Author |
Message |
alienjeff

Joined: 08 Jul 2006 Posts: 2291 Location: Winsted, CT - USA
|
Posted: Sat 01 Mar 2008, 07:49 Post subject:
|
|
From http://malwaredomains.com/?tag=fake-codecs
DNS Blocklist Update 12/29
Posted on December 29th, 2007 in New Domains, Storm Worm, fake codecs by dglosser
Added: storm worm domains, rogue antivirus, fake codecs
e-learningcenter.ru flashupdate.net
googl.name health-hack.com
home-xxx.com jkh-novgorod.ru
juhost.ru l0calh0st.jino-net.ru
natural-amber.com newyearwithlove.com
orentraff.cn qarchive.net
s0s1.net taktomi.ru
traffurl.ru trffc.org
vip-ddos.org x5x.ru
xll-g.com milk0soft.com
xmaturelife.com
updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND Server format
domains.txt file is the complete list along with original reference
_________________ hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker
|
Back to top
|
|
 |
Caneri
Joined: 04 Sep 2007 Posts: 1569 Location: Canada
|
Posted: Sat 01 Mar 2008, 09:55 Post subject:
|
|
Hey thanks AJ,
I've been getting a huge spike in traffic out of .ru
It says it's from puppyrus but I will definitely look much closer at this.
Eric
_________________ Be not afraid to grow slowly, only be afraid of standing still.
Chinese Proverb
|
Back to top
|
|
 |
wingruntled
Joined: 20 Feb 2007 Posts: 287 Location: Great Lakes
|
Posted: Sat 01 Mar 2008, 12:15 Post subject:
|
|
Where is Barry?
The manual page is still infected.
|
Back to top
|
|
 |
alienjeff

Joined: 08 Jul 2006 Posts: 2291 Location: Winsted, CT - USA
|
Posted: Sat 01 Mar 2008, 13:54 Post subject:
|
|
wingruntled wrote: | Where is Barry? |
Where's the emoticon for "bites down on tongue?"
_________________ hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker
|
Back to top
|
|
 |
purple_ghost
Joined: 09 Nov 2005 Posts: 417
|
Posted: Sat 01 Mar 2008, 14:20 Post subject:
Question is: |
|
For the ordinary users. Have we been left with a Trojan in Puppy Linux iitself? Did I download a working Trojan with the manual? Should I rebuild by pup_save file?
_________________ Google Search of Forum: http://wellminded.com/puppy/pupsearch.html
|
Back to top
|
|
 |
Caneri
Joined: 04 Sep 2007 Posts: 1569 Location: Canada
|
Posted: Sat 01 Mar 2008, 14:30 Post subject:
|
|
I don't know who runs puppyrus but they should be informed also about this.
Eric
_________________ Be not afraid to grow slowly, only be afraid of standing still.
Chinese Proverb
|
Back to top
|
|
 |
wingruntled
Joined: 20 Feb 2007 Posts: 287 Location: Great Lakes
|
Posted: Sat 01 Mar 2008, 17:35 Post subject:
Re: Question is: |
|
purple_ghost wrote: | For the ordinary users. Have we been left with a Trojan in Puppy Linux iitself? Did I download a working Trojan with the manual? Should I rebuild by pup_save file? |
There shouldn't be any problem with your pup_save.
This is yet another windows base trojan.
http://www.bluetack.co.uk/forums/lofiversion/index.php/t18052.html
|
Back to top
|
|
 |
alienjeff

Joined: 08 Jul 2006 Posts: 2291 Location: Winsted, CT - USA
|
Posted: Sun 02 Mar 2008, 11:30 Post subject:
Re: Stupid Question |
|
It has been just shy of 22-hours since biting my tongue regarding this matter. Though The Tongue is now unleashed, I'll measure my words - all in the interest of deliberately attempting to be constructive.
Any word back from Barry? It's Sunday morning, east coast USA time, and several pages on puppylinux.com still carry and propagate this IFRAME exploit.
I've just sent a PM to both LobsterEd and Barry regarding this, and a backup email to LobsterEd.
FYI, Barry's last post on this forum was date/time stamped Mon Feb 25, 2008 9:34 pm (east coast USA), though I seem to remember seeing him listed on-line since then. LobsterEd was logged on this forum when I was commenting here.
_________________ hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker
|
Back to top
|
|
 |
wingruntled
Joined: 20 Feb 2007 Posts: 287 Location: Great Lakes
|
Posted: Sun 02 Mar 2008, 14:06 Post subject:
|
|
Quote: | The Tongue is now unleashed, |
Well that wasn't so bad. I was expecting my LCD to turn blazing red. LOL
Thanks for that list of domains. Looks like I'm going to do some more editing on my windows hosts file just to stay a little bit safer.
|
Back to top
|
|
 |
alienjeff

Joined: 08 Jul 2006 Posts: 2291 Location: Winsted, CT - USA
|
Posted: Mon 03 Mar 2008, 15:55 Post subject:
|
|
To date, this is the only official public response I've been able find: Quote: | "Notice: this static webpage is temporarily replacing my WordPress blog until I can sort out a security hole in my site (hosted by servage.net)." |
And now, this just in from the official Puppy Linux news desk:
_________________ hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker
|
Back to top
|
|
 |
prehistoric

Joined: 23 Oct 2007 Posts: 1726
|
Posted: Mon 03 Mar 2008, 18:07 Post subject:
new vision |
|
With apologies to Lobster.
Description |
Ask AJ where he got it |
Filesize |
24.38 KB |
Viewed |
1367 Time(s) |

|
|
Back to top
|
|
 |
Wolf Pup
Joined: 27 Apr 2006 Posts: 637
|
Posted: Mon 03 Mar 2008, 18:38 Post subject:
|
|
AJ, where those once real monkeys?
BTW, until Barry comes back and fixes the web page, anyone using Internet explorer should disable the IFRAME by:
Starting Internet Explorer then go to -
Tools - Internet Options - Security Tab - Click "Custom Level"
Scroll down till you see:
Launching programs and files in a IFrame = Disable
Then press OK to all, and restart. That IFRAME exploit should stop redirecting after this.
_________________
Visit The Repository - Helpful and hard-to-find treats for Puppy 3.
Click Here for Puppy Support Chat, + Helpful Links.
|
Back to top
|
|
 |
trapster

Joined: 28 Nov 2005 Posts: 2106 Location: Maine, USA
|
Posted: Mon 03 Mar 2008, 19:28 Post subject:
|
|
Internet Explorer?????
Wassat?
_________________ trapster
Maine, USA
Asus eeepc 1005HA PU1X-BK
Frugal install: Slacko
Currently using full install: DebianDog
|
Back to top
|
|
 |
wingruntled
Joined: 20 Feb 2007 Posts: 287 Location: Great Lakes
|
Posted: Mon 03 Mar 2008, 20:19 Post subject:
|
|
Wolf Pup
Barry was here in the forums yesterday. The pages on his domain were fixed directly after. I imagine he had quite a few PM's about the problem. He took his blog down and put up a temporary explaining what part of the problem was.
|
Back to top
|
|
 |
alienjeff

Joined: 08 Jul 2006 Posts: 2291 Location: Winsted, CT - USA
|
Posted: Mon 03 Mar 2008, 20:41 Post subject:
|
|
Wolf Pup wrote: | AJ, where those once real monkeys? |
Assuming you meant "were" and not "where," no. Those were once real giraffe. Amazing transformation, wouldn't you say?
Thanks for posting that IE tip. That should help keep the IFRAME wolves at bay for those hapless souls still shackled by the Curse of Redmond.
_________________ hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker
|
Back to top
|
|
 |
|