusdoctfpnee.org
3 Dec msncwipuqpxxoqa.org
5 Dec yebdbfsomgdbqu.biz
5 Dec pkakvsexbmxpwxw.org
5 Dec dhjicdgfykqoq.org
5 Dec wjbodchhlgidofm.org
5 Dec ghvoersorwsrgef.org
5 Dec rttvxygkmwlqmq.net
5 Dec wwfcogdgntlxw.biz
6 Dec bsngfunwcpkjt.org
6 Dec tmphandchtcnffy.org
7 Dec qnsoiclrikwj.org
7 Dec nfnfskbniyajd.org
7 Dec swmbolrxyflhwm.biz
7 Dec agwwcjhinwyl.org
7 Dec osmhvqijsiedt.org
7 Dec cmidahhutlcx.org
7 Dec emttankkwhqsoe.org
9 Dec ormyfnlykajkdr.org
9 Dec ypxnqheckgjkbu.org
10 Dec vsjotulrsjhyf.org
10 Dec kmjqcsfxnyeuo.org
10 Dec cpapfioutwypmh.org
10 Dec xivexnrjahpfk.org
10 Dec ukyfkufdi7ytdfuit.ru
10 Dec www.qnsoiclrikwj.org
10 Dec www.jxjyndpaoofctm.com
11 Dec slbugcihgrgny.org
11 Dec ykmccdhpgavm.org
11 Dec wpowcdntgoye.org
11 Dec gavhopncgfmdq.org
12 Dec rkmmrxbpafgnplt.org
12 Dec fpvpnoqmgntmc.org
13 Dec mqagyenfbebsau.org
13 Dec ahqnsclgckkpho.org
13 Dec urkitujgkhsjl.org
14 Dec kgvmmylyflrqml.org
16 Dec shjeyrqelevega.org
16 Dec ohmfbedvtftg.org
16 Dec rldrrlcakwnumbe.org
16 Dec hgfcqopaylrvyht.org
18 Dec wxntojirxraawe.org
18 Dec jlbrdhtbkmhkryk.org
18 Dec rwmhbmtauqgyhcqhizinljirjr.org
18 Dec pdfaayxydaqpyrouwrkydmneu.org
18 Dec qplmkjrolbvc.org
18 Dec mdaodtaifpkqkk.org
19 Dec lnxbofsriihe.org
20 Dec mpcljoupkkipyl.org
20 Dec cuxsdtynsyml.org
20 Dec oxgufearvtqkwh.org
20 Dec jnptslhlsqise.org
23 Dec pqulnjwedvbpm.org
23 Dec vcbetblhrykeyxv.biz
24 Dec omeidojwwtmalsy.biz
24 Dec huqenkdqtoatvnc.biz
24 Dec klufixwglgyb.biz
24 Dec wwrahwrdcfhygp.org
24 Dec wnjoalurtgqpd.biz
24 Dec uwelewosqoirmt.org
26 Dec yxmbwneyurhxfv.org
26 Dec mgkppyunffvvd.org
27 Dec teeusgcggvys.biz
27 Dec ooqgdlwctrpt.org
28 Dec fsihpjionkbb.net
28 Dec bsgxxguicafc.org
28 Dec aemivjtujaddhab.org
28 Dec iwgymewvnfpyveg.org
28 Dec dryadsncyghpyx.org

We actually found THREE of the IP addresses that we found via Passive DNS analysis listed on a blog site in an article called CIS Cyber Alert Releases Recommendations to Combat Cryptlocker Malware by Thu Pham. That same article refers to a list of CryptoLocker C&C’s that CIS is recommending to block. I list those IP addresses here from their list found at: CIS CryptoLocker List. Only three of the IP addresses listed by CIS are on on our list of ten.
Keith Jarvis of Dell SecureWorks released an excellent paper on CryptoLocker Ransomware on December 18, 2013. I just found it tonight as I was Googling for additional evidence on some of the IP addresses above. I highly recommend this resource, available at Dell SecureWorks CryptoLocker Ransomware.

The same Dell Secureworks paper made me aware of the excellent thesis BitIodine: Extracting Intelligence from the Bitcoin Network by Michele Spagnuolo.

Multiplex Animation

PowerPoint is sometimes used as a software to create image slideshow, where album consisting multiple images are displayed through the entire slideshow. With that, here are some interesting Multiplex animations that you can achieve by combining different animations, tweaking timings and images etc. 7 Multiplex animations are demonstrated. 1 – Cross Dissolve, which leverage on random bars. 2 – Diamond Strips, which made use of multiple Strips. 3 – Quartz, which made use of shape and wheel to achieve quartz effect. 4 – Multi-Checkered, which consists of dual checker board effects, 5 – Complex Blinds, which is an advance blind effect, making use of Split and Random bars effects. 6 – Clone Merge, which leverage on dual Float in effects. 7 – Matrix, which made use of multiple Expand effects as well as timing tweaking and image cropping.


Multiplex Animation – Download

Hadoop and MapReduce basics–Udacity online course

Udacity and Cloudera recently partnered to create an online course titled “Introduction to Hadoop and MapReduce”.

I really like the course.  It’s short and to the point.  I think it’s a very good introduction for people new to Hadoop and wanting to get a bit of hands on.

I created a short YouTube video that walks someone through the first question in the final section of the course.  It’s important to understand the concepts thought in the course, because they all need to be applied here.

Installing the Cloudera VM using VMware Player

I created a short YouTube video that walks a new user through the process of install VMware Player and then loading the Udacity/Cloudera pre-built VM.

This is very handy for people new to virtualization and wanting some help to walk through the process of getting the VM up and running.

Quick Tip: Quick formatting in PowerPoint 2013

Formatting in PowerPoint can become a hassle if you can’t find the feature you need. While Ribbon has improved the ease of use, there are still time where you will find yourself randomly scrolling through the tabs to get what you need. Fortunately, PowerPoint 2013 made it even easier for you to format your objects without the need to go through the ribbon. To do so, simply right click on the object you are editing. This will bring up a quick format toolbar which provides different format tools depending on what you are editing.


For instance, right clicking on


1) Shape or border of textbox – bring up a quick format toolbar that allows you to edit the Style, Fill and Outline.


2) Image – allows you to edit the Style and Crop the image.


3) Video – allows you to edit the Style, Trim and Start on click or automatically. 


4) SmartArt – allows you to edit the Style, Color and Layout.


5) Chart – allows you to edit the Fill and Outline 


PowerPoint Quick Access Toolbar customization

Ribbon has been introduced since PowerPoint 2007 (also the rest of Office programs) and it has pretty much replaced the old styled toolbar in PowerPoint 2003 and earlier versions. With Ribbon, commands are now easier to look for if you are not familiar with PowerPoint. However, there are some who still preferred the old small icons in PowerPoint 2003 and earlier. To achieve this, one can make use of the Quick access toolbar. This toolbar is available by default at the top left hand corner of PowerPoint 2007 and above, with 4 default commands – Save, Undo, Redo, Start from Beginning.


You can also add more commands to the Quick Access Toolbar. There are a few ways to bring up the customization. In the order of ease: 1 – Right click on the toolbar | Select customize Quick Access Toolbar. 2 – Click on the dropdown beside the Quick Access Toolbar | Select More Commands. 3 – Click on File | Options | Quick Access Toolbar. On the customization screen, you will find two columns, the first being the list of available commands and the second being the commands you want to have on the QAT. On the first column, you can also see a drop down menu which allows you to choose from a range of commands within a list (e.g. Commands in the SmartArt Tools | Design Tab), thus allowing you to have easier accessibility to frequently used commands. Once you have selected a command of your preference, click Add which is located in the center of the customization screen.


A tip is to add some of the useful commands which are not found on the ribbon. For instance, Bring Forward and Send Backward, which allows you to reorder the stacking order of your objects more easily; Reuse Slides, which allows you to add slides from other PPT files; Snap to Grid, to toggle on and off based on your preference during editing. You can also add a Separator which should be on top of the list, which allows you to categorize your QAT. In addition, if you are working on a project presentation which require frequent usage of a certain feature, you can set the QAT to be available for this presentation only. 

Microsoft Project Siena (beta)

In December 2013, Microsoft released a new beta tool code-named “Project Siena.” Here is what Microsoft has to say about this tool.

“Microsoft Project Siena (code name) is the beta release of a new technology for business experts, business analysts, consultants, and other app imagineers. Now, without any programming, you can create powerful apps for the device-first and cloud-connected world, with the potential to transform today’s business processes.”

Unlike LightSwitch, Siena does not support any traditional code-behind programming. Instead, it supports Excel-like expressions and functions. Behind the scenes it builds Windows 8 applications using HTML5 and JavaScript.

Data sources currently include:

  • Excel
  • Azure Mobile Services
  • REST services
  • RSS Feeds
  • SharePoint.

I suspect that this list will expand as the product evolves.

It is important to emphasize that Project Siena is currently in beta. Things will change as the product evolves and it is also possible that the product will never see a public final release.

image     image

In this tutorial we look at creating two applications. One uses the myVFBProf.com RSS feed to make a very rudimentary blog reader. The second creates an application that presents manufacturing instructions for the hypothetical AdventureWorks company. Data from an OData service is imported into Excel and then the Excel workbook is used as the data source for the application.

bill

Vector Shine effect

Gradient can be a useful tool to create effects. Here’s a demonstration of vector shine effect done in PowerPoint using shapes, background and gradient formatting. 


ASProx spamming Court-Related malware

Court-related malware from ASProx

The same spamming botnet that is sending the Delivery spam that imitates Walmart, CostCo and BestBuy has also been busy sending out Court-related spam.

So far, there have been 9 different malware samples distributed by this campaign, which began on December 23rd at approximately 7:45 AM (US Central Time GMT -6)

Here are the relative distributions of each, where the first number is the number of spam samples collected in the Malcovery Security Spam Data Mine. The second column is the domain name used, the third is the MD5 of the .zip attachment, and lastly, in 15 minute increments, the first and last time period in which spam bearing this attachment was seen.


11633 | jonesday.com | 442e746ad1d185dd1683b1aa964f6e56 (2013-12-23 07:45 to 2013-12-23 21:00)
5979 | jonesday.com | 267d9f829ea2e3620ee62c52fcb4ebe9 (2013-12-23 16:30 to 2013-12-24 05:15)

Email subjects with counts for JonesDay were:

5050 of Subject: Urgent court notice NR#
4738 of Subject: Hearing of your case in Court NR#
4150 of Subject: Notice of appearance in court NR#
3640 of Subject: Notice to appear in court NR#


4365 | lw.com | b2f8e5d86d7c50b5017e88527d8ce334 (2013-12-24 07:45 to 2013-12-24 20:00)
142 | lw.com | 76cdb2bad9582d23c1f6f4d868218d6c (2013-12-24 08:00 to 2013-12-24 16:00)
651 | lw.com | 0f0bb7b4f67b3bd90e944fcf7473b9d8 (2013-12-24 14:15 to 2013-12-24 20:00)

Email subjects with counts for Latham Watkins were:

1477 of Subject: Urgent court notice No#
1319 of Subject: Hearing of your case in Court No#
1251 of Subject: Notice of appearance in court No#
1110 of Subject: Notice to appear in court No#


3054 | hoganlovells.com | 30336df44c6808175bf4a7c212d3e2f8 (2013-12-25 14:15 to 2013-12-26 03:00)
3236 | hoganlovells.com | f97795c2124f60596eb8faf18307ac35 (2013-12-25 05:15 to 2013-12-25 23:00)

Email subjects with counts for Hogan Lovells were:

1785 of Subject: Urgent court notice WA#
1615 of Subject: Hearing of your case in Court WA#
1547 of Subject: Notice of appearance in court WA#
1334 of Subject: Notice to appear in court WA#


3500 | mwe.com | d181af2b32830119c0538851a8b53af8 (2013-12-26 06:00 to 2013-12-26 16:30)
484 | mwe.com | 7c572385f09773237805a52e2fc106e9 (2013-12-26 12:00 to 2013-12-26 17:15)

Email subjects with counts for McDermett Will and Emery were:

1172 of Subject: Urgent court notice CH#
1009 of Subject: Hearing of your case in Court CH#
962 of Subject: Notice of appearance in court CH#
838 of Subject: Notice to appear in court CH#


I think this might make a good time to talk about malware detection rates. I’m going to do a “re-analyze” of each of these files on VirusTotal. Let’s start with the oldest one first.

My “442e7″ jonesday sample is: Court_Notice_Jones_Day_Wa#3358.zip which contains the file “Court_Notice_Jones_Day_Washington.exe” with an internal timestamp of 12/23/2013 5:24 PM and a size of 121,344 bytes and an MD5 of 6933c76f0fbabae32d9ed9275aa60899.

VirusTotal says? 33 of 48.

My “267d9″ jonesday sample is Court_Notice_Jones_Day_Wa#8877.zip which contains the file “Court_Notice_Jones_Day__Washington.exe” with an internal timestamp of 12/23/2013 8:40 PM and a size of 123,904 bytes and an MD5 of 84fae8803a2fcba2d5f868644cb55dd6.

VirusTotal says? 35 of 48. Please note that seven of the AV’s correctly identify this as Kuluoz while some call it DoFoil, and one of the majors calls it “FakeAVLock”. (This malware does NOT act like a Fake anti-virus, and does not lock your computer.

My “b2f8e5″ Latham & Watkins sample is: Court_Notice_Latham_and_Watkins___NY88756.zip which contains the file “Court_Notice_Latham_and_Watkins__New_York.exe” with an internal timestamp of 12/24/2013 5:13PM 123,904 bytes in size and an MD5 of ac572ca741df1bbcc88183e27e7fce6c.

VirusTotal says? . Second LW

Third LW

My “30336” Hogan & Lovells sample is: Court_Notice_Hogan_Lovells_WA29377.zip which contains the file “Court_Notice_Hogan_Lovells_WA_Washington.exe” with an internal timestamp of 12/25/2013 05:05 PM and 167,936 bytes in size and an MD5 of ebcb90d14904d596531fc8989c057f40.

VirusTotal says? 26 of 48 We still have one group calling it Zeus and one FakeAVLock. It’s been on VT for 1 day and 12 hours at this point.

My “f9779″ H&L sample is: Court_Notice_Hogan_Lovells_WA34711.zip which contains the file “Court_Notice_Hogan_Lovells_WA_Washington.exe” with an internal timestamp of 12/25/2013 9:42 AM and 167,936 bytes in size and an MD5 of bd4255eacbf47649570c58061d81f018.

VirusTotal says? 25 of 48.

And now the ones from today. My “d181a” sample from MWE is Court_Notice_Chicago_CN83259.zip which contains the file “Court_Notice_Chicago_McDermott_Will_and_Emery.exe” with an internal timestamp of 12/26/2013 at 12:41 PM and a size of 163,328 bytes and an MD5 of 225b15d05fe6f5d24d23b426fcfd7a2d.

VirusTotal says? 21 of 45 .

And the most recent sample from MWE, “7c572″, is Court_Notice_Chicago_CN56910.zip which contains the file Court_Notice_McDermott_Will_and_Emery.exe with a timestamp of 12/26/2013 at 7:33 PM and a size of 163,328 bytes and an MD5 of c77ca2486d1517b511973ad1c923bb7d.

VirusTotal says? 21 of 46.

Holiday Delivery Failures lead to Kuluoz malware

As Christmas grew closer and people began to worry about whether their online purchases would reach their destinations in time to be placed beneath the Christmas Tree, online scammers decided to take advantage of this natural fear to install malware on the computers of unsuspecting nervous nellies. One television news program today interviewed a woman who had almost fallen for one of these scams in a story they called Costco Customers Targeted in Phishing Scam. In that story, the shopper, Marianne Bartley, said the email she had received told her a package had not been delivered and that she would receive a refund, but if she didn’t fill out an online form, she would be penalized 21% of the purchase price.

The local news station, KOLO 8, contacted CostCo by telephone and received this automated warning:

“If you received an email concerning a delivery failure or cancellation: immediately delete the e-mail and do not reply. This is a phishing scam and was not sent by Costco. Costco is not affiliated with the e-mail in any way.”

Here’s the email that Marianne and hundreds of thousands of American Christmas shoppers have been receiving since December 19th at approximately 10 AM. The non-stop bombardment of spam continued throughout the day today, December 26th, and will likely continue tomorrow as well:

But it wasn’t just CostCo. In fact, Walmart and BestBuy were also used in this spam campaign with emails that looked like these:

Each day the Malcovery Spam Data Mine processes more than a million spam email messages searching for dangerous threats like these and our analysts evaluate the threats and provide intelligence to customers to help them protect themselves. In this case, Malcovery has seen more than 3,000 copies of these “Delivery” emails, which come with one of several prominent Subject lines:

  • Express Delivery Failure
  • Standard Delivery Failure
  • Scheduled Home Delivery Problem
  • Delivery Canceling
  • Special Order Delivery Problem
  • Expedited Delivery Problem
  • Expedited Delivery Problem

Although the emails can come from any username and any domain, the “Sender Name” (the human-friendly portion of the “From” address) has been consistent as one of these:

  • Best Buy
  • Best Buy Shipping Agent
  • Costco
  • Costco Shipping Agent
  • Costco Shipping Manager
  • Walmart
  • Walmart Delivery
  • Walmart Delivery Agent

What would happen if someone clicked on one of these emails? The actual destination would depend on which date and which email type they clicked on, but we have collected a fairly extensive list of destination websites. A full list of the 636 compromised websites that we have seen so far in this campaign is listed at the very end of this article. Just in the past four hours we’ve seen spam samples that went to each of these websites:

kinderopvangnatuurlijk.nl       
radomir.lt
kaufhaus-myklick.de
quranrazavi.ir
puertaselectricasof.com
pryozerne.com
proschild24.com
profi-poz.pl
profilaktica.tv
preventia.nl
priroda.by
pratabong.com
palswebservice.com
pravoslavie-hristianstvo.ru
pornoholigans.com
polarcol.com
polluxautos.nl
porncontent.nl
podiodemo.aalilaa.com
ponorogozone.com
Each of those websites has been broken into by a criminal’s hacking program which has created many subdirectories on the server, each starting with either “/media/” or “/messages/” followed by a long random-looking string, followed by a “Form Name”. Here a couple recent examples:

/media/Zo6es/bMNyDwcSdtDF1IPBaXWwNlBiBFq/kCUlscSGI=/WalmartForm
/media/J4oHEmjaJvBvrdXTz3KJ5i7G46NP5/dGAYZ5aN4O qs=/CostcoForm
/media/fs1vp YmmEnb7Z6ftU5jKPU7X9Gc3DsasqKZPCIooRc=/WalmartForm
/media/9mz6i EkIDix5uVIAMa4AuEYNuNf18/32d3lFXUnyIQ=/CostcoForm
The “message” path (and the two BestBuy Forms) were more common earlier in the campaign. In fact, on the 19th, we ONLY saw BestBuy samples of the spam:

/message/zZFXQdfn98Ze1SQS7s6a9/yldS qZDpeIXu2C4RRif8=/BbForm
/message/ByundeWiiEoYMllShj48YUj2k53Nndy0jf2mDPhJdNI=/WalmartForm
/message/xERnC10Jrrv0FedQUPsBkZcIonAwqG6e9vMULe1vDkw=/BestBuyForm

What happens first is that the website prompts the visitor to save or open the file “WalmartForm.zip” (or whichever form they have visited.)

If they choose “Open” it will show them that there is a form to be extracted within the .zip file.

If extracted or moved to the Desktop, the form will display a comforting Microsoft Word logo, despite the “.exe” extension

If the visitor tries to open the WalMartForm.exe program, they will get an error message, which is actually a file called WalmartForm.txt opening in Notepad:

If we check memory though, the program “WalMartForm.exe” has spawned an instance of “svchost.exe” which has some very interesting strings, including:

 http://192.210.142.87:8080/709E5B7E58D806F5837DA791871C5FD8EF71A1A7F2

That IP is believed to be the Command & Control (C&C) server to which my infected computer instance is talking.

Other interesting strings include a “knock” tag:


(knock)(id)709E5B7E71F412D245208000C3208388(/id)
(group)2612r(/group)
(src)21(/src)
(transport)0(/transport)
(time)-194855676(/time)
(version)1281(/version)
(status)0(/status)
(debug)5.1 x32 none none(/debug)(/knock)
The location of some additional malware dropped from the server:

C:Documents and SettingsOwnerLocal SettingsApplication Datakinwmeiq.exe

And a tag that SEEMS to show the username of the malware author, though I’ll not include that here . . .

Note that even though this malware distribution campaign has been running for at least seven days, many major anti-virus products are still unable to detect the malware as being malicious. A VirusTotal report showed that only 20 of 48 anti-virus products currently detect the malware that I received when visiting the most recent website seen in spam. Neither of the two locally installed AV products on my machine detect the malware, and the URL I attempted to visit was not marked as dangerous by any of the systems I have installed. VirusTotal Report here.

Hacked websites used to Deliver Delivery malware


12zuilen.com
1clicksoeasy.com
235concept.com
2emamzadegan.com
3tm.org
4wedding.in.ua
555robogo.hu
8888.ru
911-experience.nl
aa.tukums.lv
aaronsautomatedclassroom.com
aayushivfraipur.com
abc-f.com.ua
acciongranate.com
ace.amiworks.co.in
acod.digitalgeneration.be
acrideme.co.mz
addvo.ru
adventistfamily.net
aesthetic-dentistry-travel.com
africinworld.net
ag376.us
ahangerooz.com
ahbrownlibrary.org
ahpamt.com
ahr-fund.com
akhals.com
albergoquisisana.it
albertheijnwijkerbaan.nl
alecro.nl
alexian.com
algofacil.orgs.pe
almexterminatinginc.com
alphaomedia.org
alphaservices.co.in
alstudios.net
aluracks.be
amateurpov.nl
ame.edu.lr
americanexceptionalism.com
amgsmit.nl
amigosporelkartismo.com
andeandiscovery.com
andysarcade.de
angelinaconsignment.com
angelleinsurance.com
anoesjkasmoveon.nl
antonidesmedia.nl
antoniofalduto.it
antonio-vitolo.de
apishosting.com
aproshop.hu
aquadistri-china.com
aquafarminternational.com
aquafora.nl
arbobhv.com
arcobriga.com
arefeens.com
areyousavedtour.com
arino.de
arnoldonline.eu
artartel.ru
artexpotema.com
art-lenimarx.de
ascoelda.nl
asiancarcenter.net
asooneh.ir
astarta-group.ru
atades.com
atena-tile.ir
atlanticfitnessproducts.com
attento-systems.de
ausprogroup.com.au
autobedrijfleidscherijn.nl
autobike.tw
autocadtekenaar.nl
automartin.com
autoteile-online-shop24.de
avast.softvisia.com
avtoshkola-v-moskve.ru
awardcom.net
awaylifecommunications.com
aziendagricolacosta.it
backend.myamcat.com
balance-kettwig.de
ballandautreyancestry.com
baltiyskayasloboda.ru
barbarameszaros.com
bbkdw.com
bcstrikebusters.de
bear-tail.net
bella-signorina.nl
bermejo.be
bexeeco.com
bierwinkeltje.nl
bloemenhof-heemstede.nl
blueorangeapps.com
blueskyworksstudios.com
bmaschool.net
bodyandskincenter.be
boerenheerlijkheid.nl
boerenrock.fm
bosma.com
bphn.go.id
brandschutz-poenitz.de
breslavtsev.com
bright-color.de
bright-on-design.co.uk
brillenhuis.nl
bruggejudo.be
brugwaarde.nl
btw-nummer-controleren.nl
btwnummers.be
budapestivillanyszerelo.hu
businessmaturity.nl
butikispot.com
bvlemmer.nl
cafe-boehlig.de
callabook.ru
callshop-discount.de
camspleetje.com
canceris.net
capital-incentive.com
careercompasscanada.com
carinvandenberg.nl
carolinaalpacafarms.org
carrefoursteusebe.com
castlekeepdanes.com
cgrc.org
challenge-center.org
chazeaux.com
cher.ec-jugend.de
chezjeanpartyservice.nl
chiduong.net
chooyilin.com
christianfamily.net
christliche-devotionalien.de
cinefocus.nl
citrusempirewebdev.com
cjays.nl
cmjardim.com.br
cocoxiang.com
coleon.ru
collectorsfair.nl
conectareus.es
confitt.de
constructii24.ro
consultoriasocial.com
convertidosacristo.org
corrado-club.nl
costa-development.nl
costa-smeralda-sardinia.com
country-freunde-nesselroeden.de
coxengines.eu
coyotepetanquetour.com
cpmerced.com
crea3x7.mx
creativefill.com
creative-interchange.com
creatures.gr
ctechmetrology.com
cuahanghieu.com
cyndiknill.ca
daalbhaat.com
dafhobby.nl
da-fortunato.de
dansgroepsplinter.be
dcb-substrate.com
deborahharrisinc.com
deeterinkbetonwerken.nl
Deko-Kerze.de
demo-design.nl
deutscheq.de
dianaostariz.com
diceonice.com
dietweetest.nl
directadvies.info
directcorp.de
diseclick.tk
distillator66.ru
djet.by
dmwgalvano.nl
dohodbezriska.ru
dokterfred.be
dongle2bin.com
doorenmalen.nl
dosmundostravel.com
dr-bekele.de
drpind.com
dscorpio.com
duapulos.com
eatecnologia.com.br
ebbinghaus-gewinnspiel.de
ebrahimiclinic.com
echocentrumamsterdam.nl
economistasmurcia.es
effectivemarketing.be
egypt4all.com
ehbo-zieuwent.nl
eierbettelnleissling.de
eijlders.net
electricmattresspadreview.com
eleganceorganizasyon.com
ellsshop.nl
emthesisconsulting.com
energotorg.com.ua
energyartgroup.com
engels-konzertbuero.de
eniac.net
enmarkservices.com
e-oksi.ru
epicschool.com
equinoxinnovations.com
equipenordestebrasil.com.br
e-quit.co.uk
erwinvandewiel.nl
esector.co
esmee.es
espaciosvintage.cl
esperanza-cafe.de
espinosagomez.com
esscortgreek.com
ethaarle.nl
evacuaid.nl
evergreenbuddhist.com
evociente.nl
ewfoods.com
excipientfest.com
explode7.com
eyco.org
ezdevajasooneh.com
f1ltracers.lt
fabgiftidea.com
fabrykakatalogow.pl
fahrfreunde.de
fakita.com
famdiffusion.ch
farbenscheibe.de
fasaltrading.com
fashionfloorz.com
fastproinvestments.nl
fccr.org.br
fceibergen.nl
fcr-jugend.de
feathersonwings.com
feichtinger-wurst.at
feldmochinger-hof.eu
fengshui-eschke.de
feriasnoriodejaneiro.com.br
fewo-haus-fuchs.de
fewo-labo.de
ff-altmannstein.de
fgh-co.ir
fgz-heidelberg.de
fidesgroup.es
fietsenineuropa.nl
final-fight.net
financialarchitects.us
finanzen-und-kredite24.de
finde-immobilien.de
fineafricasafaris.com
finishlinebuilders.com
fisch-schmidt.de
fiseon.com
flcams.com
fleer-ellerbrake.de
flicflac-mannheim.de
florarbo.com
florarie.kikirara.jp
flybowshop.com
fm.utopica.com
foodinnmobile.lpipl.com
footballmoves.com
forestshores.com
fotobox-lenthe.de
fotografie-schwelm.de
franckviviani.fr
frankenturm-trier.de
fransvanloon.com
frantoio-ramoino.com
fratresmugello.it
frederique-magnetiseur.fr
frevert-almena.de
friesekoers.nl
front404.com
froschtempel.de
fr-project.fr
fsg-pforzheim.de
fujisawa-shinya.com
funeralgravestonesandmemorialplaques.com
fysiofits.nl
galerie-rekonquista.de
galeritenuntroso.com
garage-silvestre.com
garageviaene.be
gas-zaragoza.net
gbnf.edu.co
gbrsas.com
gdp.aalilaa.com
gente1.com
gepassioneerdeeindgebruikers.nl
getfoundlocally.info
ghostwriter-sm.de
ghscowboys.com
gidroponika.pro
gipack.it
glavmel.ru
glcalpacaplace.com
goedkope-webcamsex.nl
goodnightdrink.mv
good-relation.de
gorganonline.com
graymankin.com
greatwhitegoldens.com
greendatahosting.com.au
green-fuel.us
grmt.net
growthdevelopmentpartners.com
grupofef.com.br
grup-yakamoz.de
hallandwilliamson.com
hameleon76.ru
hangvietgiatot.com
harms-melzer.de
hartvanleerdam.nl
hasanbaranatas.com
hausaerzte-bremen.de
healthycolontoday.com
heli-online.com
hellobaby.kz
herefordesign.com
hetofde.nl
hickscsc.com
hi-ns.com
hoegy.de
hoffmans-leder.de
hokkoku-cs.co.jp
holmeswf.it
homewiredandwireless.com
hondenkapperijmazzel.nl
hoofdtoren.nl
hoogglansspray.nl
hortifrut.com.ar
hostingacela.com
hotel-heigerhof.de
hotellequerce.it
hotsia.com
hotstonerelax.nl
housecoating-takayama.com
hoveniersbedrijfveere.nl
hr-solutions.pl
i.walmartimages.com
iconicalcreative.com
idvpistoia.it
ienova.com
ifb-bernhard.at
igl-netto.de
iic-corporation.com
ikastpedersen.dk
imajthailand.com
imediak.de
imenkadeh.com
impiantioleari.it
infostart.it
infostudio.org
ingomoegling.de
ini-europe.com
in-kom.com
integrityperiod.net
interakces.com.pl
interior.de
intermet.it
interweavecorp.com
intlead.ru
iphometech.com
iphone5bestellen.net
iridewheelies.com
iso17025handbuch.de
isoftenterprise.com
it2simplify.de
italcaseimmobiliare.eu
itathomegroup.com
iwmpyashada.in
iz5ilj.it
jamesroke.co.uk
jappoo-nrw.de
jdkjaslo.pl
jelte.nl
jeuxprizee.com
jmwdesign.nl
jobsearchsimplified.com
joemahonedrummer.com
johndeereoldtimers.com
jojama.nl
jonasnovello.com
jonkers-en-juffers.nl
joomla15.guru99.com
joomla3.guru99.com
jordanhomesmn.com
joyful-miniaussies.nl
j-rs.com
judithvandevecht.nl
julienblog.com
justlikedreams.com
justthrift.com
kaitoweb.com
kalinkinhill.com
kaolincentre.com.ua
kastelsbroodje.be
katglobal.in
kaufhaus-myklick.de
khoandph01081.tk
khuyenhoccham.com
kimupvc.com
kinderopvangnatuurlijk.nl
kingstarsm.com
kirschner-sonthofen.de
kitesurfschool.co.za
kmg.hobbit.seedboxes.cc
knightsbridgestudenthousing.com
komproweb.nl
kongres.pgri.or.id
koreanspa.lk
koshiki.nl
kowalewskiczarter.pl
kranendijk-domotica.nl
kreuzhuber.de
krishwellness.com
kromkesim.com
kursimakan.info
kursitamu.info
kvs-centr.com.ua
labelsexchange.ca
lafotografa.net
lapetito.cz
larredabene.com
laurenfrances.com
lavidayogabodyworks.com
ldkgroup.eu
ledmateriaal.nl
lee-kleimann.de
leerkrachtbegeleiding.nl
lema-cad.de
lesavto.ru
letreros-abc.cl
lightingretrofit.com.au
lilyzhang.net
livredesignrio.com.br
losbailongos.es
lovesdoor.org
lowerheidelbergtownship.org
lucas-av.com
luger-genesis.com
lummysoft.com
maasukraine.com.ua
macora.tv
madamebloem.nl
madsnow.ru
magentoconnect.us
mainlinemedical.com
mamonia-club.com
manliodeangeli.it
marcelldev.nl
markazisport.ir
marketingandsupport.com
markhalwani.com
marokko-ferien.de
marriageselite.com
masseriabaronia.it
matius.net
mayahuel.info
mcatransportation.com
media-aetas.de
media-industries.nl
megashoes.com.ua
memorialmustangs.com
menya-marugen.com
merflemunchies.com
merkx-mook.nl
methodistfamily.com
mftqs.com
michaelbadura.net
michelsweb.nl
mijnbieshaar.nl
minamargroup.com
minasvale.com.br
minuscity.ru
miriam-strehlau.com
mixpromocionales.com
mobifrit.be
modumorientering.no
molecularmotors.org
mon-arch.com.ua
mondart.net
monkeyinthecage.com
monster-rock.com
montanaflowergirls.com
mooibeautyandwellness.nl
mooigelukt.nl
mootstudio.mx
mops-greta.de
mortgage-rates-refinancing.com
mostly3d.com
mpacreative.co.uk
mrcollection.com
mrfancyplantsnursery.com
msmarketintel.com
mvcf.dreamhosters.com
mvcfmaster.com
mybloodfirst.com
nakyb.com
nancydsolomon.com
nanogate.co.uk
naturex.lt
naunhofer-wohnbau.de
nawazone.com
nayaraspa.com
nederlandoutdoor.nl
needhamcab.com
nepal-himalaya-trekking.de
nesslerfamily.com
netscripter.org
new.free-dom.by
newelementgaming.net
neweranewplan.com
newhanovergardens.com
newstylezone.com
nhasachphuongdong.com
nickmudge.info
nipponboard.com
nododono.com
norcalcompetitivesports.com
northgateanimalclinic.com
noval.cl
novinhosdobrasil.com.br
noworriesit.net
nrgservice.ru
nudiism.com
nujit.com
nur-celik.com
nushaba.ru
nysalons.com
nystormnyc.com
odeaannemer.nl
odessa-live.ru
offertedelmomento.it
olense-truckersvrienden.be
oliehandeltwente.nl
omsinchan.ac.th
onetelenet.co.uk
online-planning.eu
opportunityspinner.com
optimosapto.com
optiontradingnewsletter.com
oreda.nl
organicfoodtown.com
ortalsoft.com
oshoppingtv.com
otm-corp.com
otudo.ru
owingen-coudoux.de
ows-winespirits.com
pafrock.de
palswebservice.com
paoloverrecchia.it
papironi.com
patatfriet.com
pavlab.com
pcmcalibrators.com
pcs-network.de
peaceofmind.com.pl
penumbrasolutions.com
petr.ilgner.cz
photo2canvasdirect.com
pimhesse.nl
pinkdiamondconsulting.com
pixelonnet.de
piyamaku.com
planet-intv.com
pn-kotamobagu.info
podiodemo.aalilaa.com
pokojegoscinnekarpacz.pl
polarcol.com
polkphotography.net
polluxautos.nl
ponorogozone.com
porncontent.nl
pornoholigans.com
pratabong.com
pravoslavie-hristianstvo.ru
prazdnik-doma.by
preventia.nl
priroda.by
profilaktica.tv
profi-poz.pl
proschild24.com
pryozerne.com
puertaselectricasof.com
quranrazavi.ir
radomir.lt
redwineevents.biz
rik-design.ru
rockzulte.be
rondomhetpark.nl
salsacursussen.nl
scienceofsailing.info
sheltiesvombuchenweg.de
shikmodern.by
shotredes.com
slotoking.com
smartwebarchitect.be
snoeppotten.nl
sobob.org
standbouwmateriaal.nl
sterconsultancy.nl
stnw.nl
tauer.pl
tk-simvol.ru
topsticker.nl
tr-edv.info
ufakupon.ru
usethis.ru
versinamsterdam.nl
vibocenter.nl
voet-fit.nl
webmasterkursu.net
webwinkelprijsvergelijk.nl
wellingtonaugusto.com
xamb.nl
yellow-bricks.de
yfk-web.jp
zachtfruit.nl
zakenkantoorvancauwenberghe.be
zeltlager-amelsbueren.de

Text formatting technqiue

PowerPoint offers various ways for you to format your objects. In this article, we will concentrate mainly on text. With text formatting, you get to several options such as Fills (Solid, gradient, picture or texture and pattern fill), outline, shadow, reflections, and the list goes on. If you choose not to meddle with these options, you can also leverage on WordArt which provides a list of pre-configured formatting for you to use. While formatting offers wide variety of features for you to play around with, there is still a limitation to it, which would be that you are only able to apply a form of fill, thus restricting complexity and give you the ‘this and nothing else’ option. 


A solution to this is to make use of multiple layering technique, which is simple yet opening up more complexities and choices when making a text design of your preference. It also allows you to separate your formats to allow easier customizations. For instance, pattern fill provides multiple patterns from strikes to checker board. However, you will not be able to create gradient effects on the patterns. By overlaying a duplicated text with gradient fill, then set the transparency to your preference, you will then be able to achieve such effect. A sample text effect below demonstrates how multiple layered formatting can achieve effects that single layered formatting are not able to. Download the ppt file for more samples.


 


How to set Profile Picture in Office 365 SharePoint 2013 site using CSOM

 


My blog has been moved to http://sundarnarasiman.net.


I have migrated it to WordPress platform.
You can find this post http://sundarnarasiman.net/?p=115


 

Understanding Font Rules in CSS

Quite often, developers or designers include a list of fonts within their CSS. As an example, one might define a CSS rule such as:

font-family: ‘Segoe UI’, Arial, Tahoma, Helvetica;

However, what some developers or designers may not realize is that the font, Tahoma, will never be reached. The reason for this is that Arial is much more prevalent than Tahoma. In fact, most Mac users would not see the site render using the Helvetica font as one may expect. This is because the Arial font has been included with Macs since OS X.

If your application targets the Windows platform primarily, you should be aware of when fonts have been introduced. For example, unless the client machine is Windows 8 or later, the ‘Segoe UI’ font will not be used. Rather, the ‘Arial’ font in our case would be used. In addition, Apple has started to introduce and license the more common Windows fonts in their operating systems. As an example, since OS X 10.4, Verdana has been included on Macs. It’s also included on iPads and in many Linux installations. Knowing this can help developers and designers include the right fonts for their situation.

Knowing this, we should probably define our rule, if this meets the styles we expect, such as:

font-family: ‘Segoe UI’, Helvetica, Tahoma, Arial;

In this case, the ‘Segoe UI’ font will be used on modern Windows machines, Helvetica will be used on any Macs, Tahoma will be used on most other machines, and Arial will fill in the gaps. The minute remainder of activity that doesn’t have one of these fonts will default to that machine’s default system font. In most of those cases, you are most likely not targeting those users for browsing activity.

If you’d like to ensure that everyone is receiving the same typeface experience, you may also want to consider using Web Fonts. Web fonts allow font files to be hosted external from your site. There are many resources for web fonts available across the web. To use the @font-face rule, be sure that the browser you are targeting support it. Most modern browsers do support this rule.

How to read UserProfile property from Office 365 SharePoint 2013 site using CSOM

My blog has been moved to http://sundarnarasiman.net.


I have migrated it to WordPress platform.
You can find this post http://sundarnarasiman.net/?p=114


 

Fix for Media Center library issue after Christmas tree lights incident

Twas the night before Christmas and….

To cut a long story short the PC that runs my Window Media Center (MCE) got switched on and off at the wall twice whilst Christmas tree lights were being put up.

Now the PC is running WIndows 8.1 on modern hardware, so it should have been OK, and mostly was. However I found a problem that MCE was not showing any music, video or pictures in its libraries but the recorded TV library was fine. I suspected the issue was that my media is on an external USB3 RAID unit, so there was a chance that on one of the unintended reboots the drives had not spun up in time and MCE had ‘forgotten’ about the external drive.

So I tried to re-add the missing libraries via MCE > Tasks > Settings > Media Libraries. The wizard ran OK allowing me to select the folders on the external disk, but when I got to the end the final dialog closed virtually instantly. I would normally have expected it to count up all the media files as they were found. Also if I went back into the wizard I could not see the folder I had just added.

A bit of searching on the web told me that MCE shares its libraries with Windows Media Player, and there was a a good chance they were corrupted. In fact running the Windows Media Player trouble-shooter told me as as much. So I deleted the contents of %LOCALAPPDATA%MicrosoftMedia Player folder as suggested. It had no useful effect on the problem. The only change was the final dialog in the wizard did appear to count the media files it found now, taking a few minutes before it closed. But the results of the scan were not saved.

So I switched my focus to Media Player (WMP). I quickly saw this was showing the same problems. If I selected WMP > Organise > Manage libraries no dialog was shown for music, video or pictures. However the dialog did appear for Recorded TV which we know was working in MCE.

image

Also if I selected WMP > Organise > Options… > Rip Music, there was no rip location set, and you could not set it if you pressed the Change button.

image

The web quickly showed me I was not alone in this problem, as shown in this post and others on the Microsoft forums. It is worth noting that this thread, and the others, do seem to focus on Windows 7 or Vista. Remember I was on a PC that was a new install of Windows 8 and in place upgraded to 8.1 via the Windows Store, but I don’t think was the issue.

Anyway I tried everything I could find the posts

  • Restarted services
  • Deleted the WMP databases (again)
  • Uninstalled and re-install WMP via the WIndows Control panel > Install Products > Windows feature
  • Checked the permissions on folder containing the media

Everything seemed to point to a missing folder. The threads talked about WMP being set to use a Rip folder that it could not find. As my data was on an external RAID this seemed reasonable. However on checking [HKEY_CURRENT_USERSoftwareMicrosoftMediaPlayerPreferencesHMELastSharedFolders] there were no paths that could not be resolved.

So I decided to have a good look at what was going on under the covers with Sysinternals Procmon, but could see nothing obvious, no missing folders, not registry key calls missed.

In the end the pointer to the actual fix was on page 8 of the thread by Tim de Baets. Turns out the issue was with the media libraries in C:Users<your username>AppDataRoamingMicrosoftWindowsLibraries. If I tried to a open any of these in Windows Explorer I got an error dialog in the form ‘Music-library-ms’ is not longer working. So I deleted the Pictures, Music and Video library folders in C:Users<your username>AppDataRoamingMicrosoftWindowsLibraries, which was not a problem as they were all empty.

When I reloaded WMP I could now open the WMP > Organise > Manage libraries dialogs and re-add the folders on my RAID disk, also I could set the Rip folder.

As these settings were shared with MCE my problem was fixed, ready for a Christmas of recording TV, looking at family photos and playing music.

Whether it was the power outages that caused the problem, I have my doubts, as power cuts have not been an issue in the past. maybe it is some strange permission hangover from the upgrade from Windows 8 > 8.1 I doubt I will ever find out.

Fix for Media Center library issue after Christmas tree lights incident

Twas the night before Christmas and….


To cut a long story short the PC that runs my Window Media Center (MCE) got switched on and off at the wall twice whilst Christmas tree lights were being put up.


Now the PC is running WIndows 8.1 on modern hardware, so it should have been OK, and mostly was. However I found a problem that MCE was not showing any music, video or pictures in its libraries but the recorded TV library was fine. I suspected the issue was that my media is on an external USB3 RAID unit, so there was a chance that on one of the unintended reboots the drives had not spun up in time and MCE had ‘forgotten’ about the external drive.


So I tried to re-add the missing libraries via MCE > Tasks > Settings > Media Libraries. The wizard ran OK allowing me to select the folders on the external disk, but when I got to the end the final dialog closed virtually instantly. I would normally have expected it to count up all the media files as they were found. Also if I went back into the wizard I could not see the folder I had just added.


A bit of searching on the web told me that MCE shares its libraries with Windows Media Player, and there was a a good chance they were corrupted. In fact running the Windows Media Player trouble-shooter told me as as much. So I deleted the contents of %LOCALAPPDATA%MicrosoftMedia Player folder as suggested. It had no useful effect on the problem. The only change was the final dialog in the wizard did appear to count the media files it found now, taking a few minutes before it closed. But the results of the scan were not saved.


So I switched my focus to Media Player (WMP). I quickly saw this was showing the same problems. If I selected WMP > Organise > Manage libraries no dialog was shown for music, video or pictures. However the dialog did appear for Recorded TV which we know was working in MCE.


image


Also if I selected WMP > Organise > Options… > Rip Music, there was no rip location set, and you could not set it if you pressed the Change button.


image


The web quickly showed me I was not alone in this problem, as shown in this post and others on the Microsoft forums. It is worth noting that this thread, and the others, do seem to focus on Windows 7 or Vista. Remember I was on a PC that was a new install of Windows 8 and in place upgraded to 8.1 via the Windows Store, but I don’t think was the issue.


Anyway I tried everything I could find the posts


  • Restarted services
  • Deleted the WMP databases (again)
  • Uninstalled and re-install WMP via the WIndows Control panel > Install Products > Windows feature
  • Checked the permissions on folder containing the media

Everything seemed to point to a missing folder. The threads talked about WMP being set to use a Rip folder that it could not find. As my data was on an external RAID this seemed reasonable. However on checking [HKEY_CURRENT_USERSoftwareMicrosoftMediaPlayerPreferencesHMELastSharedFolders] there were no paths that could not be resolved.


So I decided to have a good look at what was going on under the covers with Sysinternals Procmon, but could see nothing obvious, no missing folders, not registry key calls missed.


In the end the pointer to the actual fix was on page 8 of the thread by Tim de Baets. Turns out the issue was with the media libraries in C:Users<your username>AppDataRoamingMicrosoftWindowsLibraries. If I tried to a open any of these in Windows Explorer I got an error dialog in the form ‘Music-library-ms’ is not longer working. So I deleted the Pictures, Music and Video library folders in C:Users<your username>AppDataRoamingMicrosoftWindowsLibraries, which was not a problem as they were all empty.


When I reloaded WMP I could now open the WMP > Organise > Manage libraries dialogs and re-add the folders on my RAID disk, also I could set the Rip folder.


As these settings were shared with MCE my problem was fixed, ready for a Christmas of recording TV, looking at family photos and playing music.


Whether it was the power outages that caused the problem, I have my doubts, as power cuts have not been an issue in the past. maybe it is some strange permission hangover from the upgrade from Windows 8 > 8.1 I doubt I will ever find out.

Santa… tambien aqui?

Que raro!! Después de la noche Santa se ha dejado algunas prendas en la oficina! … supongo que ha estado trabajando, no?



:-)
Santa Inocencia!!

Code and Christmas :-)

Private card As Func(Of DateTime, String) =


Function(x As DateTime) If(x = New DateTime(DateTime.Now.Year, 12, 24), “Merry Christmas”,


                        If(x = New DateTime(DateTime.Now.Year, 12, 31), “Happy New Year”,


                        “No Card for today”))


 


Func<DateTime, string> card = (DateTime x) =>


         x == new DateTime(DateTime.Now.Year, 12, 24) ? “Merry Christmas” :


         x == new DateTime(DateTime.Now.Year, 12, 31) ? “Happy New Year” :


         “No Card for today”;


 


Merry Christmas to everybody!
PepLluis,

Recent Comments

Archives