Our digital assets are not safe! India has been the victim of numerous cyber attacks at the national, state, corporate and individual-citizen levels, and the real and present danger has been acutely recognised by the central government. The Honourable Prime Minister, Shree Manmohan Singh, in a recent address to the Chiefs of Police, said:

“Our country’s vulnerability to cyber crime is escalating as our economy and critical infrastructure become increasingly reliant on interdependent computer networks and the Internet,”

“Large-scale computer attacks on our critical infrastructure and economy can have potentially devastating results.”

“The use of bulk SMSes and social media to aggravate the communal situation is a new challenge that the recent disturbances have thrown before us. We need to fully understand how these new media are used by miscreants,”

It is high time that we did something about these threats. We need to evaluate the nature of the threats, and devise robust defences against them such that the Constitutional mandates are upheld, and the Indian citizen’s rights are protected in virtual space as elsewhere. To this effect the National Cyber Safety & Security Standards initiative under the auspices of the Ministry of Communications and Information Technology, Government of India, has organised the NC4S – 2013 Summit to be held in Chennai next month.

We at K7Computing are extremely proud and privileged to contribute as the Cyber Defence Partner to this august symposium on national cyber security. We shall endeavour to fulfil our bounden duty of helping to safeguard the nation.

Samir Mody
Senior Manager, K7TCL

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

http://blog.k7computing.com/feed

2013, the Year of the Snake, seems to also be the year of the zero-day exploit.

Yesterday Adobe announced a vulnerability which is being actively exploited in the wild. This is the 4th zero-day discovered in recent weeks in different software from different vendors, and comes at a time when people may be more vulnerable to declarations of affection from unknown sources online. Today’s Valentine’s Day of course.

We received a sample of the malicious exploit PDF from Adobe via the Microsoft Active Protections Program framework in quick time which demonstrates the effectiveness of organised information-sharing in the security domain.

The great news is that the Carnivore technology in-built in K7 security products proactively blocked any attempt by this exploit to compromise the computer, safeguarding the receipt of many whispered e-sweet nothings.

Please note, however, that whether it is Valentine’s Day or any other day, it is highly advisable to ignore emails and chats from unknown sources be them R0me0 or Casan0va.

Image courtesy of lifecoachblog.blogspot.com

Samir Mody
Senior Manager, K7TCL

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

http://blog.k7computing.com/feed

This is the second part of a two-part blog based on my paper for AVAR 2012 that discusses the complications in automating the analysis of Android malware.

Continuing from the first part of my paper…

Detection Criteria for Automation

Automation requires a set of robust detection criteria which make it possible to determine if an application is malware or legitimate.
Some of the criteria, the key factors that could be used for automation, are described below:

Static Analysis

Permissions. As per the Android architecture, applications, at install time, request users to grant permissions (known as “capabilities” in the context of Android) to access device data or other application data. The manifest file, one of the main components of the Android application package, carries the information about these access permissions. By verifying the permission list which the application is requesting with reference to its purported functionality, the application can be classified as either dangerous or clean.

Fig. 2 below shows the manifest file for the malware Android.Nickispy .This application claims to be a legitimate alarm receiver application but requests permission to process outgoing calls, send SMS, etc., that are irrelevant to its functionality, thus raising the suspicious flag.

Fig. 2, Capabilities Requested by Nickispy

Class names. It is seen in some of the malware applications that a specific malicious class appears with the same name bundled into many legitimate applications. It may be possible to flag applications based on blacklisted malicious class names.

Author name. All Android applications have to be signed. Author names of the applications could also help in casting suspicion on an application. This is possible as some of the malware applications carry the same author names, e.g. KingMall2010, we20090202 and myournet. Crawling many of the third party websites for known malware author names is likely to help the automation process.

Generic or heuristic rules based on judicious combinations of static criteria could assist the automation detection system to identify a new variant of known threat families within no time.

Behavioural Analysis

Sandbox emulation plays a major role in spotting a malware application amidst other running legitimate applications. Running an application within a controlled environment aids the automation system to understand the behaviour of the application in question, and make a consequent decision. Few of the behaviours that can be used to establish an application as malware are described below:

Internet Usage. Monitoring the network activity, i.e. measuring the frequency of network access, or the network traffic with respect to a particular service of an application, or any installed application in relation to its purported functionality would provide extra scope to categorise applications.

Root Access. Many Android malware require root access (administrative power) to execute the desired malefide functions on the victim’s device. They acquire root access by bundling with other good applications that require root access,  by triggering an application in the victim device that requires root access, or by invoking exploits such as Exploid and RageAgainstTheCage that they carry within themselves.

Root access enables a malware application to protect itself from being easily identifiable. Installing the dropped application in the system partition makes it difficult to be uninstalled by the user. Therefore applications that manage to acquire root access within a certain context could be highly indicative of malware.

Some legitimate applications may also exhibit runtime behaviour which would trigger the above criteria so the detection logic, perhaps based on a scoring system, needs to be formulated with some care.
Note, however, that malware writers may be able to evade detection by suppressing the malware behaviour of their packages by sensing the presence of emulators [5]. Even Google Bouncer, a behavioural detection system from Google, is no exception [6].

Difficulties in Automated Detection Posed by PUAs

A major challenge in automated detection of Android malware comes from Potentially Unwanted Applications. PUAs complicate matters since they may look and smell like malware, but may not, in fact, be malware. PUAs may include, but are not limited to, Adware, Toolbars, Monitoring and Hack Tools, and Tools used to create applications, etc. Such applications have proven to be a major headache in the PC malware domain. In 2012 PUAs contributed a decent number to the “malware” count. As per the research conducted, the numbers of these applications are expected to rise consistently. 

PUAs are often found bundled with other applications that require a EULA (End User Licence Agreement). By accepting the terms and conditions in this EULA, the user is indirectly authorising the installation of ad-supported or other applications bundled in the package. Hence, the user may find it difficult to consistently distinguish the applications installed in addition to the original application. There are similar issues for automated systems.

Marketing. Few applications may come bundled with known Android packages as a marketing strategy to display notification advertisements to promote a different application or the new version of the same application, in which the user may be interested.

These types of applications may not satisfy any of the previously-mentioned detection criteria to declare them as a malware. On the other hand these programs cannot be flagged as safe either, as they install themselves on the device without the user’s knowledge. Decision making on these applications is really challenging, as some users may consider these PUAs to be beneficial, the risks notwithstanding.

Ad-networks. Of late it has been seen that there are fake markets resembling to a close degree the Android official marketplace, that host malware applications alone for all mobile Operating System platforms like Android, Symbian, and J2ME. Alongside these, there are Ad-networks that also allow advertisers to either display advertisements for their application in the middle of the application session, or to drop an icon ad on the phone desktop, or to leave an advertisement in the notification bar of the user’s device.

For instance, Airpush.com is a website that claims to be the first PUSH notification mobile ad network for Android Smartphones. This website carries an application which when run asks the user for the IMEI (International Mobile Equipment Identity), MEID (Mobile Equipment Identifier) and ESN (Electronic Serial Number) of the device, even for the user to unsubscribe from any of the ads by AirPush. Automating the process of classifying such ad-networks, and deciding on related supporting applications which request personal information, is truly complex.

DoS attacks. Similar to the PC malware, DDos attacks are also witnessed for Android. With the help of a free online service which just requires a URL or HTML to create Android applications, new applications with the desired functionality can be created. For example, Android/DIYDoS [McAfee], grouped under PUAs, works with LOIC (Low Orbit Ion Cannon) in JavaScript format to send out a large number of network packets directly from the browser in order to perform a DDoS attack on a particular domain. When the user runs this application, the content of the URL is displayed in a browser, while the hidden JavaScript carries out a DDoS attack in the background [7]. As this application just directs the user to a particular URL, these kinds of applications or tools demand more attention in the automated detection process. 

Tools. Monitoring tools like keyloggers may log the activity on the device including SMS messages, call details, network traffic, etc., for which they have been designed. The questions lie in the installation method (if they get installed without the user’s knowledge), and if they leak the logged information.

There could also be a scenario when the application masquerades as a legitimate application that requires root access, and behind the scenes it acts as an agent for other malware applications, e.g. to provide them with root access. Analysing these kinds of applications automatically requires a lot of extra effort and care, as the maliciousness of one application can only be identified within the context of another application’s malware behaviour.

Mobile handset manufacturers build in a few applications which the manufacturing company believes to be of interest to the user. These applications may have the functionality to intercept user data. One such example, Android.HTClogger, collected significant amounts of user information and stored the data within itself.  Even though these applications do not conduct any malpractice, there is a possibility that other malware applications could use this data.

Another interesting application of this kind, Mobile Tracker, comes inbuilt with the Samsung Dive that allows the owner to have control over the device through SMS, in case of it being lost or stolen. This application awaits a trigger from a predefined number or website from which it may intercept any incoming messages.

Some of the major problems in the automated detection process for Android threats are discussed above. Unfortunately automation may classify a PUA as malware, or may fail to classify a threat as malware, or may fail to flag a PUA if the thresholds are not hit. However, automation is not meant to be a 100% solution.

Mitigations

It goes without saying that the IT security industry always strives to protect the user from any threat, be it for computers or mobile phones. Automated detection systems would help protect users by flagging new variants of old threats, or even brand new threats, in a timely fashion. The pitfalls in this automated detection process have already been highlighted.

Fortunately, some of the static criteria used in the automated detection system can also contribute to whitelisting an Android application. There is an ongoing industry-wide effort to collate and store whitelist metadata (that could include inter alia checksum, signer’s name, capabilities, etc.,) for Android applications in a centralized location. AV vendors would then be able to query this central database to decide if an application is safe or not. This could allow AV vendors to be more aggressive with their detection criteria without increasing the risk of false positives.

In addition, mobile AV vendors could come up with a common set of rules to establish whether an application is a PUA or not. Doing so could reduce the level of ambiguity when attempting to categorise PUAs versus malware, and thus may minimize the complications posed by Android PUAs in the automated detection process.

Conclusion

The Android platform is here to stay. Given its mass user appeal for a variety reasons Android usage has shot through the roof. This provides an irresistible opportunity for malware authors and others who are ethically weak to milk Android users for monetary gain. They have grabbed this opportunity with glee.

As was the case for PC malware over the years, Android malware have evolved in number and diversity of functionality. There has even been a proliferation of Potentially Unwanted Applications for Android. The increasing number and severity of Android badware necessitates a robust AV industry response. AV vendors are likely to implement automated detection infrastructure based on static and dynamic rules, proactive protection, and cloud lookups with the aim to protect the Android user at the earliest. One gets a sense of déjà vu vis-a-vis the experience with PC malware.

PUAs are applications which sometimes have functionality or behaviour which push the boundaries between malware and not-malware, infuriating some users and complicating the process of detection, whether automated or proactive. This is because categorisation of PUAs is a subjective process, and the misclassification of a PUA as malware does not always go down too well with either the user or the software’s author.

Industry-wide collaborations to collate useful metadata on known clean Android applications, along with an agreed, consistent set of criteria to define PUAs could help in separating the wheat from the chaff, especially in the case of an automated detection system. Unfortunately, as opinions always differ, unearthing an Android app may yet remain a puzzle.

References:

[1]. Based on internal data 
[2]. http://www.symantec.com/connect/blogs/android-trojan-invades-akb48-elections-japan
[3]. http://www.securityweek.com/resilient-smszombie-infects-500000-android-users-china
[4]. http://www.securelist.com/en/blog/208193306/Android_malware_new_traps_for_users
[5]. http://www.pcworld.com/article/256922/researchers_find_ways_to_bypass_googles_
android_malware_scanner.html
[6]. http://www.dexlabs.org/blog/btdetect
[7]. http://blogs.mcafee.com/mcafee-labs/android-diy-dos-app-boosts-hacktivism-in-south-america

Images courtesy of:

vectorcast.com
expertslogin.com
puvidya.wordpress.com
careerrocketeer.com
bambicorso.co
ihackers.info
businessreviewindia.in
ehow.com
agilehelpline.com
yourhealthyourhome.com

V.Dhanalakshmi
Malware Analyst, K7TCL

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

http://blog.k7computing.com/feed/

This is the first part of a two-part blog based on my paper for AVAR 2012 that discusses the complications in automating the analysis of Android malware.

With increasing popularity comes the danger of threats. Android malware is growing at a massive rate in parallel with the rise in Android smartphone usage. Malware writers have been very successful in spreading Android malware by availing of the relatively weak registration and signing policy for third-party markets, and the official Android market as well.

The exponential rise of malware for the PC necessitated the incorporation of automated detection infrastructure, and one predicts the same requirements for Android malware. Via automation it is possible to make intelligent decisions on an Android application’s functionality to determine its status as good or bad, as performed by Google’s Bouncer, a behavioural decision-maker.

Unfortunately, recent studies show that, in similarity to the PC, Android adware applications can be found in the wild. These Android Potentially Unwanted Applications (aka PUAs), apart from being a nuisance to the smartphone user, would also complicate decision-making in the automated analysis of Android malware. There is little doubt that the number of Android PUAs will rise dramatically over time, and, like their PC counterparts, they will muddy the waters, introducing a lot of grey between the black and white. To decide if an application is a PUA or malware has never been so easy in the PC world since opinions can always differ.

This paper charts the rise of Android malware and Android PUAs. It describes the automated analysis of an Android application, focussing on the malware decision-making criteria, and discusses the difficulties in decision-making posed by Android PUAs.

Android Malware Growth 

There was an explosive increase in the number of Android malware till November 2011, and the numbers continue to grow. Malware authors have made good use of the third-party Android markets to spread far and wide, and have at times infiltrated even Google Play (formerly known as The Android Marketplace).

Fig. 1 below charts the rise in Android malware since November 2011 till the time of writing.

Fig. 1, Android Malware Growth [1]

Even though the chart above depicts a slight dip in-between, the mal-packages released in that period had no compromise on the severity of the data or monetary loss for the victim. There were major outbreaks as well that had a huge impact on Android mobile users. For example Android.MMarketPay places orders for items in China Mobile’s online market without the user’s knowledge, and is coded to manage the response from the online market, whether it be either SMS or Captcha. Another major outbreak, AndroidOS.Counterclank, that dropped a search icon to direct the user to a fake Google search page, had a big number of infection hits.

Focussing on improving the propagation methods, malware authors also started investing time in discovering new ways to spread their applications and to trick the user into installing their packages.

Studies show that most of the Android malware aim at monetary benefits and stealing the victim’s personal information. Interestingly, in recent times, there have been malware that avail of the route of targeted attacks [2], either a region or country, to achieve monetary benefits. For instance, the newly found, Android.SMSZombie, attacks Chinese users by exploiting a vulnerability in the mobile payment process of China Mobile [3]. The case of regional or targeted attacks implies that there could be several instances of malware world-wide which we do not even know about, therefore the real malware count could be somewhat higher than that shown in the Fig. 1 above.

In addition, the technique of polymorphism employed by the malware writers to create multiple variants of the same malware, contributes significantly to the rise in Android malware.

All these factors considered within the Android malware space, it is expected that the raw malware count would increase manifold in future.

Android Malware Growth by Trend 

As per Darwin’s “Survival of the Fittest”, even malware compete with one other in terms of the complexity of behaviour and detection-evasion techniques. Indeed, the behaviour of one malware family could interfere with that of another malware family. The lifecycle of any malware ends at the moment it is identified by security software. Bearing this in mind, malware authors engage new strategies to enter and compromise the user’s device.

Even though old-fashioned SMS Trojans still exist, Android malware can be seen to have evolved from the usual malware behaviour of sending out SMS messages. From several new malware behaviours the example of Android.Nickispy, found to record user conversations and send it to a remote C&C server, stands out.

Let us explore a few of the other notable behaviours of Android malware in the recent times:

Botnets. These malware applications will be controlled by a remote server through the issuance of commands. The latest malware of this kind, Android.Tigerbot, is controlled via SMS messages from a remote server. This mal-package checks if the SMS message is from the remote server even before the concerned service is aware of it. Thus the remote attacker is able to control the device.

Work as a Group. A single application drops two or more components from itself to accomplish the malware activity. A couple of examples are Trojan-Dropper.AndroidOS.Foncy.a and Android.OSSpy.

Fake Applications. As in the case of the Windows OS, Android malware too have been found to display fake scan results [4] with a link to websites that may host other malware applications or phish for the user’s personal information.

AV Killer. In recent times, there have been Android malware that search for the known existence of a running security software service and kill it to escape being detected. An instance of this is Android.UpdtKiller.

Image Modifiers. Some Android applications that are doing the rounds check for images in the SD card and modify them, exhausting the memory card with fewer but larger images.

Polymorphism.Android malware execute the concept of polymorphism by either modifying the data folder, changing the order of files, or adding files to the package that are in no way connected to the malware behaviour of the application. It is only a matter of time before the main binary malware components begin to incorporate junk content, including code within the execution chain.

Zitmo / Spitmo. This kind of malware, though seen earlier, is still highly dangerous, as they intrude on the online banking transactions of the user. By collecting the mTAN (mobile Transaction Authentication Number) that is being sent to the customer’s device from the bank, hackers can conduct money transactions on the victim’s account.

PUPs or PUAs. Also on patrol nowadays are applications with activities of dubious intent, e.g. displaying pop-ups, etc. These applications may be referred to as Potentially Unwanted Applications (PUAs) or Potentially Unwanted Programs (PUPs) given that certain users may not consider them to be undesirable. Decision making on this category of applications can be really complex and error-prone.

The evolution in the severity and malicious nature of Android malware bears a striking similarity with that of PC malware, but over a far shorter timeframe. It seems that one can predict the trends in Android malware by comparison with those of PC malware, including the proliferation of borderline PUAs and other “tools”. Thus it is possible to better prepare the security response to Android malware based on the lessons learned in the PC malware domain.

Automate?

During the early stages of computer insecurity, most of the threats were intended to deteriorate the computer. Later, however, malware writers shifted their focus from crashing the computer to attaining financial gain. At this point there was an enormous increase in the count of Trojans and spyware in the threat landscape over a period of time, which demanded automated detection systems to protect the users in a timely fashion. Similarly, Android malware at the initial stages were primitively aimed at sending out premium rated SMS, but now they involve behaviours like stealing user’s personal information, redirecting messages from banks, drive by downloads, zombies, and so on.

Within a short span of time, Android malware behaviour have progressed quickly whereas computer malware took a considerable time period to evolve their functionality. Studies on Android mobile security reveal that the number and variety of Android threats is increasing year on year, and the same is expected to continue in future. Despite the user’s awareness about Android malware, the number of infections continues to increase unabated. This alarming situation drives the need to automate the detection of Android threats for quick response. There is also an emphasis on the need for proactive protection for Android malware. It ultimately becomes the responsibility of security software to protect the user by providing the right solutions at the right time.

                                                                                                                                               To be continued…

Images courtesy of:

kleinconsult.net
lovingspirituality.com
thegeeksclub.com
rgbstock.com

V.Dhanalakshmi
Malware Analyst, K7TCL

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

http://blog.k7computing.com/feed/

Let’s wake up and smell the coffee.

There have been several security write-ups about the recent 0-day java vulnerability CVE-2012-4681. Oracle itself only issued a bulletin recently, but the vulnerability has been right royally exploited in the wild by cyber criminals in Russia and China (well, no surprises there).

It has been a turbulent week or so, with the same exploit code first being used in a targeted attack, and later being commercially incorporated in bog standard exploit kits. Indeed, a fair amount of bad news.

Fortunately, Oracle has now provided the security update to patch the vulnerability. We recommend applying this ASAP if you are running java. Note, however, that K7′s Carnivore technology was already blocking attempts to exploit CVE-2012-4681, right from day zero. Further more, many of the known bad URLs were already blocked by K7′s SiteBlocker, generics playing a part. Finally, the exploit JARs and the associated binaries have been tackled in a proactive fashion. This means the K7 fortress around the user has kept things safe and secure.

Image courtesy of timeoutbeirut.com

Samir Mody
Senior Manager, K7TCL

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:
http://blog.k7computing.com/feed

A few months back we had blogged about how the FBI had extended the deadline for turning off the rogue DNS servers it had taken control of. Lo and behold! that dead line has finally arrived.

Given the amount of grace period that was provided before putting these servers down, one would assume that the infected PCs would have been cleaned up by now. However, according to the DNS Changer Working Group, a worrying number of PCs still have their DNS entries pointing to the malicious servers.

Our customers need not worry though, for K7 products already have the functionality to diagnose these rogue DNS IP addresses, and replace them with known good ones.

Lokesh Kumar
K7TCL

Image Courtesy: http://www.dns-ok.us

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:
http://blog.k7computing.com/feed

Zero-Access is one of the more prevalent and sophisticated pieces of malware observed in recent times. Similar to other malware in its class, it is able to infect both 32-bit and 64-bit Windows operating systems with kernel mode root-kit components.

Recently it has become apparent that Zero-Access evolved, some would call it ‘regressed’, from a kernel mode root-kit into a user mode patcher. Closer inspection reveals that this latest version infects Microsoft’s Service Control Manager (services.exe) on 64-bit systems. Strangely, the original host bytes don’t appear to be stored in the patched executable, making disinfection non-trivial. Given the importance of the OS application affected, it is advisable to replace the infected binary with an exact copy of the original file. Please note that restoration of the file is best left to the experts.

Distribution methods for Zero-Access include both social engineering tactics & drive-by-downloads. It pretends to be software updates using file names like [Removed]_update_for_Win.exe or pornographic material using file names like animal_[Removed].avi.exe, to lure its potential victims.

K7 security products not only prevents access to the malicious URLs involved in spreading this malware, but also pro-actively detects components of this malware in real time.

Lokesh Kumar/Samir Mody
K7 TCL

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

http://blog.k7computing.com/feed

“Dhina Thanthi”, “Daily Telegraph” in English, is a popular Tamil newspaper that has its online service on the domain dailythanthi.com. This site has been compromised.

A page hosting model/practice question papers, to aid the students who are to take up their board examinations in the state of Tamil Nadu, has been infected with a JavaScript that in turn loads a BlackHole Exploit. This exploits a cocktail of vulnerabilities across Windows, Java and some Adobe products, etc.

The page contains a JavaScript that in turn contacts the exploit server.

Above are network captures of dailythanthi site connecting to exploit server.

The script was unpacked, thanks to JSUnpack, and we are able to see the iframe that leads to the exploit server.

These servers haven’t been updated as of late, hence there wasn’t any infection to be acquired. But the daily thanthi site still remains compromised.

There are several such domain names hosted on a single IP.

Note the “robots.txt” in the above screenshot of the exploit server’s domain directory. This is to bypass any search bots that might stumble upon this domain from indexing it.

As for K7 users keeping your site blocker up to date would keep you at bay from threats such as this.

When the administrator of the domain from the WhoIs records was contacted we received a mailer-daemon. We then contacted the administrators of the company (interpressindia.com) that maintains the dailythanthi.com site, again it was a mailer-daemon.

As a foot note, if you were wondering what the blog title meant, it is BlackHole written in Morse code.

Kaarthik
K7 TCL

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:
http://blog.k7computing.com/feed

K7TCL is proud to announce that our partnership with VirusTotal has just become stronger. Our file scanner has been on VT for ages, but we have just recently included our URL-scanning capabilities on the VirusTotal site.

We would like to take this opportunity to commend the guys at VT for their diligent work, and we very much look forward to continuing to foster our relationship with them.

Samir Mody/Lokesh Kumar
K7TCL

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

http://blog.k7computing.com/feed

In tales of yore, circa 2007, DNSChanger malware, which modify certain network settings to point to a rogue server, were as prevalent as the Stegosaurus. Fast forward almost four years, to the present day, their legacy still remains. They say the FBI, having discovered the rogue DNS servers, decided to clean them up and allow them to serve the public good. That is, only until the 8th of March, 2012.

According to much hyped reports in recent weeks, the 8th of March was to be the day the internet died, as the FBI would have been forced to lay to rest those servants of the public weal. If you are still reading this post then your computer didn’t fall victim to the supposed blackout. There are at least two possible reasons for this:

• The FBI has an extension on the deadline. Apparently the dreaded Death Of Internet Day (DOID) has been postponed to the 9th of July, 2012
• Lo and behold, you are not infected with DNSChanger malware and never have been

If you have been a K7 customer for a while, point 2 applies to you. Just to be on the safe side, K7 Security products sniffs for the erstwhile rogue DNS entries and snuffs them out if found, thereby ensuring that our brand new customers too are free from DOID.

Samir Mody/Lokesh Kumar
K7TCL

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

http://blog.k7computing.com/feed