Technical Tidbits™

I half expected an announcement, but I was pleasantly surprised when I opened my Artisteer (#1 WordPress Theme Generator. Instantly create great looking and professional WordPress Themes).* software to find an update available.  They are now supporting WordPress 3.0! YEA!

I haven’t looked at it yet, but I’m sure it will be fantastic.

Our blog layout was designed using Artisteer software (as well as many custom designs for our clients) and I was so disappointed when they didn’t immediately support WP 3.0.  I upgraded my clients but I couldn’t update their theme to take full advantage of the new features in 3.0.

But alas, this is not a problem now!

I will be using the new Artisteer (#1 WordPress Theme Generator. Instantly create great looking and professional WordPress Themes).* today and I will let you know how well it works.  And, you’ll know it’s working well when you see our theme upgraded too! I’m so excited! (I know, it doesn’t take much!)

Oh, and I was so happy to see the new support, that I even upgraded my version of the software so I’m now able to design for Joomla, Drupal, DotNetNuke, and Blogger! Sweet!

*TIIM: The links in this post and on the right side of this blog are affiliate links. I so believe in this software (because I personally use it!) that I’ve joined the affiliate program!

This post will probably affect maybe 1% of our readership, but I felt it worthy of posting anyway.

I have been having problems for quite some time using HootSuite for my social networking in both Firefox and IE 8 browsers. I finally found that it worked best in IE8 if that was the only thing running. Meaning, I didn’t have other tabs open like I so often do with Firefox. And, I can run IE 8 with HooteSuite while having my Firefox open with all the tabs I want without interference.

This morning, I made an amazing discovery! I had HooteSuite running in my IE and I had opened Firefox to log in to my BlogTalk radio show. Panic set in!

BlogTalk radio would not load properly and even when I tried to call in to the switchboard, the phone call would not connect and my switchboard items became dimmed out.  (Now why the calling part would be related to the online switchboard I don’t know.) With less than 3 minutes to show time, I started panicking!

I don’t know what made me shut down IE and HootesSuite, but as soon as I did, I was able to connect to the BlogTalk radio switchboard and my call went through!

When I decided to write this post, I went back to each page – HooteSuite and BlogTalk Radio – and looked at the page sources to see what might be conflicting.

Both sites use JavaScript but I’ve never had a problem having multiple tabs open with JavaScripts running on each page. Even the most complex JavaScript doesn’t seem to be resource intensive by any means.

The problem appears to be Flash. I don’t know whether each of these sites are so Flash intensive that the browsers (both IE and Firefox) can’t handle it, or whether there is a conflict with the resources being used by each and the way the browsers manage it.

Even now as I type this post, I have the radio switchboard open in one tab and HooteSuite open in another and I’m getting a lag in the typing here in the WordPress blog tab.  It seems to happen when either HooteSuite is updating the tweets, or when BlogTalk radio refreshes the page for the advertising at the top. Which appears to be handled by JavaScript so I’m really confused!

Anyway, I wanted to put this out there so anyone who might be having a problem using HooteSuite might benefit from knowing that you may have to restrict using it with other resource intensive sites.  At least until we can upgrade to such a powerful computer that it won’t matter how resource intensive a web app is for the browser! (Where is an affordable terabyte processor when you need one? )

So, if you’ve been kicked out of our radio show chat or lost your sound during a show, make sure that you’re not running HooteSuite in the background while you’re listening to the show live. I bet you won’t experience any problems during the show!

BTW, I know that friend of the show, Charles Taggart, uses TweetDeck during the show and he has never reported being kicked out of the live chat nor losing sound. (Yes Charles, I’ve heard the chirps over our phone conversations! LOL) So, whatever the difference is between how TweetDeck and HooteSuite is programmed to work, is where the problem is.

And I’m not going to blame the browsers on this one! Are you surprised? (GRIN)

Over the weekend the roomie notifies me that not only did Trend Micro catch a few Trojan viruses, there appeared to be some malcode in his Firefox folder!

First, the Trend Micro results prompted the roomie to do a full Malwarebytes scan.  That turned up the interesting results shown below.

(Click to view full image)

Trend Micro had by this time quarantined or deleted some of the other files.  All were the same Trojan with variant extensions.

Notice in the image above, that the worm and Trojan agent are found in what is usually the “typical” installation of Firefox. If you install Firefox on a Windows computer, it will put Mozilla Firefox folder in the Program Files. But notice I also said, a “typical” installation of Firefox!

My roomie is aware of the dangers of the web. He’s no stranger to this stuff. (Wonder why?)  So, he NEVER installed his Firefox browser on his computer. Instead, he uses the Portable Apps version that is on his Flash Drive or USB stick.

It never was a typical installation – which may have been what saved his computer from a whole lot of damage!

The files that were found beneath this folder give me an indication that this was a theme or persona he tried out when the new Firefox was released.  The install.rdf resembles – somewhat – the typical install.rdf in a theme with some minor alterations to the file. (Please note: I’ve saved the original files as TEXT so you can see what I see.)

There were a few other files that I will need to open in another program to read as they are not text readable.  Not sure exactly what kind of code it is yet and frankly, it doesn’t look like it’s even English programming code.  But if anyone from Mozilla would like the files, I’ll be happy to turn them over to someone in that community or to any security researcher.

There was another strange code inside a folder which was structured like this: C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul.  As far as I can remember, I do not remember seeing a timer anything in Firefox files.

So, I opened that up in my text editor to find this:

This code led to a site that does not have a home page if you back out the extraneous stuff after the .com.  So, full security enabled, I went to the full link to be displayed a blank page. However, I right clicked on that page and saw that there was code beneath the blank white page.

This:

PLEASE DO NOT ACCESS THESE SITES ON YOUR OWN! I have a high level of security on my test machine and do not put my own private PC at risk.

I won’t get into the details of what the code does but suffice it to say that it’s really redirecting you to the site specified in the code.  And guess what Trend Micro says about that site?

Interesting that if you do a search on this website, it’s listed as everything from web search hijacker to a virus!

And it’s run by some shady characters.  Just look here – it’s safe – http://www.robtex.com/dns/mysearchcorp.com.html.

Okay, so we tracked down the bad guys. The point is how did this get into my roomie’s computer?

He was downloading and trying on different Themes and Persona’s.  And due to the fact that all the code points to a directory on his computer that should have never been created because he uses Firefox on his flash drive, AND the fact that it created an install.rdf and a few other files synonymous with a theme.  Plus the fact that the timer.xul has references to an “overlay” and a blacked out background makes me also suspicious.

When my roomie went back to Trend because we couldn’t see the network shared folder so he could pass on these files to me, it was discovered that all his Network Protocol entries under his firewall settings had been damaged or deleted. He had to uninstall and reinstall Trend Micro once again.  In all my years of working with Trend Micro, I’ve never seen anything take out the protocols under the firewall before! Very scary!

Lastly, he tells me that around this time, he may – or may not – have had his Trend Micro RUBotted trigger when he was visiting sites.  Bad sign!

Since many of the files were damaged or deleted in the scans, I can’t say with 100% certainty that this was a theme or persona. But I am saying BE CAREFUL in case it is a new attack vector. We’ve seen some Firefox add-ons removed due to their containing malware in the past. Did the jerks move to persona’s and themes next?