virus on the puppy forum ?

For discussions about security.
Post Reply
Message
Author
ebiker
Posts: 7
Joined: Tue 05 Jan 2010, 03:26

virus on the puppy forum ?

#1 Post by ebiker »

I was on the puppy forum using windows xp with avg and I got the BIG warning about this site

http://bandstartedsecurity.com/index.php?affid=92001

avg blocked it but I wanted to see what it is.

I fired up my puppy linux computer using an external cd drive through a usb port then disconnected the cd drive.

Got on the net and typed in web address above.

It's a program that says my computer is infected and offers to scan it.

Wow, I played with that virus program then shut puppy down.

Check it out ! It scanned my C hard drive and found over 100 virus on it ( the computer has no hard drives in it ! )

I used this setup with the cd rom, not the flash stick.

http://www.youtube.com/watch?v=CyGtLgHwzV0

P.S. don't let puppy save anything to disk or flash memory doing this

*
Last edited by ebiker on Wed 27 Jan 2010, 23:06, edited 5 times in total.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#2 Post by Flash »

This "warning" has shown up on several Windows computers that were connected to the Puppy Linux forum. It happened to me while I was visiting my brother. Nobody seems to know where it's coming from.

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#3 Post by DMcCunney »

Flash wrote:This "warning" has shown up on several Windows computers that were connected to the Puppy Linux forum. It happened to me while I was visiting my brother. Nobody seems to know where it's coming from.
"bandstartedsecurity.com" resolves to 85.12.46.15

nslookup for that domain reveals

Code: Select all

% Information related to '85.12.46.0 - 85.12.46.127'

inetnum:        85.12.46.0 - 85.12.46.127
netname:        NL-web10
descr:          Web10 ict services
country:        NL
admin-c:        PL2400-RIPE
tech-c:         TW1148-RIPE
status:         ASSIGNED PA
mnt-by:         EUROACCESS-MNT
source:         RIPE # Filtered

person:         PC Leurink
address:        EuroAccess Enterprises Ltd.
address:        Alsacelaan 5
address:        5627 CA Eindhoven, The Netherlands
phone:          +31 (0)20-7173209
fax-no:         +31 (0)40-2488764
e-mail:         ip-dbm@euroaccess.nl
mnt-by:         EUROACCESS-MNT
nic-hdl:        PL2400-RIPE
source:         RIPE # Filtered

person:         TA Westervoorde
address:        EuroAccess Enterprises Ltd.
address:        Alsacelaan 5
address:        5627 CA Eindhoven, The Netherlands
phone:          +31 (0)20-7173209
fax-no:         +31 (0)40-2488764
e-mail:         ip-dbm@euroaccess.nl
mnt-by:         EUROACCESS-MNT
nic-hdl:        TW1148-RIPE
source:         RIPE # Filtered

% Information related to '85.12.0.0/18AS34305'

route:          85.12.0.0/18
descr:          Euroaccess IPv4
origin:         AS34305
mnt-by:         EUROACCESS-MNT
source:         RIPE # Filtered
Email to abuse@euroacess.nl complaining about virus distribution might be in order...
______
Dennis

User avatar
nubc
Posts: 2062
Joined: Tue 23 Jan 2007, 18:41
Location: USA

#4 Post by nubc »

If you are seeing rogue antivirus popups on Puppy Forums, your [Windoze] computer may have a pre-existing virus infection. You should take serious measures to clean your computer, by which I mean, using an antivirus stronger, more effective than AVG, and a malware remover stronger than Malwarebytes Anti-Malware.
Last edited by nubc on Thu 28 Jan 2010, 18:25, edited 1 time in total.

ebiker
Posts: 7
Joined: Tue 05 Jan 2010, 03:26

pop ups

#5 Post by ebiker »

nubc wrote:If you are seeing rogue antivirus popups on Puppy Forums, your computer may have a pre-existing virus infection. You should take serious measures to clean your computer, by which I mean, using an antivirus stronger, more effective than AVG, and a malware remover stronger than Malwarebytes Anti-Malware.
I did not see what it would do on the windows computer.

It did not pop up. AVG displayed a warning and blocked it and gave me the address.

To see what it was I typed it in later on a different computer running puppy so I could see what it is and what it does.

AVG only showed a warning. It did not say what it was or what it did.

I used puppy linux power to find that out.

I consider Windows malware ! ! !

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#6 Post by Flash »

Thanks, DMCunny.

It's still not clear to me how it gets sent to someone's computer. Does it come from the Puppy Linux server or what?

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#7 Post by DMcCunney »

nubc wrote:If you are seeing rogue antivirus popups on Puppy Forums, your [Windoze] computer may have a pre-existing virus infection. You should take serious measures to clean your computer, by which I mean, using an antivirus stronger, more effective than AVG, and a malware remover stronger than Malwarebytes Anti-Malware.
You might not need to go that far. I took at look at the site using Firefox on Windows. As expected, I saw a blank screen. I use the NoScript extension that blocks all scripting activity unless the site being viewed is in a user created whitetlist.

I use Symantec Corporate A/V, and have Malwarebytes anti-malware around, but it never finds anything. I'd be surprised it if it did, since most exploits target IE and bounce off other browsers.
______
Dennis

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#8 Post by DMcCunney »

Flash wrote:Thanks, DMCunney.
It's still not clear to me how it gets sent to someone's computer. Does it come from the Puppy Linux server or what?
Unlikely. The question is where else people who see this might have visited. There are an assortment of ways to do things like hijack your browser and feed you stuff from unexpected places. Most of them exploit holes in IE and Windows, and bounce off if you run something else. I use Firefox with NoScript under Windows, and don't get bit by that sort of nonsense.

I'd be startled if the Puppy server was hacked and injecting malware.
______
Dennis

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#9 Post by Aitch »

from my sandboxie in XP/firefox

http://www.mywot.com/en/scorecard/bands ... curity.com

The actual website appears to have been taken down....
Server not found

Firefox can't find the server at www.bandstartedsecurity.com.
Absolutely Guaranteed - NOTHING to do with our beloved Puppy forum

just [ :lol: :lol: ] a dangerous exploit site

Aitch :)

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#10 Post by Flash »

Thanks, Aitch. That's a relief. :)

ebiker
Posts: 7
Joined: Tue 05 Jan 2010, 03:26

#11 Post by ebiker »

It does appear to be gone. It was very educational for me.

It was fun to play with too.

I have almost no interest in windows anymore. I am a Puppy head now ! ! !

I have not had this much fun learning about computers since my CoCo 6809 OS9 days !

The feeling of having control over my computers has returned ! :D

Thanks, Steve

User avatar
linuxsansdisquedur
Posts: 248
Joined: Tue 13 Jan 2009, 21:17
Location: South of France

#12 Post by linuxsansdisquedur »

BE CARREFUL SKYNET SLEEP IN PUPPY FORUM...............................................
ANY WINDOWS USER CONNECTED GOTTA BE TERMINATED..........................
USE PUPPY TO PRESERVE HUMANITY...................................................................
le max avec le min

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#13 Post by Aitch »

Do we need a Terminator.pet, then? :wink: :lol:

Aitch :)

User avatar
`f00
Posts: 807
Joined: Thu 06 Nov 2008, 19:13
Location: the Western Reserve

#14 Post by `f00 »

a True_Lies.sfs would be my choice (i<3levity)

Post Reply