Glossary of Metro Manila Crimes

Most crimes are committed on the streets, while riding on public transportation, in shopping malls, and in other areas with high people concentration. The most frequent crimes perpetrated across the metropolis are pick-pocketing, robbery, confidence schemes, and to a lesser degree, credit card fraud. While these crimes are common to many other major cities, the names could be different for these are the ones used mainly in Metro Manila. 


NOTE: this is not my compilation. this was taken from an email forwarded to me by a friend where the name of the original author was missing.

Tagalog Crime Name	Common Crime Scene(s)	Tactics Description
Salisi Gang	Hotel lounges, coffee bars, cafes, and restaurants frequented by perceivably wealthy tourists and businessmen	Suspects are typically well-dressed, mild-mannered, and project an aura of legitimate businessman or an affluent matron; complete with jewelry, attaché case and other props to appear and look wealthy. The perpetrator moves closer to the would-be victim and waits patiently until the victim is engrossed in a serious conversation with a companion or leaves his or her bags and other belongings unattended. In a swift motion, the perpetrator takes the unattended bag or belongings and casually leaves the place. Another variant, involves two or three accomplices who distract the would-be victim by engaging them in a conversation, often pretending to know the victim from somewhere or ask for a lighter. When distracted, the accomplice takes the unattended bag or belongings of the victim. Another tactic involves a perpetrator who loiters around the hotel ' s front desk and waits for a guest to deposit his room key or is busy conversing with the front desk staff during registration. Once the victim is already busy talking with the front desk staff, the perpetrator makes his move by walking beside the victims and grab the bags or belongings unattended in a swift motion and casually leaves the location.
Tutok-Kalawit Gang	Malls, sidewalks, schools, public buses, and jeepneys	Tutok-Kalawit involves a man or woman suddenly hugging a victim like they are old friends. In truth, the con man or woman is discreetly poking a sharp object on the side of the victim while quietly telling him to turn over his cash and valuables. Another variant of this criminal tactic would be two thieves accusing a victim of something bogus. The victim would naturally deny the charge and confront his accuser. The thieves would then ask the victim to show his/her ID. Since IDs are usually kept in wallets, thieves will grab the wallet from the victim and run away.
Ativan Gang	Bars, boardwalks, restaurant, and other tourist spots	Ativan perpetrators commonly victimize foreigners who roam alone in public places. The group is usually composed of three (3) to four (4) males or females who befriend the would-be victim. After gaining trust and confidence, the victim will be taken for a ride to other tourist sites and during meal time, the victim will be brought to their house usually situated in a squatter colony where the victim will be treated for lunch, snacks, or dinner. The served drink is spiked with Ativan – a powerful anti-depressant/ sleeping pill. Even before finishing the drink, the victim will succumb to a deep sleep and while sleeping, will be stripped of his cash and valuables and will be brought out of the house and left at a completely random location. Another variant of this tactic is when a male victim is se - duced and picked-up in a bar, restaurant, park and/or a tourist site by a gorgeous female, well dressed and well-mannered. The victim will be approached and befriended until a casual conversation and se- duction process takes place which culminates in negotiated se - xual activities. The victim will either be brought to a pre-arranged hotel/motel or to his own hotel room. Once at the designated room, the victim will be offered liquor or drink which the perpetrator mixes with highly potent Ativan pills. Once the victim is unconscious, the suspect will divest the victim of his cash/valuables, and then leave the victim at the scene. Most of the victims of this crime wake-up after two to three days and it takes another two days before the victim can fully recover from the drugs and discover the losses.
Ipit Gang	Crowded areas such as passenger jeepneys, railway stations, and malls	Ipit gang members operate in groups of four or five. Gang members shove or push a prospective victim to distract him or her, while their accomplice picks his pocket. In jeepneys and buses, suspects squeeze-in and distract their victims while their accomplice snatches the victim’s wallet and/or mobile phone.
Budol-Budol Gang	Malls, airports, restaurants, and coffee shops frequented by perceivably wealthy tourists and businessmen	Budol-Budol is a transaction scam principally involving a supposed bundle (budol) of cash that is actually padded inside with sheets of paper cut in the size of money. Only the exposed sides however are real money, everything in between are plain paper cuttings. Budol-budol gang members are often described as sweet-talking, charismatic, and convincing. Other victims even report having been hypnotized by the group. Reports and stories of the Budol-budol operations vary from a balikbayan (returning overseas Filipinos) urgently needing a huge amount in Philippine Peso in exchange for his Dollars, to a stranger ' s emergency offer to swap his bundle of cash with a mobile phone or an expensive piece of jewelry. After gaining the potential victim ' s trust the two parties barter their items – the bundle of money for whatever product the to-be victim is peddling. Mobile phones and jewelry are the most commonly lost items. Some high profile cases involve rare paintings, expensive furniture and millions worth of checks to the Budol-budol gang. After the deal is made, the gang and the victim splits. Another, more sensational and dramatic variant of this crime is the use of fake gold bars, which the suspects use as bait for their victims. The ploy commonly used involves a Filipino treasure hunter or a Japanese survivor has knowledge of a secret Japanese fortune which was plundered by the retreating Japanese Army during World War II which is yet to be completely recovered. A sample of the gold bar is shown to the would be victim for physical examination and since the gold bar actually looks genuine, an offer is made to sell the whole fortune by asking the victim to pay half the cost of the gold bars under terms and conditions agreed upon. One of the conditions is that the gold bars can be delivered or a map can be provided and brought to the site where the bars can be dug up. After the payment, the perpetrators will never show up and the victim will soon discover that the gold bars which were delivered or unearthed from the site are gold plated lead bars.
Kotong	Airports, hotels, restaurants, malls, and public parks frequented by foreigners and balikbayans.	The common victims of this MO are foreigners, balikbayans and their dependents who are lured into exchanging their foreign currencies into pesos at a rate higher than the prevailing exchange rates. The group/individual approaches and offers a tempting high rate to the would-be victim. During the transaction, which usually takes place outside or right in front of a foreign exchange shop, the equivalent peso is counted before the victim three times. Initially, the victim is allowed to count the money he will receive to make him feel confident that he will get the exact amount for his foreign currency. After, a recount is done by one of the perpetrators spreading the pesos in his palm to cover his fingers that are folding a portion of the bunch. The suspect distracts the attention of the victim, often by telling him to be extra careful of robbers, while wrapping the bundle of money in a newspaper or placing it inside a paper bag. The victim eventually discovers that he was shortchanged when he counts the money while inside a car or upon arrival at his house or hotel.
Laslas Bag/Laslas Bulsa	Malls, open-air markets, and public transportation	Perpetrators of this crime usually target victims in crowded areas. A man/woman/child pretending to be lost or selling an item approaches the victim to distract his/her attention. An accomplice slashes the bag/pocket of the victim who is busy being distracted by another suspect. All money and goods are stolen.
Ipit Taxi Gang	Taxis	The Ipit Taxi scheme usually involves three (3) perpetrators. . The trio uses a taxi cab spray painted with a different name and sporting stolen or fake license plates. The driver usually drives around looking for a potential victim who is hailing a taxi cab. Unknown to the victim, the locking mechanisms of both rear doors are not working. The driver then drives the cab to a pre-arranged area, usually a dimly lit street or highway, and slows down pretending he has engine/mechanical trouble. At this juncture his cohorts approach both doors of the cab, jump in and sandwich the victim who is forcibly divested of his cash and valuables. After the victim is robbed, the driver takes the victim and dumps him in a quiet place or highway. In another variant, the taxi driver, with the help of an illegal solicitor, will ask the victim to pay an additional amount or forcibly divest him of all cash and valuables, then the victim is dumped in a remote area.
Estribo Gang	Public transportation	Attackers prey on passengers inside a bus or jeepney by positioning themselves near the estribo or vehicle ' s exit and then hold up everyone inside. In other instances, a crafty criminal will set up at the exit of a crowded bus or jeepney and systematically pick the pocket of passengers passing through..
Bukas Kotse Gang	Main roads under heavy traffic, parking areas in malls, churches, schools, etc.	Thieves typically work in pairs.. Spotting a potential victim driving a car with unlocked doors, a pair will force their way into an occupied parked car or a vehicle stopped at an intersection. Other times, using a car of their own, the pair will force the victim to maneuver his or her vehicle off the road. One of the attackers will force the victim to open his door. The attacker pushes the victim to the front passenger seat, drives the car to a deserted area, and robs the victim. Sometimes, the attackers also steal the car.
Dura Boys	Public transportation terminals, jeepneys, and buses	This tactic is usually carried out by a group of three. The first member informs the victim that a man/woman has spit on her sleeve and back. The victim will be distracted trying to wipe the spit on her sleeve while one of the other members of the gang steals the victim’s valuables, usually a wallet or a mobile phone.
Akyat-Bahay Gang	Residential areas	The Akyat-Bahay is the most common robbery scheme in the Philippines . This crime is usually orchestrated by three to five people. These thieves target homes that are unoccupied especially during the holiday season (i.e. Christmas, Holy Week, and Summer Vacation) or during severe weather conditions (i.e. typhoons) when members of the household can barely notice break-ins into their homes. The gang also employs children who can easily enter homes illegally through tight spaces.
Pitas Gang	Provincial and city operation buses, jeepneys, motorized passenger sidecars (tricycles), and schools	Thieves typically target passengers seated near the windows of public buses, jeepneys, and tricycles. Among the items usually snatched by thieves include wrist watches, rings, necklaces, mobile phones, and hand bags. Another variant occurs when a group of thieves grab the ears of women and young girls and steal their earrings or snatch their bracelets from their wrists.
Zest-O Gang	Provincial/city operation buses.	This scheme is usually executed by three members. One of the perpetrators wears a bus conductor’s uniform and ask their potential victim “ilan ho” or “how many?” The unsuspecting victim assumes that the man is the bus conductor and responds with the amount of fare the victim should pay. The criminal then forcibly hands the victim a Zest-O juice or any food item and demands that the victim pay for the item. The two accomplices will vouch that the victim ordered from the vendor. The victim will then be forced to pay up.
Laglag-Barya Gang	Provincial/city operation buses, jeepneys, railway stations	Members of this gang drop coins or small bills near their victim. While the victim helps to scoop up the money, other gang members start robbing the victim. In most instances, a gang member blends with the crowd and serves as lookout or “stopper,” when someone tries to run after his companions.
Baraha Gang	Restaurants, shopping malls, department stores, supermarkets	Members of this gang are typically waiters and cashiers who target credit card users in business establishments. Once the victim gives his credit card to the waiter/shop attendant the card is swiped to a skimming device that will capture the victim’s credit card account.
Besfren Gang	Bargain malls and open-air markets	This gang targets shoppers who check out items sold in stalls (i.e. watches, jewelry, mobile phones, and other electronic gadgets). One of the gang members stands next to the victim and borrows the item being checked, pretending that he/she is a friend of the victim. The thief will quickly flee the stall premises bringing with him/her the said item. The store owner/attendant naturally assumes that the victim is an accomplice and will ask him/her to pay for the item.

How to remove Antivira AV malware

a friend brought to me her laptop which she was complaining that the antivirus was prompting too many viruses in the system. when i tried starting her laptop, i noticed right away that her laptop got infected by the Antivira AV malware. i searched on how to remove this malware but most of them suggests another tool to remove it! there are lots of it youtube. you can also check some of them here.

anyway, i wanted to remove this malware manually without having to install another tool (for which we don't know could be another malware). i came to know that this malware does allow you to run iexplore.exe and explorer.exe process. other processes are killed and antivira will prompt you that such exe file is damaged etc...

so here's how to remove it:
1. open explorer and go to %windir% (e.g. c:\windows)
2. rename regedit.exe to iexplore.exe and run it
3. on Registry Editor, go to HKLM\Software\Microsoft\Windows\CurrentVersion\Run
4. delete entries which have values pointing to ~%local~1%\temp\####.exe
5. if there's an entry for rundll32.exe ###.dll, delete that as well.
6. on the explorer, find the location of the exe in step 4.
you won't be able to delete it so just renamed it
7. locate the dll in step 5 and rename/delete it as well
8. reboot
9. after reboot, rename back the iexplore.exe to regedit.exe.
if there's already one, just delete it.
10. run task manager, kill any rundll32.exe process if there is.
the dll will try to add back the registry entry when it is killed.
so run regedit.exe and delete the runll32.exe entry.
11. do the cleanup using your usual antivirus program.
12. run IE and check your proxy settings. if you are not using any proxy, uncheck the proxy configuration in your Internet Options page.

happy computing.

Extract embedded MST from MSI installer

last week, one of my colleagues asked me if embedded MST files in an MSI installer can be extracted for verification. i had tried out several MSI APIs mostly using VBScript in retrieving info on MSI and MSPs 2-3 years back when i was studying the installer concept. well, with the MSI APIs, you can access the _Storages table of the installer and lists the names of the embedded MSTs. however, the Data field which holds the binary data cannot be accessed and will also return a data size of 0bytes! API description in MSDN clearly states this too...

anyway, so what i did was to make use of msidb.exe utility which is shipped with the MS platform SDK. you will need to specify the MSI file path and the name of the storage i.e. the MST (usually the codepage or locale number) to extract the file. i used the MSI APIs in vbscript to list the names of the embedded storages and specify them in the commandline option of msidb.exe to extract it...

last weekend, i had some free time to check on the MSI APIs. i was wondering how msidb.exe is extracting the data since the description in the _Storages table notes that the Data field cannot be accessed!? after awhile, i came to understand that you'll have to treat the msi file as any compound file like Office files which have embedded storages in them. and this led me to the IStorage::OpenStorage and related APIs in MSDN. using these OLE Storage related APIs, i was able to extract the MSTs and save them externally.

here's the command line tool (stgxtr.exe) which will extract all the data in the storage of a compound file. i just tested this with an MSI so i don't have any idea if this works with other compound files...

[Usage]
$>stgxtr.exe <pathToMSIFileWithEmbeddedMST>

the extracted files will be saved on the current directory and are named with their corresponding storage names. i currently did not add the feature of extracting specific storage name but might implement it later when necessary. if you need to extract specific storage out of the MSI, you can use msidb.exe instead.

Technology to watch out in 2010

One technology which will be make Citrix known to general consumers will be its XenClient software. It's currently on it beta stage and is still in development. Watch the demo video during the Synergy.

The New Citrix!

Citrix new slogan:" Simplicity is power"
Watch this CitrixTV clip...

VBS Utility Class

i had written several vbs and hta scripts at work to do some automation for me. here's a utility class for registry read/write, file create/write, getting hostname and others. just customize it in anyway you want. if you have any questions, just drop me a line.

[listing 1] Util class
--------------------------

Class Util
  Dim m_oFso, m_oShl, m_oNet, m_appLoc
  Private Sub Class_Initialize
      Set m_oFso = CreateObject("Scripting.FileSystemObject")
      Set m_oShl = CreateObject("WScript.Shell")
      Set m_oNet = CreateObject("WScript.Network")
      m_appLoc = m_oFso.GetFolder(".")
  End Sub
  Private Sub Class_Terminate
      Set m_oFso = Nothing
      Set m_oShl = Nothing
      Set m_oNet = Nothing
  End Sub
  Public Property Get HostName
      HostName = m_oNet.ComputerName
  End Property
  Public Sub CopyFolder(srcDir, tarDir, bOverWrite)
      m_oFso.CopyFolder srcDir, tarDir, bOverWrite
  End Sub
  Public Sub DeleteFolderFiles(folderPath)
      Dim oFile, oFolder
      If Not m_oFso.FolderExists(folderPath) Then Exit Sub
      Set oFolder = m_oFso.GetFolder(folderPath)
      For Each oFile In oFolder.Files
          DeleteFile oFile
      Next
  End Sub
  Public Sub DeleteFile(strPath)
      m_oFso.DeleteFile strPath, True
  End Sub
  Public Sub CreateFile(strPath)
      Dim g: Set g = m_oFso.CreateTextFile(strPath)
      g.Close
  End Sub
  Public Sub RenameFile(strOrig, strNew)
      m_oFso.MoveFile strOrig, strNew
  End Sub
  Public Sub CreateFolder(strPath)
      If  m_oFso.FolderExists(strPath) Then Exit Sub
     Dim oPF: oPF = m_oFso.GetParentFolderName(strPath)
     If Not m_oFso.FolderExists(oPF) Then CreateFolder oPF
     m_oFso.CreateFolder(strPath)
  End Sub
  Public Function PathExists(strPath)
      Dim bRes: bRes =  m_oFso.FileExists(strPath)
      If Not bRes Then bRes = m_oFso.FolderExists(strPath)
      PathExists = bRes
  End Function
  Public Function WriteReg(keyRoot, vValue, vType)
      On Error Resume Next
      m_oShl.RegWrite keyRoot, vValue, vType
      WriteReg = (Err.Number = 0)
  End Function
  Public Function WriteRegString(keyRoot, strValue)
      WriteRegString = WriteReg(keyRoot, strValue,  "REG_SZ")
  End Function
  Public Function WriteRegExpString(keyRoot, strValue)
      WriteRegExpString = WriteReg(keyRoot, strValue,  "REG_EXPAND_SZ")
  End Function
  Public Function WriteRegDword(keyRoot, dwValue)
      WriteRegDword = WriteReg(keyRoot, dwValue,  "REG_DWORD")
  End Function
  Public Function WriteRegBinary(keyRoot, binValue)
      WriteRegBinary = WriteReg(keyRoot, binValue,  "REG_BINARY")
  End Function
  Public Function ReadReg(keyRoot)
      On Error Resume Next
      ReadReg = m_oShl.RegRead(keyRoot)
      If Not Err.Number = 0 Then ReadReg = "[notfound]"
  End Function 
  Public Function RegValueExist(keyRoot)
      RegValueExist =( ReadReg(keyRoot) <> "[notfound]")
  End Function
  Public Property Get AppPath
      AppPath = m_appLoc
  End Property
  Public Function RunCommand(cmd)
      RunCommand = ""
      On Error Resume Next
      Dim tmpOut: tmpOut = m_oShl.ExpandEnvironmentStrings("%TEMP%\$tmp.out")
      Dim retCode: retCode = m_oShl.Run("%comspec% /c " & cmd & " >""" & tmpOut & """" , 0, True)
      Dim outFile: Set outFile = m_objFso.OpenTextFile(tmpOut)
      If Err.Number <> 0 Then
          RunCommand = outFile.ReadAll
          'MsgBox outFile.ReadAll
          outFile.Close
          m_objFso.DeleteFile tmpOut
      End If
      Set outFile = Nothing
  End Function
  Public Sub RunRawCmd(cmd, bWin,bWait)
      m_oShl.Run "%comspec% /c " & cmd, bWin, bWait
  End Sub
  Public Sub RestartSystem()
       m_oShl.Run "shutdown -r -f -t 00", 0, False
  End Sub
  Public Function ImportRegFile(regFile)
      'ImportRegFile = RunCommand("reg import """ & regFile & """")
      ImportRegFile = RunCommand("regedit /s """ & regFile & """")
  End Function
  Public Sub Sleep(nSecs)
      Dim t: t="~$slp.vbs"
      RunRawCmd "echo wscript.sleep " & nSecs & "000> " & t & " &  " & t  & " & del /f/q " & t, 0, True 
  End Sub
  Public Property Let CurrentDirectory(strDir)
      m_oShl.CurrentDirectory = strDir
  End Property
  Public Property Get CurrentDirectory
      CurrentDirectory = m_oShl.CurrentDirectory
  End Property

End Class

--------------------------

File Comparison Batch Script

at work, i needed to compare the files in the mounted ISO image to the extracted raw files. there are several tools which compares directories like the built-in fc.exe of windows and other freewares but what i needed is something simple which would only check for the files on the the same folder location which is just relative to the root location. for example, the mounted ISO image is my reference subject and the files in it should be found on the extracted file structure of the same relative folder location.

here's what i've came up. posting it here for future reference and for those who might have the same needs.

listing: compdir.bat
---------------
::reference dir
@set REFDIR=%~1
::this is the copied directory which should be checked
@set CMPDIR=%~2
::call the root first
@call :CMPPROC
@goto XXX

:CMPPROC
@set MRGPATH=%REFDIR%%~1
@echo RefDir: %MRGPATH%
@echo TarDir: %CMPDIR%%~1
@echo ------------------------------------
::check on the files
@for /f "usebackq tokens=* delims=" %%i in (`@dir /b/a:-d "%MRGPATH%"`) do @if exist "%CMPDIR%%~1\%%i" (@call :CMPFILE "%%i" "%MRGPATH%\%%i" "%CMPDIR%%~1\%%i" ) else (@echo [NG] "%%i")
@echo ------------------------------------
::iterate on the sub directories
@for /f "usebackq tokens=* delims=" %%i in (`@dir /b/a:d "%MRGPATH%"`) do @call :CMPPROC "%~1\%%i"
@goto :EOF

:CMPFILE
@fc /B "%~2" "%~3" >nul
@if %ERRORLEVEL%==0 (@echo [OK] "%~1") else (@echo [NG] "%~1")
@goto :EOF

:XXX
@echo Done

---------------