Monday, August 27, 2007

For those of you Bush haters let me refresh your memory about the real criminal and liar in the White House; X42:


The Progressive Review

This list was compiled at the end of the Clinton administration. It was last partially updated in 2000

Our Clinton Scandal Index

The Clintons, to adapt a line from Dr. Johnson, were not only corrupt, they were the cause of corruption in others. Yet seldom in America have so many come to excuse so much mendacity and malfeasance as during the Clinton years. Here are some of the facts that have been buried.

RECORDS SET

- The only president ever impeached on grounds of personal malfeasance
- Most number of convictions and guilty pleas by friends and associates*
- Most number of cabinet officials to come under criminal investigation
- Most number of witnesses to flee country or refuse to testify
- Most number of witnesses to die suddenly
- First president sued for sexual harassment.
- First president accused of rape.
- First first lady to come under criminal investigation
- Largest criminal plea agreement in an illegal campaign contribution case
- First president to establish a legal defense fund.
- First president to be held in contempt of court
- Greatest amount of illegal campaign contributions
- Greatest amount of illegal campaign contributions from abroad
- First president disbarred from the US Supreme Court and a state court

* According to our best information, 40 government officials were indicted or convicted in the wake of Watergate. A reader computes that there was a total of 31 Reagan era convictions, including 14 because of Iran-Contra and 16 in the Department of Housing & Urban Development scandal. 47 individuals and businesses associated with the Clinton machine were convicted of or pleaded guilty to crimes with 33 of these occurring during the Clinton administration itself. There were in addition 61 indictments or misdemeanor charges. 14 persons were imprisoned. A key difference between the Clinton story and earlier ones was the number of criminals with whom he was associated before entering the White House.

Using a far looser standard that included resignations, David R. Simon and D. Stanley Eitzen in Elite Deviance, say that 138 appointees of the Reagan administration either resigned under an ethical cloud or were criminally indicted. Curiously Haynes Johnson uses the same figure but with a different standard in “Sleep-Walking Through History: America in the Reagan Years: “By the end of his term, 138 administration officials had been convicted, had been indicted, or had been the subject of official investigations for official misconduct and/or criminal violations. In terms of number of officials involved, the record of his administration was the worst ever.”

STARR-RAY INVESTIGATION

- Number of Starr-Ray investigation convictions or guilty pleas (including one governor, one associate attorney general and two Clinton business partners): 14
- Number of Clinton Cabinet members who came under criminal investigation: 5
- Number of Reagan cabinet members who came under criminal investigation: 4
- Number of top officials jailed in the Teapot Dome Scandal: 3

CRIME STATS

- Number of individuals and businesses associated with the Clinton machine who have been convicted of or pleaded guilty to crimes: 47
- Number of these convictions during Clinton’s presidency: 33
- Number of indictments/misdemeanor charges: 61
- Number of congressional witnesses who have pleaded the Fifth Amendment, fled the country to avoid testifying, or (in the case of foreign witnesses) refused to be interviewed: 122

SMALTZ INVESTIGATION

- Guilty pleas and convictions obtained by Donald Smaltz in cases involving charges of bribery and fraud against former Agriculture Secretary Mike Espy and associated individuals and businesses: 15
- Acquitted or overturned cases (including Espy): 6
- Fines and penalties assessed: $11.5 million
- Amount Tyson Food paid in fines and court costs: $6 million

CAMPAIGN FINANCE INVESTIGATION

- As of June 2000, the Justice Department listed 25 people indicted and 19 convicted because of the 1996 Clinton-Gore fundraising scandals.
- According to the House Committee on Government Reform in September 2000, 79 House and Senate witnesses asserted the Fifth Amendment in the course of investigations into Gore’s last fundraising campaign.
-James Riady entered a plea agreement to pay an $8.5 million fine for campaign finance crimes. This was a record under campaign finance laws.

CLINTON MACHINE CRIMES FOR WHICH CONVICTIONS WERE OBTAINED

Drug trafficking (3), racketeering, extortion, bribery (4), tax evasion, kickbacks, embezzlement (2), fraud (12), conspiracy (5), fraudulent loans, illegal gifts (1), illegal campaign contributions (5), money laundering (6), perjury, obstruction of justice.

HISTORICAL CONTEXT

- Number of independent counsel inquiries since the 1978 law was passed: 19
- Number that have produced indictments: 7
- Number that produced more convictions than the Starr investigation: 1
- Median length of investigations that led to convictions: 44 months
- Length of Starr-Ray investigation: 69 months.
- Total cost of the Starr investigation (3/00) $52 million
- Total cost of the Iran-Contra investigation: $48.5 million
- Total cost to taxpayers of the Madison Guarantee failure: $73 million

OTHER MATTERS INVESTIGATED BY SPECIAL PROSECUTORS AND CONGRESS, OR REPORTED IN THE MEDIA

Bank and mail fraud, violations of campaign finance laws, illegal foreign campaign funding, improper exports of sensitive technology, physical violence and threats of violence, solicitation of perjury, intimidation of witnesses, bribery of witnesses, attempted intimidation of prosecutors, perjury before congressional committees, lying in statements to federal investigators and regulatory officials, flight of witnesses, obstruction of justice, bribery of cabinet members, real estate fraud, tax fraud, drug trafficking, failure to investigate drug trafficking, bribery of state officials, use of state police for personal purposes, exchange of promotions or benefits for sexual favors, using state police to provide false court testimony, laundering of drug money through a state agency, false reports by medical examiners and others investigating suspicious deaths, the firing of the RTC and FBI director when these agencies were investigating Clinton and his associates, failure to conduct autopsies in suspicious deaths, providing jobs in return for silence by witnesses, drug abuse, improper acquisition and use of 900 FBI files, improper futures trading, murder, sexual abuse of employees, false testimony before a federal judge, shredding of documents, withholding and concealment of subpoenaed documents, fabricated charges against (and improper firing of) White House employees, inviting drug traffickers, foreign agents and participants in organized crime to the White House.

ARKANSAS ALTZHEIMER’S

Number of times that Clinton figures who testified in court or before Congress said that they didn’t remember, didn’t know, or something similar.

Bill Kennedy 116
Harold Ickes 148
Ricki Seidman 160
Bruce Lindsey 161
Bill Burton 191
Mark Gearan 221
Mack McLarty 233
Neil Egglseston 250
Hillary Clinton 250
John Podesta 264
Jennifer O’Connor 343
Dwight Holton 348
Patsy Thomasson 420
Jeff Eller 697

FROM THE WASHINGTON TIMES: In the portions of President Clinton’s Jan. 17 deposition that have been made public in the Paula Jones case, his memory failed him 267 times. This is a list of his answers and how many times he gave each one.

I don’t remember - 71
I don’t know - 62
I’m not sure - 17
I have no idea - 10
I don’t believe so - 9
I don’t recall - 8
I don’t think so - 8
I don’t have any specific recollection - 6
I have no recollection - 4
Not to my knowledge - 4
I just don’t remember - 4
I don’t believe - 4
I have no specific recollection - 3
I might have - 3
I don’t have any recollection of that - 2 I don’t have a specific memory - 2
I don’t have any memory of that - 2
I just can’t say - 2
I have no direct knowledge of that - 2
I don’t have any idea - 2
Not that I recall - 2
I don’t believe I did - 2
I can’t remember - 2
I can’t say - 2
I do not remember doing so - 2
Not that I remember - 2
I’m not aware - 1
I honestly don’t know - 1
I don’t believe that I did - 1
I’m fairly sure - 1
I have no other recollection - 1
I’m not positive - 1
I certainly don’t think so - 1
I don’t really remember - 1
I would have no way of remembering that - 1
That’s what I believe happened - 1
To my knowledge, no - 1
To the best of my knowledge - 1
To the best of my memory - 1
I honestly don’t recall - 1
I honestly don’t remember - 1
That’s all I know - 1
I don’t have an independent recollection of that - 1
I don’t actually have an independent memory of that - 1
As far as I know - 1
I don’t believe I ever did that - 1
That’s all I know about that - 1
I’m just not sure - 1
Nothing that I remember - 1
I simply don’t know - 1
I would have no idea - 1
I don’t know anything about that - 1
I don’t have any direct knowledge of that - 1
I just don’t know - 1
I really don’t know - 1
I can’t deny that, I just — I have no memory of that at all - 1

ARKANSAS SUDDEN DEATH SYNDROME

- Number of persons in the Clinton machine orbit who are alleged to have committed suicide: 9
- Number known to have been murdered: 12
- Number who died in plane crashes: 6
- Number who died in single car automobile accidents: 3
- Number of one-person sking fatalities: 1
- Number of key witnesses who have died of heart attacks while in federal custody under questionable circumstances: 1
- Number of unexplained deaths: 4
- Total suspicious deaths: 46
- Number of northern Mafia killings during peak years of 1968-78: 30
- Number of Dixie Mafia killings during same period: 156

It is important in considering these fatal incidents to bear in mind the following:

The fact that anomalies need to be investigated further carries no presumption of how a death actually occurred, only that there remain serious questions that require answers.

The possibility of foul play must be taken seriously in a major criminal conspiracy in which over two score individuals and firms have been convicted and over 100 witnesses have pled the Fifth Amendment or fled the country.

If foul play did occur in any of these cases, that fact by itself does not carry the presumption that the the Clinton machine was involved. Given the footprints of organized crime, drug trade, foreign espionage, and intelligence agencies on the trail of the Clinton story, such a assumption would not be warranted. It is also well to keep in mind the classic prohibition era movie in which the corrupt poitician’s job was not to engage in illegal acts but to avoid noticing them.
ARKANSAS MONEY MANAGEMENT

- Amount of an alleged electronic transfer from the Arkansas Development Financial Authority to a bank in the Cayman Islands during 1980s: $50 million
- Grand Cayman’s population: 18,000
- Number of commercial banks: 570
- Number of bank regulators: 1
- Amount Arkansas state pension fund invested in high-risk repos in the mid-80s in one purchase in April 1985: $52 million through the Worthen Bank.
- Number of days thereafter that the state’s brokerage firm went belly up: 3
- Amount Arkansas pension fund dropped overnight as a result: 15%
- Percent of Worthen bank that Mochtar Riady bought over the next four months to bail out the bank and the then governor, Bill Clinton: 40%.
- Percent of purchasers from the Clintons and McDougals of resort lots who lost the land because of the sleazy financing provisions: over 50%

THE MEDIA

- Number of journalists covering Whitewater who have been fired, transferred off the beat, resigned or otherwise gotten into trouble because of their work on the scandals (Doug Frantz, Jim Wooten, Richard Behar, Christopher Ruddy, Michael Isikoff, David Eisenstadt, Yinh Chan, Jonathan Broder, James R. Norman, Zoh Hieronimus): 10

FRIENDS OF BILL

- Number of times John Huang took the 5th Amendment in answer to questions during a Judicial Watch deposition: 1,000
- Visits made to the White House by investigation subjects Johnny Chung, James Riady, John Huang, and Charlie Trie. 160
- Number of campaign contributors who got overnights at the White House in the two years before the 1996 election: 577
- Number of members of Thomas Boggs’s law firm who have held top positions in the Clinton administration. 18
- Number of times John Huang was briefed by CIA: 37
- Number of calls Huang made from Commerce Department to Lippo banks: 261
- Number of intelligence reports Huang read while at Commerce Department: 500

UNEXPLAINED PHENOMENA

- FBI files misappropriated by the White House: c. 900
- Estimated number of witnesses quoted in FBI files misappropriated by the White House: 18,000
- Number of witnesses who developed medical problems at critical points in Clinton scandals investigation (Tucker, Hale, both McDougals, Lindsey): 5
- Problem areas listed in a memo by Clinton’s own lawyer in preparation for the president’s defense: 40
- Number of witnesses and critics of Clinton subjected to IRS audit: 45
- Number of names placed in a White House secret database without the knowledge of those named: c. 200,000
- Number of women involved with Clinton who claim to have been physically threatened (Sally Perdue, Gennifer Flowers, Kathleen Willey, Linda Tripp, Elizabeth Ward Gracen, Juantia Broaddrick): 6
- Number of men involved in the Clinton scandals who have been beaten up or claimed to have been intimidated: 10

THE HIDDEN ELECTION

USA Today calls it “the hidden election,” in which nearly 7,000 state legislative seats are decided with only minimal media and public attention. But there was an important national story here: evidence of the disaster that Bill Clinton was for the Democratic Party. According to the National Conference of State Legislatures, Democrats held a 1,542 seat lead in the state bodies in 1990. As of 1998 that lead had shrunk to 288. That’s a loss of over 1,200 state legislative seats, nearly all of them under Clinton. Across the US, the Democrats controled only 65 more state senate seats than the Republicans.

Further, in 1992, the Democrats controlled 17 more state legislatures than the Republicans. After 1998, the Republicans controlled one more than the Democrats. Not only was this a loss of 9 legislatures under Clinton, but it was the first time since 1954 that the GOP had controlled more state legislatures than the Democrats (they tied in 1968).

Here’s what happened to the Democrats under Clinton, based on our latest figures:

- GOP seats gained in House since Clinton became president: 48
- GOP seats gained in Senate since Clinton became president: 8
- GOP governorships gained since Clinton became president: 11
- GOP state legislative seats gained since Clinton became president: 1,254
as of 1998
- State legislatures taken over by GOP since Clinton became president: 9
- Democrat officeholders who have become Republicans since Clinton became
president: 439 as of 1998
- Republican officeholders who have become Democrats since Clinton became president: 3

THE CLINTON LEGACY: LONELY VOICES

Here are some of the all too rare public officials, reporters, and others who spoke truth to the dismally corrupt power of Bill and Hill Clinton’s political machine — some at risk to their careers, others at risk to their lives. A few points to note:

- Those corporatist media reporters who attempted to report the story often found themselves muzzled; some even lost their jobs. The only major dailies that consistently handled the story well were the Wall Street Journal and the Washington Times.

- Nobody on this list has gotten rich and many you may not have even heard of. Taking on the Clintons typically has not been a happy or rewarding experience. At least ten reporters were fired, transferred off their beats, resigned, or otherwise got into trouble because of their work on the scandals.

- Contrary to the popular impression, the politics of those listed ranges from the left to the right, and from the ideological to the independent.

PUBLIC OFFICIALS

MIGUEL RODRIGUEZ was a prosecutor on the staff of Kenneth Starr. His attempts to uncover the truth in the Vincent Foster death case were repeatedly foiled and he was the subject of planted stories undermining his credibility and implying that he was unstable. Rodriguez eventually resigned.

JEAN DUFFEY: Head of a joint federal-county drug task force in Arkansas. Her first instructions from her boss: “Jean, you are not to use the drug task force to investigate any public official.” Duffey’s work, however, led deep into the heart of the Dixie Mafia, including members of the Clinton machine and the investigation of the so-called “train deaths.” Ambrose Evans-Pritchard reports that when she produced a star witness who could testify to Clinton’s involvement with cocaine, the local prosecuting attorney, Dan Harmon issued a subpoena for all the task force records, including “the incriminating files on his own activities. If Duffey had complied it would have exposed 30 witnesses and her confidential informants to violent retributions. She refused.” Harmon issued a warrant for her arrest and friendly cops told her that there was a $50,000 price on her head. She eventually fled to Texas. The once-untouchable Harmon was later convicted of racketeering, extortion and drug dealing.

BILL DUNCAN: An IRS investigator in Arkansas who drafted some 30 federal indictments of Arkansas figures on money laundering and other charges. Clinton biographer Roger Morris quotes a source who reviewed the evidence: “Those indictments were a real slam dunk if there ever was one.” The cases were suppressed, many in the name of “national security.” Duncan was never called to testify. Other IRS agents and state police disavowed Duncan and turned on him. Said one source, “Somebody outside ordered it shut down and the walls went up.”

RUSSELL WELCH: An Arkansas state police detective working with Duncan. Welch developed a 35-volume, 3,000 page archive on drug and money laundering operations at Mena. His investigation was so compromised that a high state police official even let one of the targets of the probe look through the file. At one point, Welch was sprayed in the face with poison, later identified by the Center for Disease Control as anthrax. He would write in his diary, “I feel like I live in Russia, waiting for the secret police to pounce down. A government has gotten out of control. Men find themselves in positions of power and suddenly crimes become legal.” Welch is no longer with the state police.

DAN SMALTZ: Smaltz did an outstanding job investigating and prosecuting charges involving illegal payoffs to Agriculture Secretary Mike Espy, yet was treated with disparaging and highly inaccurate reporting by the likes of the David Broder and the NY Times. Espy was acquitted under a law that made it necessary to not only prove that he accepted gratuities but that he did something specific in return. On the other hand, Tyson Foods copped a plea in the same case, paying $6 million in fines and serving four years’ probation. The charge: that Tyson had illegally offered Espy $12,000 in airplane rides, football tickets and other payoffs. In the Espy investigation, Smaltz obtained 15 convictions and collected over $11 million in fines and civil penalties. Offenses for which convictions were obtained included false statements, concealing money from prohibited sources, illegal gratuities, illegal contributions, falsifying records, interstate transportation of stolen property, money laundering, and illegal receipt of USDA subsidies. In addition, Janet Reno blocked Smaltz from pursuing leads aimed at allegations of major drug trafficking in Arkansas and payoffs to the then governor of the state, WJ Clinton. Espy had become Ag secretary only after being flown to Arkansas to get the approval of chicken king Don Tyson.

DAVID SCHIPPERS was House impeachment counsel and a Chicago Democrat. He did a highly creditable job but since he didn’t fit the right-wing conspiracy theory, the Clintonista media downplayed his work. Thus most Americans don’t know that he told Newsmax, “Let me tell you, if we had a chance to put on a case, I would have put live witnesses before the committee. But the House leadership, and I’m not talking about Henry Hyde, they just killed us as far as time was concerned. I begged them to let me take it into this year. Then I screamed for witnesses before the Senate. But there was nothing anybody could do to get those Senators to show any courage. They told us essentially, you’re not going to get 67 votes so why are you wasting our time.” Schippers also said that while a number of representatives had looked at additional evidence kept under seal in a nearby House building, not a single senator did.

JOHN CLARKE: When Patrick Knowlton stopped to relieve himself in Ft. Marcy Park 70 minutes before the discovery of Vince Foster’s body, he saw things that got him into deep trouble. His interview statements were falsified and prior to testifying he claims he was overtly harassed by more than a score of men in a classic witness intimidation technique. In some cases there were witnesses. John Clarke was his dogged lawyer in the witness intimidation case that was largely ignored by the media, even when the three-judge panel overseeing the Starr investigation permitted Knowlton to append a 20 page addendum to the Starr Report.

OTHER

THE ARKANSAS COMMITTEE: What would later be known as the Vast Right Wing Conspiracy actually began on the left - as a group of progressive students at the University of Arkansas had formed the Arkansas Committee to look into Mena, drugs, money laundering, and Arkansas politics. This committee was the source of some of the important early Clinton stories including those published in the Progressive Review.

CLINTON ADMINISTRATION SCANDALS E-LIST: Moderated by Ray Heizer, this list was subject to all the idiosyncrasies of Internet bulletin boards, but nonetheless proved invaluable to researchers and journalists.

JOURNALISTS

JERRY SEPER of the Washington Times was far and away the best beat reporter of the story, handling it week after week in the best tradition of investigative journalism. If other reporters had followed Seper’s lead, the history of the Clintons’ machine might have been quite different.

AMBROSE EVANS-PRITCHARD of the London Telegraph did a remarkable job of digging into some of the seamiest tales from Arkansas and the Clinton past. Other early arrivals on the scene were Alexander Cockburn and Jeff Gerth.

CHRISTOPHER RUDDY, among other fine reports on the Clinton scandals, did the best job laying out the facts in the Vince Foster death case.

ROGER MORRIS AND SALLY DENTON wrote a major expose of events at Mena, but at the last moment the Washington Post’s brass ordered the story killed. It was published by Penthouse and later included in Morris’ “Partners in Power,” the best biography of the Clintons.

OTHERS who helped get parts of the story out included reporters Philip Weiss, Carl Limbacher, Wes Phelan, David Bresnahan, William Sammon, Liza Myers, Mara Leveritt, Matt Drudge, Jim Ridgeway, Nat Hentoff, Michael Isikoff, Christopher Hitchens and Michael Kelly. Also independent investigator Hugh Sprunt and former White House FBI agent Gary Aldrich.

SAM SMITH of the Progressive Review wrote the first book (Shadows of Hope, University of Indiana Press, 1994) deconstructing the Clinton myth. The Review provided extensive coverage of the topic.

Friday, August 17, 2007

THREAT MONITOR
Finding malware on your Windows box (using the command line)

Ed Skoudis
08.16.2007
Rating: -4.62- (out of 5)


RSS FEEDS: Threat Monitor
Add to Google

I hope that headline doesn't scare you. A lot of people shun the Windows command line in favor of more complicated graphical user interfaces. But when it comes to investigating malware infections, various command-line tools can be incredibly helpful, since GUI-based tools can't always do the job.

Listen to Ed Skoudis's tip
Download Ed's command line tricks to your PC or favorite MP3 player.

First off, invoke a command prompt. Go to Start --> Run and type in 'cmd.exe.' Putting '.exe' at the end of the entry is important; it is a far safer way of bringing up a command prompt. To trick users, a malicious program might purposely be called 'cmd.com,' and in such a case, the malware would run if just 'cmd' were typed. Thus, go ahead and type 'cmd.exe' instead.

'netstat'
Next, with a command prompt going, run the netstat command and take a gander at the listening ports on your systems. A lot of people know that 'netstat –na' can provide a list of TCP and UDP ports on the machine. Adding an 'o' to the command arguments can reveal the process ID of each process using a port. And, starting with XP SP2, an added 'b' flag will show the EXE name using each port, along with the dynamic link libraries (DLLs) that it has loaded to communicate with the network. Beware of the 'b,' however. The function can chew up some serious CPU time, tying up between 60% and 100% of your processor for up to a minute.

But, wait, there is more. Suppose you want to look at port usage and see how it changes over time. Adding a space and then an integer to that netstat command, as in "netstat –nao 1", will run the command with a frequency equivalent to the integer, in this case, for every one second. The display will be dumped on the screen continuously, as shown below.

[NAO]

For more information
In our Intrusion Defense School, learn other ways to catch Windows malware.

How good is Windows Vista virus protection? Peter H. Gregory explains.

Learn how certain antimalware tools use the command line to update on demand.

Of course, to sift for malware that uses TCP and UDP ports, you need an idea of what a system's normal port usage should be. To research the ports that are in use on a box, try searching for specific ports in Google. Also, Microsoft has a list of common ports that are used by both Windows clients and servers . You can also research ports associated with both Microsoft and third-party applications, as well as official port assignment lists.

If an unusual TCP or UDP port is found to be in use, you might want to do a Google search. Use a "site:" directive that is associated with an antivirus company like Symantec, Sophos, or McAfee. The sites may have a write-up about malware that uses the given port. Here's an example of a helpful search query:

site:symantec.com tcp port 4444.

'reg'
A write-up from the antivirus vendor may give further insight into any registry keys that the malware may have altered. To query these registry keys at the command line, use the reg command. Even if the antivirus Web site doesn't provide any registry keys to look for, you may want to research the most common registry keys altered by malware: keys associated with system startup and user logon. Commonly known as the "run" registry keys, the reg command can help display their values at the command line. Please note that a lot of legitimate software activates itself using these keys. After running the command, you will discover items under these registry keys. Again, a few Google searches for what is displayed will help separate legitimate settings from malware.

C:\> reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run
C:\> reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Runonce
C:\> reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Runonce

I'd recommend running the commands an additional time, replacing HKLM with HKCU. The substitution will find user-centric auto-start registry keys, instead of just the system-wide settings under HKLM.

'dir'
It's also smart to check out the autostart folder for any unexpected programs starting from there. Run the familiar old dir command, using /A to display files with or without any attributes set, as well as hidden and unhidden files.

C:\> dir /A "C:\Documents and Settings\All Users\Start Menu\Programs\Startup"

'net users' and 'localgroup administrators'
Some malware adds an account to the local machine. Therefore, it's important to run the command 'net users,' which checks for accounts defined on the system. Also, because some bots add an account to the local administrators group, make sure to run "localgroup administrators," which should check out this particular group's membership. Do you know all of the people in your administrators group? The figure below shows some sample output.

[localadministrators]

'tasklist /svc'
There is one more vital area to analyze: running processes. On Windows XP Professional, the tasklist command can provide a wealth of information. By itself, it shows running processes, their process ID numbers and memory usage. But running 'tasklist /svc' reveals all of the services running out of each process, as shown below. This provides more to search for when researching whether the investigated system may be infected with evil programs. In particular, the svchost.exe processes are usually quite busy, running many services. Spyware sometimes inserts additional services into these processes or others to monitor or control a machine surreptitiously.

[tasklist]

In the end, this handful of commands can provide deeper insight into the configuration of a Windows machine. But practice makes perfect. Spend time analyzing clean systems, so that you grow familiar with what is on a "normal" Windows machine. Then, you can become more sensitive to the weird stuff that malware may inject. With some preparation and practice, command-line skills will significantly improve your understanding of Windows machines and prepare you to battle boldly in the fight against malware.

About the author:
Ed Skoudis is a SANS instructor and a founder and senior security consultant with Intelguardians, a Washington, DC-based information security consulting firm. His expertise includes hacker attacks and defenses, the information security industry and computer privacy issues. In addition to Counter Hack Reloaded, Ed is also the author of Malware: Fighting Malicious Code. He was also awarded 2004, 2005 and 2006 Microsoft MVP awards for Windows Server Security, and is an alumnus of the Honeynet Project. As an expert on SearchSecurity.com, Ed answers your questions related to information security threats.

Rate this Tip
To rate tips, you must be a member of searchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




Share - Digg This! Bookmark with Delicious Bookmark with Del.icio.us

RELATED CONTENT
Threat Monitor
Metamorphic malware sets new standard in antivirus evasion
Investigating logic bomb attacks and their explosive effects
Mergers and acquisitions: Building up security after an M&A
Unified communications infrastructure threats and defense strategies
Finding and blocking Web application server attack vectors
Employee profiling: A proactive defense against insider threats
Reputation systems gaining credibility in fight against spam
Polymorphic viruses call for new antimalware defenses
Plentiful VoIP exploits demand careful consideration
The security risks of Google Notebook

Viruses, Worms and Other Malware
Metamorphic malware sets new standard in antivirus evasion
Discovery of malware cesspool triggers attack fears
Is it possible to detect today's peer-to-peer (P2P) botnets?
Does SMS spoofing require as much effort as email spoofing?
Can an antivirus program's behavior-based functions be judged?
Information security book excerpts and reviews
Using VMware for malware analysis
ClamAV clamps down on e-mail security
Symantec plugs dangerous flaw in Norton security software
When signature based antivirus isn't enough

Monitoring Network Traffic and Network Forensics
Black Hat 2007: Forensics software security holes revealed
Black Hat 2007: VoIP security reaches tipping point
What challenges arise when designing a logging mechanism for peer-to-peer networks?
Sourcefire, Nmap deal to open vulnerability scanning
Interop: Vendors update software, demonstrate new security features
Cisco fixes flaws in PIX, ASA appliances
Sourcefire expands strategy in effort to leverage its network real estate
Are rogue DHCP servers a serious network risk?
Snort creator, Sourcefire seek fresh approach
Which flaws allow users to bypass proxy servers?

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
bot worm (SearchSecurity.com)
cache poisoning (SearchSecurity.com)
directory traversal (SearchSecurity.com)
man in the browser (SearchSecurity.com)
Mytob (SearchSecurity.com)
polymorphic malware (SearchSecurity.com)
RavMonE virus (SearchSecurity.com)
RFID virus (SearchSecurity.com)
Rock Phish (SearchSecurity.com)
Zotob (SearchSecurity.com)