Virus warning from www.puppylinux.com/manuals.htm

Puppy related raves and general interest that doesn't fit anywhere else
Message
Author
User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

fighting back

#121 Post by prehistoric »

@wingruntled,

That one seems too easy to counter. How about sending spammers to other spammers? Make them blacklist each other.

Anyone, if you have a favorite place to report spamming, malware, etc. please post in this thread. I've had good luck with CastleCops in the past, but want alternatives. At the moment they are overloaded and I can't even login.

(N.B.: I do not endorse political or religious opinions debated on the site. I do not use the Windows operating systems they concentrate on. I do notice results from things reported to their response teams. Also, the FBI gets an RSS feed from them. At least one attacker is very sorry he picked them as a target.)

Update: We have found a motive! Hijacked PC goldrush

wingruntled

#122 Post by wingruntled »

@prehistoric
How about sending spammers to other spammers? Make them blacklist each other.
The only problem with that is, if they start getting really PO'ed at each other it could turn into an underground war and I could see some of those folks taking out primary routers just to prove a point.
Them we all would be f%&ed.
I do not endorse political or religious opinions debated on the site.
I hear that! Even back in my old bar days it was common knowledge that those two subjects are better left alone. This is not a bar but it's not an open Internet chatroom where anything goes either. This is a primary help forum for a small Linux distro.

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#123 Post by Pizzasgood »

How? I do not understand how an infection is spread by looking at a web-page. I don't understand how using Puppy would stop something getting onto the Windows partition.
Biggest culprits: Internet Explorer and ActiveX. Most windows users still use Internet Explorer (some think IE actually is the internet...). If you put the right code on a page, you can trick IE into installing things. Other browsers and scripting languages and "plugin things" can also be tricked, but naturally IE is worst. Using a non-IE browser with no ActiveX support on a non-Windows OS makes a good number of the attacks ineffective.

An infection can't spread onto a Windows partition just because that partition exists. It needs to somehow be put there. Since most malicious code won't even run in Linux, most infections can't actively spread on a Linux system, even if they reside in a Windows partition (which is pretty much irrelevant). They can still be passively spread though. For example, I could download an infected file while running Puppy and save it to my drive. It contains malicious code for Windows that fails to run in Puppy, so I I don't even notice it. Later though, I boot up Windows to play a game and happen to click that particular file. Just because that file was passed through Linux doesn't mean it was somehow cleansed. It's still just as malicious, and proceeds to infect my Windows system. Hopefully I didn't also forward the email that had that file to a bunch of other people while I was still in Linux, because my using Linux didn't protect those people either.
I don't understand why people are looking at source code on webpages (what did the page do?).
Looking at the first post in the thread, it seems that somebody was running some sort of virus protection program that noticed something fishy when they visited the manuals page. That sent up red flags, so people started checking the sources of pages to see what was going on.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

search engine rankings

#124 Post by prehistoric »

With all the effort we've seen to manipulate search engine rankings, (as in the thread I referenced above,) we might take a look at how this connects to money. This week El Reg did a special feature on the subject. Interesting, and this is legal.

Now, how are they going to stop abuse without losing money?

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#125 Post by Aitch »

@BarryK

I support a demand for a refund & compensation, if you look for it there's plenty of evidence which indicates it may go further than cluster 39,
e.g.

http://www.web-hosting-top.com/web-host ... et-reviews

and here

http://www.webhostingtalk.com/showthrea ... e+problems
iframe from .cn, loading ie6/7 exploit
nuff said??

Aitch

raffy
Posts: 4798
Joined: Wed 25 May 2005, 12:20
Location: Manila

security

#126 Post by raffy »

I have an adjective for servage security: horrific!

Hosts should be able to identify where in their system the vulnerability comes from. Servage can't, and meantime puppylinux.org's pages get cracked almost daily.
Puppy user since Oct 2004. Want FreeOffice? [url=http://puppylinux.info/topic/freeoffice-2012-sfs]Get the sfs (English only)[/url].

Sage
Posts: 5536
Joined: Tue 04 Oct 2005, 08:34
Location: GB

#127 Post by Sage »

This:
http://www.lavasoft.com/company/blog/
confirms that folks should put their trust in the FBI, The Met and Finland's best. Robert Bentley will have a great opportunity to attest to their efficiency.

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#128 Post by Aitch »

It looks as though servage/puppy are linked with a variant of this botnet

http://www.securecomputing.net.au/news/ ... pills.aspx

Aitch

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

paranoia anyone?

#129 Post by prehistoric »

Now, this is the best material for freestyle paranoia I've seen since the days when my telephone clicked three times every time I picked up the receiver.

CastleCops has experienced the beginning of a DDoS attack. Is it coincidence I suggested reporting web spam like we've been getting to them last Saturday? (Is this what happens when they try to shut down some of those sites referenced in the crap from our site?) Anyone see IP addresses in their list which look familiar?

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#130 Post by Aitch »

@prehistoric

Castle cops not the only ones

http://www.theregister.co.uk/2008/03/19 ... os_attack/

Though unfortunately the US Govt. readiness team are focused on Microsoft/Apple/Sun/Realplayer/VMWare vulnerabilities

http://www.us-cert.gov/nav/t01/

Maybe someone should tell them that they could be looking at the symptoms rather than the source?

Still, there's light at the end of the tunnel

Now the spambots are attacking each other

http://asert.arbornetworks.com/2007/07/ ... ach-other/

:lol:

Aitch

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#131 Post by Aitch »

Hey look guys

I'm not the FBI, but hey, this crap's real easy to find

http://www.milw0rm.com/

http://www.metasploit.com/

http://hi.baidu.com/mytips/blog/item/7e ... df24b.html

http://wifi.airdump.net/

http://heapoverflow.com/f0rums/public/4 ... ility.html

took me all of 15 minutes!!!

No use to me though

Aitch

User avatar
yellowdog
Posts: 9
Joined: Wed 26 Mar 2008, 02:53

trojans etc...

#132 Post by yellowdog »

When you can get onto the Castlecops forums, lookup the old BlueFrog stuff. When BlueFrog tried to shut down the spammers they got nailed so hard they had to shut down instead. Spamcops and castlecops get hit all the time with all sorts of attacks, you may want to post there and get some of their savvy security masters input on how to build a stronger website. They seem to specialize in security and anti-spam.
My last severe infection was while using f-prot several years ago. That was when I found castlecops and then figured out how to find/repair what was wrong via their website. 3 computer repair places here couldn't find the issue, said my computer had no problems. I found 3 rootkits and hundreds of trojans/worms/viruses and this was back when nobody even had heard of rootkits. The f-prot scanner didn't see any of them, but neither did several other av scanners. f-prot changed their name since then but I still don't use them anymore. I foolishly thought that computer repair shops would have the latest scanning/repair tools, ha! they're mostly just people like us with a bit more practice and a room full of parts, doesn't make them extra-smart or magical.

The best way to keep bad stuff out is too scan before it can get to your computer. Jump-line does this for their web-hosting and Postini I think does this as a service for isp's and possibly for certain types of websites.

User avatar
yellowdog
Posts: 9
Joined: Wed 26 Mar 2008, 02:53

trojans etc...

#133 Post by yellowdog »

When you can get onto the Castlecops forums, lookup the old BlueFrog stuff. When BlueFrog tried to shut down the spammers they got nailed so hard they had to shut down instead. Spamcops and castlecops get hit all the time with all sorts of attacks, you may want to post there and get some of their savvy security masters input on how to build a stronger website. They seem to specialize in security and anti-spam.
My last severe infection was while using f-prot several years ago. That was when I found castlecops and then figured out how to find/repair what was wrong via their website. 3 computer repair places here couldn't find the issue, said my computer had no problems. I found 3 rootkits and hundreds of trojans/worms/viruses and this was back when nobody even had heard of rootkits. The f-prot scanner didn't see any of them, but neither did several other av scanners. f-prot changed their name since then but I still don't use them anymore. I foolishly thought that computer repair shops would have the latest scanning/repair tools, ha! they're mostly just people like us with a bit more practice and a room full of parts, doesn't make them extra-smart or magical.

The best way to keep bad stuff out is too scan before it can get to your computer. Jump-line does this for their web-hosting and Postini I think does this as a service for isp's and possibly for certain types of websites. There are also several types of gateways that can be built and installed inexpensively for personal use. Check out Untangle.

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#134 Post by Aitch »

Ha, Yellowdog

You must have a double! :lol:






3 computer repair places here couldn't find the issue
Where's here?

Aitch
Attachments
cheers.gif
(4.75 KiB) Downloaded 730 times

User avatar
yellowdog
Posts: 9
Joined: Wed 26 Mar 2008, 02:53

virus's

#135 Post by yellowdog »

Southwest coast, Oregon. (the loggers on the history channel, that really is what it looks like around here) I knew something wasn't right because the modem indicators were busier than normal and system seemed slower. I couldn't find the problem, just had a hunch. I took it to one shop, he scanned it, couldn't find anything wrong. I bought a couple av programs there including norton, tried them, nothing found. Took it to another place, they ran their scans and reported nothing found and then I took it to a third place different town, still nothing. By this time I was thinking maybe I'm just imagining there's something wrong. Brought it home, modem seemed to be even busier. Discovered castlecops, read about rootkits on their site, downloaded the necessary tools (hjt and a boot version of housecall) and then discovered over 400 infections, happily hiding from the f-prot and other av scanners, rootkits included. This machine had never been online without an av scanner with latest updates. f-prot had been the av of choice for about three years till then. While all of this had been going on, I made a mirror of the drive for backup. After finding all the problems I then started looking for an av scanner that would find them, now that I knew what the problem was. At the time the only scanner I found that seemed to actually work was pccillin, it was the one I hadn't tried yet and it too was recommended by the castlecops! It's been about 3 years or more, haven't had any known infections since. I'm also using routers and untangle as I don't want to have to go through the above again.

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#136 Post by Aitch »

@Yellowdog

Sounds similar to my experiences, I'm a long time w98 user, And had similar issues with my box on several occasions
I managed to rescue 2 or 3 crashes, but was accruing a vast stockpile of rescued partfiles as well as saved recovered files that were filed in a folder labelled 'safe', my little joke, as they were farthest from it, but I couldn't find out what was causing it
Eventually I was persuaded to 'graduate' to 2K, though I'd been exploring ShellextensionCity & had tried several shell mods including 1/2 98 & 1/2 ME as a system, still trouble
I was on a wifi link as well, to an AP which I had no control over
I'd tried several linuxes, including debian, red hat, fedora, then a ray of hope, I found Knoppix
It nearly worked, everything except wifi
then after about a year of struggle this little puppy came and made friends with me & I've never looked back
Never did I solve all the rootkit/virus/security update/ IE problems, [still have some old hard drives with winviruses on!!] though I'd ended up with Kaspersky AV which is very good, it just uses 1/2 your PC to keep the gremlins in a box :lol:
I'm retired now, so computing is my only way of staying [almost] in touch with technology, and I have loads of old PCs networked on wired broadband now, as I've just moved into a new playroom/house here in Chatham, UK, though I must change my profile.......

Aitch

PS: Do they still wear orange in Oregon? :lol:

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

virus scanners, etc.

#137 Post by prehistoric »

Hi yellowdog,

Your experience with repair shops and virus scanners is neither unusual nor extreme. The worst possibility is getting malware installed while looking for solutions. One cute feature of Dancho Danchev's blog is his regular test of up to date virus scanners ability to spot recent malware. Any rating over 50% is great.

Your comment about other sites being hit is on target, another site I have recommended is off the 'net at present.

Added: could title this addition "the Lord is with us". Look who is starting offensive operations in cyberwarfare. Feeling more secure?

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#138 Post by Aitch »

@prehistoric

You may have missed the chat about the compromising of puppy/servage sites, but your man Dancho Danchev has got the very exploit that's been identified - Iframes

http://ddanchev.blogspot.com/2008/03/em ... rough.html

Perhaps worth someone dropping him a line? To see what can be done?

As to your final comment
Feeling more secure?
Oh yeh, Tonszzzzzzzzzzzzzzzz

Aitch :)

Post Reply