Virus warning from www.puppylinux.com/manuals.htm
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
fighting back
@wingruntled,
That one seems too easy to counter. How about sending spammers to other spammers? Make them blacklist each other.
Anyone, if you have a favorite place to report spamming, malware, etc. please post in this thread. I've had good luck with CastleCops in the past, but want alternatives. At the moment they are overloaded and I can't even login.
(N.B.: I do not endorse political or religious opinions debated on the site. I do not use the Windows operating systems they concentrate on. I do notice results from things reported to their response teams. Also, the FBI gets an RSS feed from them. At least one attacker is very sorry he picked them as a target.)
Update: We have found a motive! Hijacked PC goldrush
That one seems too easy to counter. How about sending spammers to other spammers? Make them blacklist each other.
Anyone, if you have a favorite place to report spamming, malware, etc. please post in this thread. I've had good luck with CastleCops in the past, but want alternatives. At the moment they are overloaded and I can't even login.
(N.B.: I do not endorse political or religious opinions debated on the site. I do not use the Windows operating systems they concentrate on. I do notice results from things reported to their response teams. Also, the FBI gets an RSS feed from them. At least one attacker is very sorry he picked them as a target.)
Update: We have found a motive! Hijacked PC goldrush
@prehistoric
Them we all would be f%&ed.
The only problem with that is, if they start getting really PO'ed at each other it could turn into an underground war and I could see some of those folks taking out primary routers just to prove a point.How about sending spammers to other spammers? Make them blacklist each other.
Them we all would be f%&ed.
I hear that! Even back in my old bar days it was common knowledge that those two subjects are better left alone. This is not a bar but it's not an open Internet chatroom where anything goes either. This is a primary help forum for a small Linux distro.I do not endorse political or religious opinions debated on the site.
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
Biggest culprits: Internet Explorer and ActiveX. Most windows users still use Internet Explorer (some think IE actually is the internet...). If you put the right code on a page, you can trick IE into installing things. Other browsers and scripting languages and "plugin things" can also be tricked, but naturally IE is worst. Using a non-IE browser with no ActiveX support on a non-Windows OS makes a good number of the attacks ineffective.How? I do not understand how an infection is spread by looking at a web-page. I don't understand how using Puppy would stop something getting onto the Windows partition.
An infection can't spread onto a Windows partition just because that partition exists. It needs to somehow be put there. Since most malicious code won't even run in Linux, most infections can't actively spread on a Linux system, even if they reside in a Windows partition (which is pretty much irrelevant). They can still be passively spread though. For example, I could download an infected file while running Puppy and save it to my drive. It contains malicious code for Windows that fails to run in Puppy, so I I don't even notice it. Later though, I boot up Windows to play a game and happen to click that particular file. Just because that file was passed through Linux doesn't mean it was somehow cleansed. It's still just as malicious, and proceeds to infect my Windows system. Hopefully I didn't also forward the email that had that file to a bunch of other people while I was still in Linux, because my using Linux didn't protect those people either.
Looking at the first post in the thread, it seems that somebody was running some sort of virus protection program that noticed something fishy when they visited the manuals page. That sent up red flags, so people started checking the sources of pages to see what was going on.I don't understand why people are looking at source code on webpages (what did the page do?).
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
search engine rankings
With all the effort we've seen to manipulate search engine rankings, (as in the thread I referenced above,) we might take a look at how this connects to money. This week El Reg did a special feature on the subject. Interesting, and this is legal.
Now, how are they going to stop abuse without losing money?
Now, how are they going to stop abuse without losing money?
@BarryK
I support a demand for a refund & compensation, if you look for it there's plenty of evidence which indicates it may go further than cluster 39,
e.g.
http://www.web-hosting-top.com/web-host ... et-reviews
and here
http://www.webhostingtalk.com/showthrea ... e+problems
Aitch
I support a demand for a refund & compensation, if you look for it there's plenty of evidence which indicates it may go further than cluster 39,
e.g.
http://www.web-hosting-top.com/web-host ... et-reviews
and here
http://www.webhostingtalk.com/showthrea ... e+problems
nuff said??iframe from .cn, loading ie6/7 exploit
Aitch
security
I have an adjective for servage security: horrific!
Hosts should be able to identify where in their system the vulnerability comes from. Servage can't, and meantime puppylinux.org's pages get cracked almost daily.
Hosts should be able to identify where in their system the vulnerability comes from. Servage can't, and meantime puppylinux.org's pages get cracked almost daily.
Puppy user since Oct 2004. Want FreeOffice? [url=http://puppylinux.info/topic/freeoffice-2012-sfs]Get the sfs (English only)[/url].
This:
http://www.lavasoft.com/company/blog/
confirms that folks should put their trust in the FBI, The Met and Finland's best. Robert Bentley will have a great opportunity to attest to their efficiency.
http://www.lavasoft.com/company/blog/
confirms that folks should put their trust in the FBI, The Met and Finland's best. Robert Bentley will have a great opportunity to attest to their efficiency.
It looks as though servage/puppy are linked with a variant of this botnet
http://www.securecomputing.net.au/news/ ... pills.aspx
Aitch
http://www.securecomputing.net.au/news/ ... pills.aspx
Aitch
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
paranoia anyone?
Now, this is the best material for freestyle paranoia I've seen since the days when my telephone clicked three times every time I picked up the receiver.
CastleCops has experienced the beginning of a DDoS attack. Is it coincidence I suggested reporting web spam like we've been getting to them last Saturday? (Is this what happens when they try to shut down some of those sites referenced in the crap from our site?) Anyone see IP addresses in their list which look familiar?
CastleCops has experienced the beginning of a DDoS attack. Is it coincidence I suggested reporting web spam like we've been getting to them last Saturday? (Is this what happens when they try to shut down some of those sites referenced in the crap from our site?) Anyone see IP addresses in their list which look familiar?
@prehistoric
Castle cops not the only ones
http://www.theregister.co.uk/2008/03/19 ... os_attack/
Though unfortunately the US Govt. readiness team are focused on Microsoft/Apple/Sun/Realplayer/VMWare vulnerabilities
http://www.us-cert.gov/nav/t01/
Maybe someone should tell them that they could be looking at the symptoms rather than the source?
Still, there's light at the end of the tunnel
Now the spambots are attacking each other
http://asert.arbornetworks.com/2007/07/ ... ach-other/
Aitch
Castle cops not the only ones
http://www.theregister.co.uk/2008/03/19 ... os_attack/
Though unfortunately the US Govt. readiness team are focused on Microsoft/Apple/Sun/Realplayer/VMWare vulnerabilities
http://www.us-cert.gov/nav/t01/
Maybe someone should tell them that they could be looking at the symptoms rather than the source?
Still, there's light at the end of the tunnel
Now the spambots are attacking each other
http://asert.arbornetworks.com/2007/07/ ... ach-other/
Aitch
Hey look guys
I'm not the FBI, but hey, this crap's real easy to find
http://www.milw0rm.com/
http://www.metasploit.com/
http://hi.baidu.com/mytips/blog/item/7e ... df24b.html
http://wifi.airdump.net/
http://heapoverflow.com/f0rums/public/4 ... ility.html
took me all of 15 minutes!!!
No use to me though
Aitch
I'm not the FBI, but hey, this crap's real easy to find
http://www.milw0rm.com/
http://www.metasploit.com/
http://hi.baidu.com/mytips/blog/item/7e ... df24b.html
http://wifi.airdump.net/
http://heapoverflow.com/f0rums/public/4 ... ility.html
took me all of 15 minutes!!!
No use to me though
Aitch
trojans etc...
When you can get onto the Castlecops forums, lookup the old BlueFrog stuff. When BlueFrog tried to shut down the spammers they got nailed so hard they had to shut down instead. Spamcops and castlecops get hit all the time with all sorts of attacks, you may want to post there and get some of their savvy security masters input on how to build a stronger website. They seem to specialize in security and anti-spam.
My last severe infection was while using f-prot several years ago. That was when I found castlecops and then figured out how to find/repair what was wrong via their website. 3 computer repair places here couldn't find the issue, said my computer had no problems. I found 3 rootkits and hundreds of trojans/worms/viruses and this was back when nobody even had heard of rootkits. The f-prot scanner didn't see any of them, but neither did several other av scanners. f-prot changed their name since then but I still don't use them anymore. I foolishly thought that computer repair shops would have the latest scanning/repair tools, ha! they're mostly just people like us with a bit more practice and a room full of parts, doesn't make them extra-smart or magical.
The best way to keep bad stuff out is too scan before it can get to your computer. Jump-line does this for their web-hosting and Postini I think does this as a service for isp's and possibly for certain types of websites.
My last severe infection was while using f-prot several years ago. That was when I found castlecops and then figured out how to find/repair what was wrong via their website. 3 computer repair places here couldn't find the issue, said my computer had no problems. I found 3 rootkits and hundreds of trojans/worms/viruses and this was back when nobody even had heard of rootkits. The f-prot scanner didn't see any of them, but neither did several other av scanners. f-prot changed their name since then but I still don't use them anymore. I foolishly thought that computer repair shops would have the latest scanning/repair tools, ha! they're mostly just people like us with a bit more practice and a room full of parts, doesn't make them extra-smart or magical.
The best way to keep bad stuff out is too scan before it can get to your computer. Jump-line does this for their web-hosting and Postini I think does this as a service for isp's and possibly for certain types of websites.
trojans etc...
When you can get onto the Castlecops forums, lookup the old BlueFrog stuff. When BlueFrog tried to shut down the spammers they got nailed so hard they had to shut down instead. Spamcops and castlecops get hit all the time with all sorts of attacks, you may want to post there and get some of their savvy security masters input on how to build a stronger website. They seem to specialize in security and anti-spam.
My last severe infection was while using f-prot several years ago. That was when I found castlecops and then figured out how to find/repair what was wrong via their website. 3 computer repair places here couldn't find the issue, said my computer had no problems. I found 3 rootkits and hundreds of trojans/worms/viruses and this was back when nobody even had heard of rootkits. The f-prot scanner didn't see any of them, but neither did several other av scanners. f-prot changed their name since then but I still don't use them anymore. I foolishly thought that computer repair shops would have the latest scanning/repair tools, ha! they're mostly just people like us with a bit more practice and a room full of parts, doesn't make them extra-smart or magical.
The best way to keep bad stuff out is too scan before it can get to your computer. Jump-line does this for their web-hosting and Postini I think does this as a service for isp's and possibly for certain types of websites. There are also several types of gateways that can be built and installed inexpensively for personal use. Check out Untangle.
My last severe infection was while using f-prot several years ago. That was when I found castlecops and then figured out how to find/repair what was wrong via their website. 3 computer repair places here couldn't find the issue, said my computer had no problems. I found 3 rootkits and hundreds of trojans/worms/viruses and this was back when nobody even had heard of rootkits. The f-prot scanner didn't see any of them, but neither did several other av scanners. f-prot changed their name since then but I still don't use them anymore. I foolishly thought that computer repair shops would have the latest scanning/repair tools, ha! they're mostly just people like us with a bit more practice and a room full of parts, doesn't make them extra-smart or magical.
The best way to keep bad stuff out is too scan before it can get to your computer. Jump-line does this for their web-hosting and Postini I think does this as a service for isp's and possibly for certain types of websites. There are also several types of gateways that can be built and installed inexpensively for personal use. Check out Untangle.
Ha, Yellowdog
You must have a double!
Aitch
You must have a double!
Where's here?3 computer repair places here couldn't find the issue
Aitch
- Attachments
-
- cheers.gif
- (4.75 KiB) Downloaded 730 times
virus's
Southwest coast, Oregon. (the loggers on the history channel, that really is what it looks like around here) I knew something wasn't right because the modem indicators were busier than normal and system seemed slower. I couldn't find the problem, just had a hunch. I took it to one shop, he scanned it, couldn't find anything wrong. I bought a couple av programs there including norton, tried them, nothing found. Took it to another place, they ran their scans and reported nothing found and then I took it to a third place different town, still nothing. By this time I was thinking maybe I'm just imagining there's something wrong. Brought it home, modem seemed to be even busier. Discovered castlecops, read about rootkits on their site, downloaded the necessary tools (hjt and a boot version of housecall) and then discovered over 400 infections, happily hiding from the f-prot and other av scanners, rootkits included. This machine had never been online without an av scanner with latest updates. f-prot had been the av of choice for about three years till then. While all of this had been going on, I made a mirror of the drive for backup. After finding all the problems I then started looking for an av scanner that would find them, now that I knew what the problem was. At the time the only scanner I found that seemed to actually work was pccillin, it was the one I hadn't tried yet and it too was recommended by the castlecops! It's been about 3 years or more, haven't had any known infections since. I'm also using routers and untangle as I don't want to have to go through the above again.
@Yellowdog
Sounds similar to my experiences, I'm a long time w98 user, And had similar issues with my box on several occasions
I managed to rescue 2 or 3 crashes, but was accruing a vast stockpile of rescued partfiles as well as saved recovered files that were filed in a folder labelled 'safe', my little joke, as they were farthest from it, but I couldn't find out what was causing it
Eventually I was persuaded to 'graduate' to 2K, though I'd been exploring ShellextensionCity & had tried several shell mods including 1/2 98 & 1/2 ME as a system, still trouble
I was on a wifi link as well, to an AP which I had no control over
I'd tried several linuxes, including debian, red hat, fedora, then a ray of hope, I found Knoppix
It nearly worked, everything except wifi
then after about a year of struggle this little puppy came and made friends with me & I've never looked back
Never did I solve all the rootkit/virus/security update/ IE problems, [still have some old hard drives with winviruses on!!] though I'd ended up with Kaspersky AV which is very good, it just uses 1/2 your PC to keep the gremlins in a box
I'm retired now, so computing is my only way of staying [almost] in touch with technology, and I have loads of old PCs networked on wired broadband now, as I've just moved into a new playroom/house here in Chatham, UK, though I must change my profile.......
Aitch
PS: Do they still wear orange in Oregon?
Sounds similar to my experiences, I'm a long time w98 user, And had similar issues with my box on several occasions
I managed to rescue 2 or 3 crashes, but was accruing a vast stockpile of rescued partfiles as well as saved recovered files that were filed in a folder labelled 'safe', my little joke, as they were farthest from it, but I couldn't find out what was causing it
Eventually I was persuaded to 'graduate' to 2K, though I'd been exploring ShellextensionCity & had tried several shell mods including 1/2 98 & 1/2 ME as a system, still trouble
I was on a wifi link as well, to an AP which I had no control over
I'd tried several linuxes, including debian, red hat, fedora, then a ray of hope, I found Knoppix
It nearly worked, everything except wifi
then after about a year of struggle this little puppy came and made friends with me & I've never looked back
Never did I solve all the rootkit/virus/security update/ IE problems, [still have some old hard drives with winviruses on!!] though I'd ended up with Kaspersky AV which is very good, it just uses 1/2 your PC to keep the gremlins in a box
I'm retired now, so computing is my only way of staying [almost] in touch with technology, and I have loads of old PCs networked on wired broadband now, as I've just moved into a new playroom/house here in Chatham, UK, though I must change my profile.......
Aitch
PS: Do they still wear orange in Oregon?
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
virus scanners, etc.
Hi yellowdog,
Your experience with repair shops and virus scanners is neither unusual nor extreme. The worst possibility is getting malware installed while looking for solutions. One cute feature of Dancho Danchev's blog is his regular test of up to date virus scanners ability to spot recent malware. Any rating over 50% is great.
Your comment about other sites being hit is on target, another site I have recommended is off the 'net at present.
Added: could title this addition "the Lord is with us". Look who is starting offensive operations in cyberwarfare. Feeling more secure?
Your experience with repair shops and virus scanners is neither unusual nor extreme. The worst possibility is getting malware installed while looking for solutions. One cute feature of Dancho Danchev's blog is his regular test of up to date virus scanners ability to spot recent malware. Any rating over 50% is great.
Your comment about other sites being hit is on target, another site I have recommended is off the 'net at present.
Added: could title this addition "the Lord is with us". Look who is starting offensive operations in cyberwarfare. Feeling more secure?
@prehistoric
You may have missed the chat about the compromising of puppy/servage sites, but your man Dancho Danchev has got the very exploit that's been identified - Iframes
http://ddanchev.blogspot.com/2008/03/em ... rough.html
Perhaps worth someone dropping him a line? To see what can be done?
As to your final comment
Aitch
You may have missed the chat about the compromising of puppy/servage sites, but your man Dancho Danchev has got the very exploit that's been identified - Iframes
http://ddanchev.blogspot.com/2008/03/em ... rough.html
Perhaps worth someone dropping him a line? To see what can be done?
As to your final comment
Oh yeh, TonszzzzzzzzzzzzzzzzFeeling more secure?
Aitch