Virus warning from www.puppylinux.com/manuals.htm
From http://malwaredomains.com/?tag=fake-codecs
DNS Blocklist Update 12/29
Posted on December 29th, 2007 in New Domains, Storm Worm, fake codecs by dglosser
Added: storm worm domains, rogue antivirus, fake codecs
e-learningcenter.ru flashupdate.net
googl.name health-hack.com
home-xxx.com jkh-novgorod.ru
juhost.ru l0calh0st.jino-net.ru
natural-amber.com newyearwithlove.com
orentraff.cn qarchive.net
s0s1.net taktomi.ru
traffurl.ru trffc.org
vip-ddos.org x5x.ru
xll-g.com milk0soft.com
xmaturelife.com
updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND Server format
domains.txt file is the complete list along with original reference
DNS Blocklist Update 12/29
Posted on December 29th, 2007 in New Domains, Storm Worm, fake codecs by dglosser
Added: storm worm domains, rogue antivirus, fake codecs
e-learningcenter.ru flashupdate.net
googl.name health-hack.com
home-xxx.com jkh-novgorod.ru
juhost.ru l0calh0st.jino-net.ru
natural-amber.com newyearwithlove.com
orentraff.cn qarchive.net
s0s1.net taktomi.ru
traffurl.ru trffc.org
vip-ddos.org x5x.ru
xll-g.com milk0soft.com
xmaturelife.com
updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND Server format
domains.txt file is the complete list along with original reference
[size=84][i]hangout:[/i] ##b0rked on irc.freenode.net
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
Where's the emoticon for "bites down on tongue?"wingruntled wrote:Where is Barry?
[size=84][i]hangout:[/i] ##b0rked on irc.freenode.net
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
-
- Posts: 416
- Joined: Thu 10 Nov 2005, 02:18
Question is:
For the ordinary users. Have we been left with a Trojan in Puppy Linux iitself? Did I download a working Trojan with the manual? Should I rebuild by pup_save file?
Google Search of Forum: http://wellminded.com/puppy/pupsearch.html
Re: Question is:
There shouldn't be any problem with your pup_save.purple_ghost wrote:For the ordinary users. Have we been left with a Trojan in Puppy Linux iitself? Did I download a working Trojan with the manual? Should I rebuild by pup_save file?
This is yet another windows base trojan.
http://www.bluetack.co.uk/forums/lofive ... 18052.html
Re: Stupid Question
It has been just shy of 22-hours since biting my tongue regarding this matter. Though The Tongue is now unleashed, I'll measure my words - all in the interest of deliberately attempting to be constructive.
Any word back from Barry? It's Sunday morning, east coast USA time, and several pages on puppylinux.com still carry and propagate this IFRAME exploit.
I've just sent a PM to both LobsterEd and Barry regarding this, and a backup email to LobsterEd.
FYI, Barry's last post on this forum was date/time stamped Mon Feb 25, 2008 9:34 pm (east coast USA), though I seem to remember seeing him listed on-line since then. LobsterEd was logged on this forum when I was commenting here.
Any word back from Barry? It's Sunday morning, east coast USA time, and several pages on puppylinux.com still carry and propagate this IFRAME exploit.
I've just sent a PM to both LobsterEd and Barry regarding this, and a backup email to LobsterEd.
FYI, Barry's last post on this forum was date/time stamped Mon Feb 25, 2008 9:34 pm (east coast USA), though I seem to remember seeing him listed on-line since then. LobsterEd was logged on this forum when I was commenting here.
[size=84][i]hangout:[/i] ##b0rked on irc.freenode.net
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
To date, this is the only official public response I've been able find:
And now, this just in from the official Puppy Linux news desk:"Notice: this static webpage is temporarily replacing my WordPress blog until I can sort out a security hole in my site (hosted by servage.net)."
[size=84][i]hangout:[/i] ##b0rked on irc.freenode.net
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
new vision
With apologies to Lobster.
- Attachments
-
- omg.jpg
- Ask AJ where he got it
- (24.38 KiB) Downloaded 1385 times
AJ, where those once real monkeys?
BTW, until Barry comes back and fixes the web page, anyone using Internet explorer should disable the IFRAME by:
Starting Internet Explorer then go to -
Tools - Internet Options - Security Tab - Click "Custom Level"
Scroll down till you see:
Launching programs and files in a IFrame = Disable
Then press OK to all, and restart. That IFRAME exploit should stop redirecting after this.
BTW, until Barry comes back and fixes the web page, anyone using Internet explorer should disable the IFRAME by:
Starting Internet Explorer then go to -
Tools - Internet Options - Security Tab - Click "Custom Level"
Scroll down till you see:
Launching programs and files in a IFrame = Disable
Then press OK to all, and restart. That IFRAME exploit should stop redirecting after this.
[img]http://img230.imageshack.us/img230/8595/ubd6467dp2.png[/img]
[url=http://www.tinyurl.com/54tu74]Visit The Repository[/url] - Helpful and hard-to-find treats for Puppy 3.
[url=http://www.tinyurl.com/c5a68f]Click Here for Puppy Support Chat, + Helpful Links.[/url]
[url=http://www.tinyurl.com/54tu74]Visit The Repository[/url] - Helpful and hard-to-find treats for Puppy 3.
[url=http://www.tinyurl.com/c5a68f]Click Here for Puppy Support Chat, + Helpful Links.[/url]
Assuming you meant "were" and not "where," no. Those were once real giraffe. Amazing transformation, wouldn't you say?Wolf Pup wrote:AJ, where those once real monkeys?
Thanks for posting that IE tip. That should help keep the IFRAME wolves at bay for those hapless souls still shackled by the Curse of Redmond.
[size=84][i]hangout:[/i] ##b0rked on irc.freenode.net
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
- BarryK
- Puppy Master
- Posts: 9392
- Joined: Mon 09 May 2005, 09:23
- Location: Perth, Western Australia
- Contact:
I was forced to remove my WordPress blog to fnd out if that is the security weakness. Now it's a waiting game, to see if my pages get compromised again.
If they do, then Servage is to blame, as all I have left are static web pages (with 644 permissions).
I complained to Servage a couple of months ago, and they told me it's my fault, my blog script or file permissions. Their Control Panel has a history thing which is supposed to show who has logged in and they told me to look at that to see if anyone else has logged in -- except that feature of the Control Panel isn't working. Anyway, I changed the password. I'm not looking forward to going back to Servage customer support -- their responses are close to brain dead.
If they do, then Servage is to blame, as all I have left are static web pages (with 644 permissions).
I complained to Servage a couple of months ago, and they told me it's my fault, my blog script or file permissions. Their Control Panel has a history thing which is supposed to show who has logged in and they told me to look at that to see if anyone else has logged in -- except that feature of the Control Panel isn't working. Anyway, I changed the password. I'm not looking forward to going back to Servage customer support -- their responses are close to brain dead.
[url]https://bkhome.org/news/[/url]
Can one of you knowledgeable types confirm that that exploit is only a problem with IE? (I've visited the site several times using Firefox, but had nothing downloaded/warned about)That should help keep the IFRAME wolves at bay for those hapless souls still shackled by the Curse of Redmond.
Do you think there could be stuff in the ISOs? Can the "baddies" put things in the ibiblio downloads, or can they only mess with web pages?Makes one wonder what might be buried in the ISOs.
this implies there is a brain...BarryK wrote: their responses are close to brain dead.
Simply look at the modification date.oblivious wrote:Do you think there could be stuff in the ISOs? Can the "baddies" put things in the ibiblio downloads, or can they only mess with web pages?
My personal experience is, that such attacs are automated scripts, that do not infect a particular domain.
Instead, they search the web for typical bugs in PHP or applications (like wordpress). They infect whatever they find, but do not target on "Linux-sites" or other special topics.
They then install some code hidden in iframes or a "this site was hacked by ultracool ME".
Modifying isos or packages is not to be feared.
This requires advanced knowledge and "manual" operations (like extracting and rebuilding and uploading again).
You than could see that by the change in the date of the file.
GENERAL HINT
If you must use windows to surf (e.g. at work), DO use firefox or other browsers!
Even very trusted sites were infected in the last weeks (famous newspapers and such) by using the advertisment banners (hosted by other companies) as a way to infect the sites.
Most exploits still target on the Internet Explorer, that makes it easy to damage the whole system via ActiveX.
Use a browser, that is targeted less often, and does not support ActiveX instead.
Someone who is infected, has a high portion of responsibility on his own, because he does not even care about simplest protection.
Windows is know to be dangerous in this regard since years, even users without deeper knowlede in computers should know that.
Mark
[url=http://murga-linux.com/puppy/viewtopic.php?p=173456#173456]my recommended links[/url]
Though I hate playing the Devil's advocate, Mark, that's a rather pious claim and I can't but help notice an ever-so-faint tick-tock way off in the distance.MU wrote:Modifying isos or packages is not to be feared.
Not all black hats are script kiddies or index.html graffiti vandals. Some are very patient and cunning. All it would take is for one such black hat to embed a date/time/event triggered nightmare within a popular and seemingly innocuous dotpup, pupget or sfs file for all Hell to break loose.
We now return you to your normally scheduled programming.
[size=84][i]hangout:[/i] ##b0rked on irc.freenode.net
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
How would they do that? I understood Mark to be saying that they'd actually have to get the file and upload a tainted version, rather than just get the bad stuff on there by sending out scripts . What sort of "nightmare" could happen?All it would take is for one such black hat to embed a date/time/event triggered nightmare within a popular and seemingly innocuous dotpup