INTERNET!~ I knew it was the SD card, I knew it! The Vodafone bot vector analysis I mentioned earlier this month was correct. It’s over.

The infection of microSD cards for the HTC Magic with the Mariposa information-stealing client and other strains of malware was first reported after Vodafone Spain supplied a malware-infected Android phone to a Panda worker earlier this month. [From the register]

Users get new microSD cards. Yay, but at what cost did buying the $2 phone really bring? 3,000+ phones infecting every windows machine that they come in contact with, snap. I guess that means more you have to start using Linux or scan your new phones with a Linux machine first. Hey there’s a new service, phone virus removal…

I can get paranoid about my “local” security quite often and I am a big fan of open source software. I try to go open before anything, really. I had used clamwin for awhile but was interested in a more “active” anti-virus tool because clamwin is only on demand. That wasn’t enough for me; I know it can’t protect you from getting viruses. I looked up open source alternatives that had more aggressive/constant memory scanning protection that wouldn’t stop when I clicked close. I found Moon Secure and I have been installing it everywhere. Moon Secure is an enterprise level active anti-virus scanner for Microsoft Windows, that currently employs clamav scan engine and virus database. The best part about it is that it’s free! The UI isn’t fancy but it’s worth a try if you are sick of controlling n0rton or the buggy resource hogs like mcafee.

If using Windows 2000 and IIS 5.0, you need to disable socket pooling. Here is the Microsoft article for disabling socket pooling in IIS 6.

This info discusses how to change (force) which IP addresses that IIS listens too. There are several scenarios that this would fall into. Most people generally only need to separate services and IIS listens to all IP addresses by default, IP so errors will occur if multiple web servers are using port 80 on the same IP. Example: Your server has multiple IP addresses and you need to run a new apache wordpress blog site on a separate dedicated IP address then your .net survey e-commerce IIS site to avoid any conflicts. There are other options in this scenario if you only have one IP address on a server but also need to run more then one web server on a single box, but that’s a different post. Alternatively, I also address binding IIS to all addresses.

To do this, we first stop IIS from binding to all addresses and explicitly select which ones to use. Once we tell it this, the IP addresses will be free to use by other applications and services. If you’re using Windows XP, then you may need to install Windows XP Service Pack 2 Support Tool. If you’re using Windows 2003, then you don’t need to worry because it’s most likely installed.

1. Now we need to open a command prompt. The quickest way to open command prompt in windows is to press “windows key”+R, and then type cmd into the run dialog box. Then press enter…
2. Were going to use “httpcfg” to setup IIS. So type:
   

   httpcfg query iplisten

   That should return:

   IP                      : 0.0.0.0
   ——————————————————————————

3. The first change we make should delete the listening on all IP addresses, so lets do it:
   

   httpcfg delete iplisten -i 0.0.0.0

   If you typed everything correctly and the program likes it you should see:

   HttpDeleteServiceConfiguration completed with 0.

4. Now we assign the IP address(es) that you would like IIS to bind too:
   

   httcfg set iplisten -i 192.168.0.23

   and again for if we need multiple:

   httcfg set iplisten -i 192.168.0.24

5. Now we need to restart the http service so it will use the new configuration:
   

   net stop http

   and then:

   net start http

6. Now we really need to check IIS manager to make sure that the sites are working properly. If you find any sites that are offline (marked with a red X), make sure the site configuration is using one of the IP addresses you entered earlier or “(All Unassigned)”. If it isn’t set it to the new address and turn on the site.

After IIS restarts, it will only be listening to the IP addresses you told it to. You can now setup your other web services to use the unallocated IP addresses. If you are still experiencing issues after completing these steps, you may need to disable socket pooling.

Force IIS to bind (listen) to All IP Addresses

Make sure you have httpcfg, then do the following:

1. Open a command prompt. The quickest way to open command prompt in windows is to press “windows key”+R, and then type cmd into the run dialog box. Then press enter…
2. We need to check what the current assignment is:
   

   httpcfg query iplisten

   That should return something similar to this:

   IP : 192.168.0.23
   ——————————————————————————

3. We should delete the entry for any IP that isn’t 0.0.0.0, like this:
   

   httpcfg delete iplisten -i 192.168.0.23

4. Next, we assign 0.0.0.0 to iplisten. 0.0.0.0 tells IIS to assign to ALL IP addresses:
   

   httcfg set iplisten -i 0.0.0.0

5. Check the current configuration and make sure that 0.0.0.0 is the only assignment. If it isn’t, delete the other IP address(es) until it is:
   

   httpcfg query iplisten

   IP : 192.168.0.24
   ——————————————————————————
   IP : 0.0.0.0
   ——————————————————————————

   httpcfg delete iplisten -i 192.168.0.24

6. Now we need to restart the http service so it will use the new configuration:
   

   net stop http

   and then:

   net start http

IIS should now be listening to all IP addresses again.

I found these sites useful when I was collecting my information:
Prevent IIS from Binding to all Assigned IP Addresses
egghead cafe question
IIS wikipedia entry
Setting metabase property DisableSocketPooling has no effect