Softpanorama

May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Malware Defense History

by Dr. Nikolai Bezroukov.

Copyright: Dr. Nikolai Bezroukov 1994-2013. Unpublished notes. Version 0.80.October, 2013

Contents : Foreword : Ch01 : Ch02 : Ch03  : Ch04 : Ch05 : Ch06 : Ch07 : Ch08 : Ch09 : Ch10 : Ch11 : Ch12 : Ch13


Ch10: Remote Access Trojans and Zombie Networks

Rootkits


Introduction

Rootkits originated in Unix and were designed to allow an unauthorized person to gain access to the superuser or domain administrator's account and hide activities.

In Windows world a rootkit is a part of malware that provides stealth capabilities to other components of malware. In other words rootkit functionality provides the cover required to keep the malware hidden while the malware executes its payload

RATs and Data Stealing Trojans (DATs) must persist on a compromised computer for an extended period in order to be considered successful by the attacker because the purpose of much malware involves the theft of sensitive data or other abuse of resources, such as click-fraud.

They can be written for any operating system and any OS has vulnerabilities that can be exploited and ways to hide processes and files from common view.

Kernel level rootkits can be found if you boot from a clean system (for example Linux in case of infected Windows PC) mount the drive and compare set of drivers and other critical files with the "trusted" system.

Unix rootkits

Again, rootkit is an old technology that started decades ago in Unix worlds. At the beginning rootkit consisted mainly of a group of trojanised Unix utilities are designed to  replace the standard ones included with the OS. Those trojanized utilities were providing hiding for some process, files as well as a backdoor to root.

Initial motivating was stealing machine time and creating hidden file sharing and IRC sites from "rich and stupid" corporations or getting free access to Unix OS which in old times was pretty expensive, like $50-$70 per hour, service. 

As detection tools improved and integrity based detection became mainstream,  Unix rootkit gradually evolved to operating in kernel space instead of user space and started  to include kernel modules that help to hide rootkit owner activity on the computer.

Recently Rootkit became one of the most popular Trojans sets used in remote network attacks targeted against "naive" home Linux installations. See for example the following CERT advisories:

First Linux rootkit that I encountered a decade ago was a pretty primitive set of Trojans:

    du.c - 4877 bytes (Mar 1 1994)
    du5.c - 5588 bytes (Mar 1 1994)
    es.c - 12503 bytes (Mar 1 1994)
    fix.c - 3031 bytes (Mar 1 1994)
    host.c - 1727 bytes (Mar 1 1994)
    if.c - 8583 bytes (Mar 1 1994)
    ifconfig.c - 21262 bytes (Mar 1 1994)
    inet.c - 14505 bytes (Mar 1 1994)
    ipintrq.c - 629 bytes (Mar 1 1994)
    ls.c - 17661 bytes (Mar 1 1994)
    ls5.c - 24450 bytes (Mar 1 1994)
    main.c - 6660 bytes (Mar 1 1994)
    mbuf.c - 7883 bytes (Mar 1 1994)
    ns.c - 5975 bytes (Mar 1 1994)
    ps.c - 36196 bytes (Mar 1 1994)
    revarp.c - 11161 bytes (Mar 1 1994)

But against completely incompetent sysadmins it proved to be very effective ;-).

Recently loadable kernel modules gives Rootkit somewhat advanced capabilities, that are generally similar to those of stealth viruses of DOS era. And they face a common problem -- more complex toolkits are more prone to crash and more affected by incompatibilities between different versions of the kernels. Much like file viruses writers of early nineties (remember Dark Avenger and his Eddy virus ;-) those guys are not capable of doing something really interesting, but some of them are pretty clever in their own perverted way.

Here is listing of a more recent version of this crap from Devcon 2000:

     AWESOME.C               08-Sep-2000 19:27     2k
     B4B0.C                  08-Sep-2000 19:27     3k
     BDOOR.C                 08-Sep-2000 19:27     4k
     BJ.TXT                  08-Sep-2000 19:27     1k
     BOINFO.TXT              08-Sep-2000 19:27     6k
     BOWZ4P.C                08-Sep-2000 19:27     3k
     BUTTSNIFF_0_9_3.ZIP     08-Sep-2000 19:27   128k
     CLOAK.C                 08-Sep-2000 19:27     2k
     CLOAK2.C                08-Sep-2000 19:27    11k
     CWHO.C                  08-Sep-2000 19:27     3k
     DEAD.C                  08-Sep-2000 19:27     1k
     DEMONKIT_1_0.TGZ        08-Sep-2000 19:27   147k
     DWARF.TGZ               08-Sep-2000 19:27     5k
     FAKESYSLOG.C            08-Sep-2000 19:28     3k
     FIX.C                   08-Sep-2000 19:28     3k
     FORCE.C                 08-Sep-2000 19:28     2k
     FWBACKDOOR.TXT          08-Sep-2000 19:28    27k
     GENERIC_BUFFER.TGZ      08-Sep-2000 19:28     5k
     HIDE.C                  08-Sep-2000 19:28     3k
     INV.C                   08-Sep-2000 19:28     1k
     INVIS.C                 08-Sep-2000 19:28     1k
     INVISIBL.C              08-Sep-2000 19:28     1k
     LE.C                    08-Sep-2000 19:28     2k
     LOGIN.C                 08-Sep-2000 19:28    19k
     LRK4.TGZ                08-Sep-2000 19:28   879k
     MARRYV11.C              08-Sep-2000 19:28    24k
     MD5_TAR.Z               08-Sep-2000 19:28    34k
     MME.C                   08-Sep-2000 19:28     4k
     NET/                    08-Sep-2000 19:27      -
     NETB160.ZIP             08-Sep-2000 19:28   513k
     NETBUS170.ZIP           08-Sep-2000 19:28   536k
     PORTD.C                 08-Sep-2000 19:28    26k
     PORTMAP.C               08-Sep-2000 19:28     6k
     REMOVE.C                08-Sep-2000 19:28     5k
     RHCLEAN.C               08-Sep-2000 19:28     1k
     ROOTKITLINUX.TGZ        08-Sep-2000 19:28    73k
     ROOTKITSUNOS.TGZ        08-Sep-2000 19:28    68k
     SCO_ZAP.C               08-Sep-2000 19:28     2k
     SETTIME.C               08-Sep-2000 19:28     1k
     SOCKET_DEMON13.ZIP      08-Sep-2000 19:28    21k
     SPY.C                   08-Sep-2000 19:28     3k
     SSH_1_2_27_BD.DIFF      08-Sep-2000 19:28    17k
     STEALTH.C               08-Sep-2000 19:28     1k
     TCPB.C                  08-Sep-2000 19:28     7k
     TELNETD_HACKED.TGZ      08-Sep-2000 19:28   108k
     TRANS.TBL               08-Sep-2000 19:28     1k
     UCLOAK.C                08-Sep-2000 19:28     2k
     UTMP2.PL                08-Sep-2000 19:28     1k
     UTMPSPOOF.C             08-Sep-2000 19:28     2k
     UTMPX.TXT               08-Sep-2000 19:28     4k
     WIPE_1_00.TGZ           08-Sep-2000 19:28     4k
     WZAP.C                  08-Sep-2000 19:28     1k
     ZAP.C                   08-Sep-2000 19:28     2k
     ZAPREC.C                08-Sep-2000 19:28     2k

Linux Rootkit IV comes with these Trojaned files and special utility programs (taken from the README files):

    bindshell       port/shell type daemon!
    chfn            Trojaned! User->r00t
    chsh            Trojaned! User->r00t
    crontab         Trojaned! Hidden Crontab Entries
    du              Trojaned! Hide files
    find            Trojaned! Hide files
    fix             File fixer!
    ifconfig        Trojaned! Hide sniffing
    inetd           Trojaned! Remote access
    killall         Trojaned! Wont kill hidden processes
    linsniffer      Packet sniffer!
    login           Trojaned! Remote access
    ls              Trojaned! Hide files
    netstat         Trojaned! Hide connections
    passwd          Trojaned! User->r00t
    pidof           Trojaned! Hide processes
    ps              Trojaned! Hide processes
    rshd            Trojaned! Remote access
    sniffchk        Program to check if sniffer is up and running
    syslogd         Trojaned! Hide logs
    tcpd            Trojaned! Hide connections, avoid denies
    top             Trojaned! Hide processes
    wted            wtmp/utmp editor!
    z2              Zap2 utmp/wtmp/lastlog eraser!

Later they evoleve in kernel module based malware. Some examples of LKM rootkits are Afhrm and Synapsis.

Detecting a rootkit on Unix

Theoretically integrity checkers can detect trojanized executable in non-kernel based rootkits Please note that practice had shown that checks done with the help of "all-encompassing" Tripwire rule-sets are usually ignored in a month or so even less after their creation.  After this period Tripwire became just i useless ritual that is running but nobody is looking.  I think that realistic limit for Tripwire policy is below a hundred files. A simple Perl script can help to solve the problem of non-existent files in the standard rulebase (input is the default policy source file on STDIN or as first argument, output on stdout is the new policy source file):

#! /usr/bin/perl
while (<>) {
  if ($_ =~ /(\/[\w\-\.\/]+)/ && !($` =~ /#/)){
    $_ = "#$_" if (! -e "$1");
  }
  print $_;
}

More flexible integrity checkers then Tripwire are based on scripting languages. See for example Afick: is a fast and portable intrusion detection and integrity monitoring system, designed to work on all platform (it only needs Perl and standard modules), including windows, Linux, UNIX. The configuration syntax is very close from tripwire/aide. Scripting language based integrity checkers have a better chances to provide real value in maintenance  as you can adapt them to your needs (you you are strong C-programmer you can do the same with the Tripwire but generally I recommend spending your tie on other projects).

One typical oversight made by a lot of entry-level sysadmins is that after installing and hardening their machines they fail to create a baseline of the system configuration and burn a couple of CDs with vital directories. Althouth you can use RPM for checking baselines, its not that convininet. You probably would be much better off against intruders if you have a valid copy of major /etc files (inted.conf is often trojanized, rc files are vulnerable too), /bin, /usr/bin and a couple of other system directories. Create several HTML pages with a typical usage of resources, ports and so. For example something as simple as:

netstat -a -n > /root/Baseline/netstat-baseline 

can give you a reference to latter check against and see if any additional ports are open.

But even if this is not the case, detecting rootkit it's not that difficult and DOS viruses experience can be quite helpful. As I mentioned before, those guys are not very original and mostly repeat tricks of the virus writers ten years later. And actually the more they try to hide the easier is to detect them as in more complex system something always go wrong even with a slightly different version of kernel.

The first thing to do is to get a normal bash. One way to do it is to mount the CD-ROM with copy of /bin and /usr/bin tries and start a shell to work from. For instance:

/mnt/cdrom/bin/bash -rcfile /mnt/cdrom/etc/bashrc -noprofile -i

If you are lazy (I am ;-) you can just try to use tcsh as your shell instead of bash (tcsh is not usually trojanized, but your mileage may vary).

After than you can try to use find from CD Rom detect suspicious files like "...". Please note that ls and find on the harddrive are usually trojanized.

There are a couple of free rootkit detectors. I recommend chkrootkit (http://www.chkrootkit.org/) -- a simple script that locally check for signs of a rootkit. It contains:

The following rootkits and worms are currently detected:

chkrootkit has been tested on: Linux 2.0.x, 2.2.x, FreeBSD 2.2.x, 3.x and 4.0, OpenBSD 2.6, 2.7 and 2.8, Solaris 2.5.1, 2.6 and 8.0. More details can be found on the chkrootkit's README.

There is also a useful little daemon called "rkdet" for Linux that monitors checksums for common Trojan targets (login, ls,netstat etc.)and can disable networking if triggered. Reporting is by email and syslog. See http://vancouver-webpages.com/rkdet/.

Normally in such cases it make sense to create a mirror installation on a separate box and burn a couple of CDs to verify the integrity of common directories. One machine then distribute binaries around the site.  RPM has facilities for verifying that a package is not corrupt or has components missing. A program added or removed by a cracker will not match the original and RPM will generally report a verification failure. For example you can check if ps is Trojanized by using:

rpm -q -f /bin/ls/ -s | grep /bin/ls/

that assumes that RPM database (the files/var/lib/rpm/fileindex.rpm and /var/lib/rpm/packages.rpm) is intact.

If you are paranoid (I never saw a Trojan RPM executable but your mileage may vary) that it would be good to load rpm binary from CD or writeprotected floppy:

root# /mnt/cdrom/bin/rpm -Va

to verify each file on the system. Note that this will take a long time even of a fast system: you definitely has can for a cup of coffee. Also the valiant listed above is pretty verbose and probably you should redirect it to some file and them analyze with grep. See the RPM man page, as there are a few other options that can be included to make it less verbose. I do not remember details,but you can find then on the WEB. Keep in mind that RPM in this mode produces the following useful output fields:

You can try to get all "5" lines to see what modules were changed. Again if you are paranoid that every time a new RPM is added to the system, the RPM database needs to be burned on CD (the files/var/lib/rpm/fileindex.rpm and /var/lib/rpm/packages.rpm most likely won't fit on a single floppy. gzipped, each should fit on a separatefloppy) or re-archived. Also, keep in mind that it won't verify programs that RPM did not install. In future consider having this (as wellas the actual /bin/rpm executable) on a CD or a Zip cartridge.

There is also a bootable SuSe auditdisk with integrity checking tools and the checksums providing a very secure method to check for damage. It ships standard with SuSE and can easily be ported to other Linux distributions, and is GPL licensed. You can get SuSE auditdisk from: http://www.suse.de/~marc/.

Some baseline creation recommendations

Windows rootkits

Windows rootkits initially were created as derivatives on Unix rootkits but gradually became a unique software technology as Windows is quite a different OS in comparison with Unix. The book Rootkits Subverting the Windows Kernel by Greg Hoglund, and Greg Hoglund (Addison-Wesley) is good resource about this development. 

An example of modern windows rootkit is Hacker Defender (hxdef) -- an open source Windows NT/2000/XP rootkit. It is not just a proof of concept (like most rootkits); it is a full-fledged rootkit able to hide its process, port, registry entries, and files by replacing valid system calls or DLLs by Trojaned ones. It can bypass some malware detection systems. Some anti virus application such as Kaspersky has special detection features that help to detect and eradiate it. As the codebase is old, stable and open source other anti-viruses should also be able to detect hxdef.

Advanced rootkits utilize special service on a Windows OS.  Earlier Windows kernel mode Trojans included Slanret, IERK, and Backdoor-AL.

Information below was taken from Microsoft 2012 paper on the subject (Microsoft2012)

Win32/Alureon

Win32/Alureon is a multi-component family of Trojans that is involved in a broad range of subversive activities online that generate revenue from various sources for its controllers. Contain a rootkit to hide their activities.Win32/Alureon is mostly associated with moderating affected user activities online to the attacker's benefit.  As such, the various components of this malware family have been used to:

Win32/Alureon has been actively developed, aggressively deployed, and professionally managed by its authors for many years. The pervasiveness of its components in the wild, which other malware families often use, and its use of stealth, makes this malware family a notable threat.

Alureon has used several methods to hide its processes and other system changes, including the following:

Win32/Rustock

Win32/Rustock (for detailed information about the Rustock family download the Microsoft Malware Protection Center Threst Report – Rustock available at battling_the_rustock_threat.pdf). A multi-component family of rootkit-enabled backdoor trojans initially developed to aid in the distribution of "spam" email through a botnet. A botnet is a large attacker-controlled network of compromised computers. First discovered sometime in early 2006, Rustock evolved to become a prevalent and pervasive threat. Some reports suggest that at its peak, the million-strong Rustock botnet was responsible for almost 80 percent of spam traffic, sending more than 2,000 spam messages per second.

Rustock used a complex method to install its drivers to complicate its detection and removal.10 In addition, the rootkit drivers hooked system functions to hide itself and its components. This was achieved by patching the SSDT to hook the events ZwCreateEvent, ZwCreateKey, and ZwOpenKey. This method made it possible for the rootkit drivers to filter requests containing each driver’s name and return STATUS_UNSUCCESSFUL if matched, thus avoiding detection. Rustock also attempted to hide network and disk I/O operations. To achieve this, a driver of this rootkit hooked the set of ntoskrnl.exe and ntdll.dll APIs, and then communicated directly with the NTFS file system (NTFS) and TCP/IP devices, such as NTFS, IP, TCP, UDP, RawIP, and IPMULTICAST.

Microsoft, in conjunction with industry and academic partners, utilized a novel combination of legal and technical actions to take control of the Rustock botnet in March 2011 as part of Project MARS (Microsoft Active Response for Security)11. This action resulted in the gathering of evidence which became part of an ongoing criminal investigation12.

Win32/Sinowal

A multi-component family of malware that attempts to steal sensitive data, such as user names and passwords for different systems. This includes attempting to steal authentication details for a variety of FTP, HTTP, and email accounts, as well as credentials used for online banking and other financial transactions. Sinowal may specifically attempt to target and replace digital certificates used by the affected user during encrypted Secure Socket Layer (SSL) transactions, thus corrupting the integrity of these communications. Sinowal may also provide backdoor functionality to the remote attacker, allowing unauthorized access and arbitrary files. Sensitive data captured by Sinowal may also be uploaded to a website for retrieval by the attacker.

Sinowal’s data stealing payload makes its extended presence on an affected computer a key determiner of the malware’s success. Sinowal thus attempts to use stealth to maintain its presence and avoid being detected while it silently gathers data and sends it to a remote attacker. Similar to Rustock, Sinowal also uses a complex method to install its drivers. The eventual effect of these machinations is that the MBR is overwritten with malicious code, and the main driver is written to the end of the physical drive14. With these changes in place, Sinowal can gain control of the affected system loading its driver at an early point in the boot process.

Win32/Cutwail

This is a trojan that downloads and executes arbitrary files. The downloaded files may be executed from disk or injected directly into other processes. While the functionality of the downloaded files is variable, Cutwail usually downloads other components that send spam. Cutwail also employs a rootkit and other defensive techniques to avoid detection and removal.

Cutwail uses a kernel mode rootkit. It installs several device drivers to hide its components from affected users. However, Cutwail not only can hide itself, it can also prevent the removal of its files and registry entries. To hide and protect its registry entries, Cutwail hooks the functions ZwDeleteValueKey(), ZwEnumerateKey(), ZwEnumerateValueKey(), ZwOpenKey(), and ZwSetValueKey()in the SSDT. To protect its files on disk, it also implements a file system filter driver.

Detection of Windows rootkits

Kernel level rootkits can be found if you boot from a clean system (for example Linux in case of infected Windows PC) mount the drive and compare set of drivers and other critical files with the "trusted" uninfected system.

A very powerful strategy for elimination of Windows rootkits is Softpanorama Malware Defense Strategy

There are multiple program that try to detect presence of rootkit. One such program is Trend Micro Download Center

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 5.0.0.1102
| Computer Name: D620A
| OS version: 5.1-2600
| User Name: nnb
+----------------------------------------------------

--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
[HIDDEN_REGISTRY][Hidden Reg Key]:
	KeyPath   : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641950674
	SubKey    : 001641950674
	FullLength: 89
 1 hidden registry entries found.
--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

--== Service Win32 API Hook List ==--
No hidden operating system service hooks found.

--== Dump Hidden Port ==--
No hidden ports found.

 

Dr. Nikolai Bezroukov

Webliography

Unix rootkits:

Windows malware with rootkits capabilities:



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: May 08, 2017