»
Discussion
»
The Alley
»
So Nice to be Popular (or this is not a drill -- trojan alert)
| The Alley |
|
So Nice to be Popular (or this is not a drill -- trojan alert) |
|
|
Local Rebel Member Ascendant
since 1999-12-21
Posts 5767Southern Abstentia 
|
I was recently attacked by a trojan looper script -- probably java script since it doesn't activate when I kill java. What it does apparently is loops continuously and hangs up my browser. AV's haven't been able to find it and remove it -- but did indicate it was related to JS.Seeker / Trojan/Seeker varieties. It becomes specifically active when I open up my yahoo mail account. Yahoo mail account users beware. If you have enabled HTML in your messages disable it -- since a java-script can come in this way without your doing anything at all. I believe though -- the specific way that it came to my computer was when I was prompted (when opening an e-mail) to download vector graphics to view the page (which is an innocuous enough request since I don't have it installed) it was at this point when my browser started hanging up. Right now it appears this was an intentional attack but I can't prove that -- so there are no names mentioned. I'll just say thanks to the attacker for giving me an interesting week.  |
||
| © Copyright 2003 Local Rebel - All Rights Reserved | |||
|
serenity blaze Member Empyrean
since 2000-02-02
Posts 27738 |
Thanks for the heads up, Reb... I use yahoo alot and I'm kinda ignorant about that stuff. Well not kinda. I'm a dummy. I only bought a new pc to post poetry faster.  |
||
|
Toad Member
since 2002-06-16
Posts 161 |
http://vil.nai.com/vil/content/v_98882.htm |
||
Midnitesun
since 2001-05-18
Posts 28647Gaia |
Hey, thanks for the warning, Reb! I just opened a Yahoo email account a week ago, when my interfold account went down for a few days. I'm moving today, and my internet connection may or may not even be active for a few days, but I'll remember to be careful about accessing that Yahoo email when online. Hope you can find Helen and her friends.  sorry, he made me do it  AND? thanks Toad for the info link! [This message has been edited by Midnitesun (07-27-2003 08:46 AM).] |
||
|
Nan
Administrator
Member Seraphic
since 1999-05-20
Posts 21191Cape Cod Massachusetts USA |
I think I'll stay away from Yahoo... And thankya, Toad - You're pretty smart for a "wanna-be frog"...  |
||
garysgirl 
since 2002-09-29
Posts 19237Florida, USA |
Reb, thanks for the warning. I think I'll stay away from Yahoo, too...or just delete the e-mails from my computer. I got a virus once. My internet provider gave me a link to a free service called Symantec. It found the virus and fixed it. This is the URL...... http://security.symantec.com/ssc/home.asp?j=1&langid=ie&venid=sym&plfid=23&p kj=VISIGMKIIPLBMRSJRFS Thanks for the other link, too, Toad. Good luck.  Hugs  Ethel [This message has been edited by garysgirl (07-27-2003 09:57 AM).] |
||
|
Local Rebel Member Ascendant
since 1999-12-21
Posts 5767Southern Abstentia |
Thanks to all for your comments and support. As I said before the AV's haven't been able to clean it up -- I think it's coming from a script generator. This code has been out there and available long enough that someone with rudimentary skill could obtain it and modify it to do just about anything -- I think what it actually does though (pure speculation) is re-executes the javascripts in a page over and over and over and over and over and over and over - -- because the more laden with java a page is -- the more the browser crashes. At this point there is little to do than reformat the machine -- but hey -- I was due for an upgrade -- and frankly -- it's been a lot of fun trying to cure. I'm just trying to figure out which one of my enemies did this -- or if I have a new one? These things aren't normally self-propagating. |
||
|
Aenimal Member Rara Avis
since 2002-11-18
Posts 7350the ass-end of space |
Well this might explain what happened to my browser, a month back. Had those same hangups in my browser and my AV's couldn't find a thing. It's all good, a reformat once a year is a great idea and something I'll be doing from now on. My CPU is flying for the time being, so good to have a fresh registry and HD [This message has been edited by Aenimal (07-27-2003 05:05 PM).] |
||
|
Balladeer
Administrator
Member Empyrean
since 1999-06-05
Posts 25505Ft. Lauderdale, Fl USA |
Damn....and Toerag assured me he had given up doing that!!! Can't trust anybody these days  |
||
|
garysgirl
since 2002-09-29
Posts 19237Florida, USA |
Poor old Toerag gets blamed for everything!!!  And he's not even here to defend himself, poor thing. Pssst!!! Ya know I'm just kidding, Ball-deer [This message has been edited by garysgirl (07-27-2003 09:52 PM).] |
||
|
Local Rebel Member Ascendant
since 1999-12-21
Posts 5767Southern Abstentia |
Now Micheal... You can't accuse TOE! I said it would take someone with rudimentary skill!!  (still waiting for that feather waxing toe) |
||
|
Magicmystery Senior Member
since 2002-02-13
Posts 821Windsor, Ontario, Canada |
My mother had something similar happen to her when she visited her Webshots not too long ago.... It seems that one of the advertisers on the site installed a popup on the page she was in that wouldn't close, not even from the task bar, and when she clicked the little "x" on the upper right of the box, it downloaded something to her cookies and informed her with another popup that abetterinternet.com would automatically (without her permission) update her browser with their software as they saw fit and when they saw fit. This incidious little program eventually caused her entire computer to crash to the point that it wouldn't load Windows. Luckily, my husband is a bit of a techi... he managed to save most of her files but she lost over 200 addresses (her entire address book) because he couldn't locate it and save it to her untouched partition before doing a complete reformat and reinstall. (this happenned when she was still looking for a job and couldn't afford to be without a computer) She has since taken Webshots software off her computer and refuses to go to the site (it's full of spyware anyway and she doesn't needher privacy invaded like that) Reb, nasty little trojans like the one that hit you aren't sent by known enemies, and unless you have an up-to-date firewall and virus protection on your computer, they can sneak in just by pinging an open port. It's sad that there are people out there that use their programming talents for such malicious purposes. Unfortunately, that's the world we live in. If you want to see if you have spyware or sneaky little programs embedded in your software that produce popups when you type certain words or go to certain sites, get the program Adaware.... it's freeware and very useful of clearing your computer registry of these little nasties. Take Care Sherry Cherish the good memories of the past and look forward to the adventure called Tomorrow. But above all... be kind to yourself today. |
||
|
Local Rebel Member Ascendant
since 1999-12-21
Posts 5767Southern Abstentia |
You mean the Republicans didn't try to ruin my daughter's wedding  oh -- being a kanuk you may not remember Ross Perot.... anyway...Thank you magic -- I do have spyware cleaners -- but not that one -- it did find a peice of malware that I hadn't detected b4  Unfortunatley -- viruses, worms, trojans -- all are readily available to anyone that feels a little mishievous -- on cd's, over the net -- all with instructions how to alter them and bundle them for specific attacs or just to release on the world at large -- and -- when you run your AV's, and spywares -- all they can do is look for known threats... The only one that helped me was F-Secure because it not only looked for the known threats but it was able to recognize parts of the code from the seeker trojans and decided to act on them... Even so -- this was a nasty little bugger -- with dxdiag I was able to identify 8 system files that it hit and repaired them, after freeing up 6 gigs of space, scan discing twice, defragging twice -- my computer was screaming fast -- in better shape than when I brought it home -- unfortunatley -- when I opened up a browser it still hung... all I could do was clean the whole darn thing... Fortunately -- you don't know my enemies -- a short list of some of the things that they do to me (but not lately) TP my house Dead cats in mailbox Loosen lugnuts on trucks Battery acid on cars steal mail and cancel important services and -- other things you don't want to know yes -- what a world |
||
|
Sunshine
Administrator
Member Empyrean
since 1999-06-25
Posts 63354Listening to every heart |
Here's the next one to watch for, Reb... http://biz.yahoo.com/prnews/030801/clf025_1.html |
||
|
Local Rebel Member Ascendant
since 1999-12-21
Posts 5767Southern Abstentia |
Thanks Sunshine -- best to beware! Yeah -- who would have thought to bundle a virus in a zip file? Hijakers... It should be pointed out too that trojans CAN break through firewalls too -- that's why they are called trojans -- they get you to click an OK to download something you think is friendly -- but is not! quote: |
||
|
Ron
Administrator
Member Rara Avis
since 1999-05-19
Posts 8669Michigan, US |
quote: "Friendly" and "download" should never be used in the same sentence together. Doesn't matter who it says it's from, doesn't matter what it says it is, every time you download an executable file you are taking a risk. Imagine that every day was Halloween and every person who came knocking on your door was wearing a mask. Invite someone into your home and the surprise, when they remove their mask, isn't always going to a pleasant one. |
||
|
Local Rebel Member Ascendant
since 1999-12-21
Posts 5767Southern Abstentia |
I am happy to announce that no one at PIP was responsible for this I have found the dirty SO and SO who did it. |
||
|
passing shadows Member Empyrean
since 1999-08-26
Posts 45577displaced |
get him! and save me a piece |
||
|
garysgirl
since 2002-09-29
Posts 19237Florida, USA |
Well, RebHawk, I sure am glad and relieved to hear that Toerag didn't have anything to do with it. That Buzz is such a sweet fellow, isn't he? Hey, I got that stupid last worm that was getting on XP and 2000. It's took me about a week of putting the fixer, scanning, downloading patches and a new anti-virus and security protection on my computer. Plus a firewall. I don't like that because it affects the speed of getting to the web pages that I want to go to. This new program keeps in touch with every single thing that I do on the internet. I guess that's good though. Anyway, good luck to everybody and I hope that everyones computers work really well now. Ethel |
||
|
Sunshine
Administrator
Member Empyrean
since 1999-06-25
Posts 63354Listening to every heart |
Glad you found the culprit, Reb. I hope it wasn't intentional...but if it was? Pour molasses on his keyboard. |
||
|
Midnitesun
since 2001-05-18
Posts 28647Gaia |
ROTFL at Karilea's poetic justice comment. I'd go a step further though, since keyboards are so cheap these days. Remind me not to visit your neighborhood. We'll just have to meet clandestinely. LOL, I don't have the level of expertise you do in repairing damaged files, even though I taught in school computer labs for 8 years, it was nearly 8 years ago...and the worms and viruses have proliferated way beyond my microcopic eyepiece. Make sure the price is high enough to deter the creep from trying it again. Aha, vengeance can be yours as long as there is no bodily harm, right? LOL |
||
|
Black_Knight Junior Member
since 2003-09-04
Posts 23England |
Really just a couple of reference points that should be of use to most of you. AdAware was already mentioned, but the problem with AdAware is that it (only recently) suffered very much from lack of interest, and wasn't updated for over a year. Spybot - Search and Destroy from http://security.kolla.de/ is therefore a little more reliable generally, and has a lot of functionality. It is really simple to use, so everyone should be able to download and install this to help protect themselves. The fact that it adds basic immunization (protects you from some nasties *before* they can install themselves) is especially good. SpywareBlaster from http://www.javacoolsoftware.com/spywareblaster.html is another useful utility that blocks many nasty and sneaky things from installing themselves via loopholes in the ActiveX components of IE. Its not too technical for anyone to get basic protection, though it does also have some more advanced features for those who know a bit more. Finally, one for the slightly more technical is HijackThis from http://www.spywareinfo.com/~merijn/index.htm This one lets you see exactly what is active on your system, what potentially worrying things might be in your registry, etc. It is really more a tool for the more experienced and technical, but it can produce detailed reports of what may need to be examined for *anyone* to pass on to their techie friends. Highly recommended. |
||
|
garysgirl
since 2002-09-29
Posts 19237Florida, USA |
Thank you for this information, Black_Knight. Ethel |
||
|
|
⇧ top of page ⇧ |
|
| All times are ET (US). All dates are in Year-Month-Day format. | ||
