How to Join Member's Area Private Library Search Today's Topics p Login
Main Forums Discussion Tech Talk Mature Content Archives
   Nav Win
 Discussion
 The Alley
 So Nice to be Popular
 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
Follow us on Facebook

 Moderated by: Ron   (Admins )

 
User Options
Format for Better Printing EMail to a Friend Not Available
Admin Print Send ECard
Passions in Poetry

So Nice to be Popular (or this is not a drill -- trojan alert)

 Post A Reply Post New Topic   Go to the Next Oldest/Previous Topic Return to Topic Page Go to the Next Newest Topic 
Local Rebel
Member Ascendant
since 12-21-1999
Posts 5742
Southern Abstentia


0 posted 07-27-2003 01:34 AM       View Profile for Local Rebel   Email Local Rebel   Edit/Delete Message      Find Poems  View IP for Local Rebel

I was recently attacked by a trojan looper script -- probably java script since it doesn't activate when I kill java.  What it does apparently is loops continuously and hangs up my browser.  AV's haven't been able to find it and remove it -- but did indicate it was related to JS.Seeker / Trojan/Seeker varieties.

It becomes specifically active when I open up my yahoo mail account.  Yahoo mail account users beware.

If you have enabled HTML in your messages disable it -- since a java-script can come in this way without your doing anything at all.

I believe though -- the specific way that it came to my computer was when I was prompted (when opening an e-mail) to download vector graphics to view the page (which is an innocuous enough request since I don't have it installed) it was at this point when my browser started hanging up.

Right now it appears this was an intentional attack but I can't prove that -- so there are no names mentioned.  I'll just say thanks to the attacker for giving me an interesting week.

serenity blaze
Member Empyrean
since 02-02-2000
Posts 28839


1 posted 07-27-2003 03:13 AM       View Profile for serenity blaze   Email serenity blaze   Edit/Delete Message      Find Poems  View IP for serenity blaze

Thanks for the heads up, Reb...

I use yahoo alot and I'm kinda ignorant about that stuff. Well not kinda.

I'm a dummy.

I only bought a new pc to post poetry faster.


Toad
Member
since 06-16-2002
Posts 247


2 posted 07-27-2003 08:29 AM       View Profile for Toad   Email Toad   Edit/Delete Message      Find Poems  View IP for Toad

http://vil.nai.com/vil/content/v_98882.htm
Midnitesun
Deputy Moderator 1 Tour
Member Empyrean
since 05-18-2001
Posts 29020
Gaia


3 posted 07-27-2003 08:45 AM       View Profile for Midnitesun   Email Midnitesun   Edit/Delete Message      Find Poems  View IP for Midnitesun

Hey, thanks for the warning, Reb!
I just opened a Yahoo email account a week ago, when my interfold account went down for a few days. I'm moving today, and my internet connection may or may not even be active for a few days, but I'll remember to be careful about accessing that Yahoo email when online.
Hope you can find Helen and her friends.

sorry, he made me do it


AND? thanks Toad for the info link!

[This message has been edited by Midnitesun (07-27-2003 08:46 AM).]

Nan
Administrator
Member Seraphic
since 05-20-99
Posts 24426
Cape Cod Massachusetts USA


4 posted 07-27-2003 08:51 AM       View Profile for Nan   Email Nan   Edit/Delete Message      Find Poems   Click to visit Nan's Home Page   View IP for Nan

I think I'll stay away from Yahoo...  And thankya, Toad - You're pretty smart for a "wanna-be frog"...
garysgirl
Deputy Moderator 10 ToursDeputy Moderator 5 ToursDeputy Moderator 1 Tour
Member Seraphic
since 09-29-2002
Posts 20064
Florida, USA


5 posted 07-27-2003 09:54 AM       View Profile for garysgirl   Edit/Delete Message      Find Poems   Click to visit garysgirl's Home Page   View IP for garysgirl

Reb, thanks for the warning. I think I'll stay away from Yahoo, too...or just delete the e-mails from my computer.

I got a virus once. My internet provider gave me a link to a free service called Symantec. It found the virus and fixed it. This is the URL...... http://security.symantec.com/ssc/home.asp?j=1&langid=ie&venid=sym&plfid=23&p kj=VISIGMKIIPLBMRSJRFS

Thanks for the other link, too, Toad.

Good luck.  
Hugs  
Ethel

[This message has been edited by garysgirl (07-27-2003 09:57 AM).]

Local Rebel
Member Ascendant
since 12-21-1999
Posts 5742
Southern Abstentia


6 posted 07-27-2003 11:56 AM       View Profile for Local Rebel   Email Local Rebel   Edit/Delete Message      Find Poems  View IP for Local Rebel

Thanks to all for your comments and support.  As I said before the AV's haven't been able to clean it up -- I think it's coming from a script generator.  This code has been out there and available long enough that someone with rudimentary skill could obtain it and modify it to do just about anything -- I think what it actually does though (pure speculation) is re-executes the javascripts in a page over and over and over and over and over and over and over - -- because the more laden with java a page is -- the more the browser crashes.

At this point there is little to do than reformat the machine -- but hey -- I was due for an upgrade -- and frankly -- it's been a lot of fun trying to cure.

I'm just trying to figure out which one of my enemies did this -- or if I have a new one?  These things aren't normally self-propagating.  
Aenimal
Member Rara Avis
since 11-18-2002
Posts 7451
the ass-end of space


7 posted 07-27-2003 02:40 PM       View Profile for Aenimal   Email Aenimal   Edit/Delete Message      Find Poems  View IP for Aenimal

Well this might explain what happened to my browser, a month back. Had those same hangups in my browser and my AV's couldn't find a thing. It's all good, a reformat once a year is a great idea and something I'll be doing from now on. My CPU is flying for the time being, so good to have a fresh registry and HD

[This message has been edited by Aenimal (07-27-2003 05:05 PM).]

Balladeer
Administrator
Member Empyrean
since 06-05-99
Posts 26302
Ft. Lauderdale, Fl USA


8 posted 07-27-2003 09:16 PM       View Profile for Balladeer   Email Balladeer   Edit/Delete Message      Find Poems   Click to visit Balladeer's Home Page   View IP for Balladeer

Damn....and Toerag assured me he had given up doing that!!! Can't trust anybody these days
garysgirl
Deputy Moderator 10 ToursDeputy Moderator 5 ToursDeputy Moderator 1 Tour
Member Seraphic
since 09-29-2002
Posts 20064
Florida, USA


9 posted 07-27-2003 09:51 PM       View Profile for garysgirl   Edit/Delete Message      Find Poems   Click to visit garysgirl's Home Page   View IP for garysgirl

Poor old Toerag gets blamed for
everything!!!  
And he's not even here to defend himself,
poor thing.

Pssst!!!  Ya know I'm just kidding, Ball-deer

[This message has been edited by garysgirl (07-27-2003 09:52 PM).]

Local Rebel
Member Ascendant
since 12-21-1999
Posts 5742
Southern Abstentia


10 posted 07-27-2003 10:57 PM       View Profile for Local Rebel   Email Local Rebel   Edit/Delete Message      Find Poems  View IP for Local Rebel

Now Micheal...

You can't accuse TOE!

I said it would take someone with rudimentary skill!!  

(still waiting for that feather waxing toe)
Magicmystery
Senior Member
since 02-13-2002
Posts 935
Windsor, Ontario, Canada


11 posted 07-31-2003 03:16 PM       View Profile for Magicmystery   Email Magicmystery   Edit/Delete Message      Find Poems   Click to visit Magicmystery's Home Page   View IP for Magicmystery

My mother had something similar happen to her when she visited her Webshots not too long ago.... It seems that one of the advertisers on the site installed a popup on the page she was in that wouldn't close, not even from the task bar, and when she clicked the little "x" on the upper right of the box, it downloaded something to her cookies and informed her with another popup that abetterinternet.com would automatically (without her permission) update her browser with their software as they saw fit and when they saw fit.  This incidious little program eventually caused her entire computer to crash to the point that it wouldn't load Windows.  Luckily, my husband is a bit of a techi... he managed to save most of her files but she lost over 200 addresses (her entire address book) because he couldn't locate it and save it to her untouched partition before doing a complete reformat and reinstall. (this happenned when she was still looking for a job and couldn't afford to be without a computer) She has since taken Webshots software off her computer and refuses to go to the site (it's full of spyware anyway and she doesn't needher privacy invaded like that)

Reb, nasty little trojans like the one that hit you aren't sent by known enemies, and unless you have an up-to-date firewall and virus protection on your computer, they can sneak in just by pinging an open port. It's sad that there are people out there that use their programming talents for such malicious purposes.  Unfortunately, that's the world we live in.  If you want to see if you have spyware or sneaky little programs embedded in your software that produce popups when you type certain words or go to certain sites, get the program Adaware.... it's freeware and very useful of clearing your computer registry of these little nasties.

Take Care

Sherry

Cherish the good memories of the past and look forward to the adventure called Tomorrow. But above all... be kind to yourself today.

Local Rebel
Member Ascendant
since 12-21-1999
Posts 5742
Southern Abstentia


12 posted 08-03-2003 12:16 PM       View Profile for Local Rebel   Email Local Rebel   Edit/Delete Message      Find Poems  View IP for Local Rebel

You mean the Republicans didn't try to ruin my daughter's wedding   oh -- being a kanuk you may not remember Ross Perot.... anyway...

Thank you magic -- I do have spyware cleaners -- but not that one -- it did find a peice of malware that I hadn't detected b4

Unfortunatley -- viruses, worms, trojans -- all are readily available to anyone that feels a little mishievous -- on cd's, over the net -- all with instructions how to alter them and bundle them for specific attacs or just to release on the world at large -- and -- when you run your AV's, and spywares -- all they can do is look for known threats...

The only one that helped me was F-Secure because it not only looked for the known threats but it was able to recognize parts of the code from the seeker trojans and decided to act on them...

Even so -- this was a nasty little bugger -- with dxdiag I was able to identify 8 system files that it hit and repaired them, after freeing up 6 gigs of space, scan discing twice, defragging twice -- my computer was screaming fast -- in better shape than when I brought it home -- unfortunatley -- when I opened up a browser it still hung... all I could do was clean the whole darn thing...

Fortunately -- you don't know my enemies -- a short list of some of the things that they do to me (but not lately)

TP my house
Dead cats in mailbox
Loosen lugnuts on trucks
Battery acid on cars
steal mail and cancel important services

and -- other things you don't want to know

yes -- what a world
Sunshine
Administrator
Member Caelestus
since 06-25-99
Posts 67715
Listening to every heart


13 posted 08-03-2003 01:49 PM       View Profile for Sunshine   Email Sunshine   Edit/Delete Message      Find Poems   Click to visit Sunshine's Home Page   View IP for Sunshine

Here's the next one to watch for, Reb...
http://biz.yahoo.com/prnews/030801/clf025_1.html
Local Rebel
Member Ascendant
since 12-21-1999
Posts 5742
Southern Abstentia


14 posted 08-03-2003 03:59 PM       View Profile for Local Rebel   Email Local Rebel   Edit/Delete Message      Find Poems  View IP for Local Rebel

Thanks Sunshine -- best to beware!  Yeah -- who would have thought to bundle a virus in a zip file?  Hijakers...

It should be pointed out too that trojans CAN break through firewalls too -- that's why they are called trojans -- they get you to click an OK to download something you think is friendly -- but is not!

quote:

What a world, what a world!
-- the wicked which of the west/east?  don't remember my Oz right now.


Ron
Administrator
Member Rara Avis
since 05-19-99
Posts 9708
Michigan, US


15 posted 08-03-2003 04:43 PM       View Profile for Ron   Email Ron   Edit/Delete Message      Find Poems   Click to visit Ron's Home Page   View IP for Ron

quote:
... they get you to click an OK to download something you think is friendly -- but is not!

"Friendly" and "download" should never be used in the same sentence together. Doesn't matter who it says it's from, doesn't matter what it says it is, every time you download an executable file you are taking a risk.

Imagine that every day was Halloween and every person who came knocking on your door was wearing a mask. Invite someone into your home and the surprise, when they remove their mask, isn't always going to a pleasant one.
Local Rebel
Member Ascendant
since 12-21-1999
Posts 5742
Southern Abstentia


16 posted 08-16-2003 06:58 PM       View Profile for Local Rebel   Email Local Rebel   Edit/Delete Message      Find Poems  View IP for Local Rebel

I am happy to announce that no one at PIP was responsible for this

I have found the dirty SO and SO who did it.
passing shadows
Member Empyrean
since 08-26-99
Posts 46297
displaced


17 posted 08-16-2003 10:15 PM       View Profile for passing shadows   Email passing shadows   Edit/Delete Message      Find Poems  View IP for passing shadows

get him!

and save me a piece
garysgirl
Deputy Moderator 10 ToursDeputy Moderator 5 ToursDeputy Moderator 1 Tour
Member Seraphic
since 09-29-2002
Posts 20064
Florida, USA


18 posted 08-18-2003 07:43 AM       View Profile for garysgirl   Edit/Delete Message      Find Poems   Click to visit garysgirl's Home Page   View IP for garysgirl

Well, RebHawk, I sure am glad and relieved
to hear that Toerag didn't have anything to
do with it. That Buzz is such a sweet
fellow, isn't he?

Hey, I got that stupid last worm that was getting on XP and 2000. It's took me about a week of putting the fixer, scanning, downloading patches and a new anti-virus and security protection on my computer. Plus a firewall. I don't like that because it affects the speed of getting to the web pages that I want to go to. This new program keeps in touch with every single thing that I do on the internet. I guess that's good though.

Anyway, good luck to everybody and I hope that everyones computers work really well now.
Ethel
Sunshine
Administrator
Member Caelestus
since 06-25-99
Posts 67715
Listening to every heart


19 posted 08-18-2003 07:53 AM       View Profile for Sunshine   Email Sunshine   Edit/Delete Message      Find Poems   Click to visit Sunshine's Home Page   View IP for Sunshine

Glad you found the culprit, Reb.  I hope it wasn't intentional...but if it was?  Pour molasses on his keyboard.
Midnitesun
Deputy Moderator 1 Tour
Member Empyrean
since 05-18-2001
Posts 29020
Gaia


20 posted 08-24-2003 11:57 AM       View Profile for Midnitesun   Email Midnitesun   Edit/Delete Message      Find Poems  View IP for Midnitesun

ROTFL at Karilea's poetic justice comment.
I'd go a step further though, since keyboards are so cheap these days.

Remind me not to visit your neighborhood. We'll just have to meet clandestinely. LOL, I don't have the level of expertise you do in repairing damaged files, even though I taught in school computer labs for 8 years, it was nearly 8 years ago...and the worms and viruses have proliferated way beyond my microcopic eyepiece.
Make sure the price is high enough to deter the creep from trying it again.
Aha, vengeance can be yours as long as there is no bodily harm, right? LOL
Black_Knight
Junior Member
since 09-04-2003
Posts 23
England


21 posted 09-07-2003 10:20 PM       View Profile for Black_Knight   Edit/Delete Message      Find Poems  View IP for Black_Knight

Really just a couple of reference points that should be of use to most of you.

AdAware was already mentioned, but the problem with AdAware is that it (only recently) suffered very much from lack of interest, and wasn't updated for over a year.

Spybot - Search and Destroy from http://security.kolla.de/ is therefore a little more reliable generally, and has a lot of functionality.  It is really simple to use, so everyone should be able to download and install this to help protect themselves.  The fact that it adds basic immunization (protects you from some nasties *before* they can install themselves) is especially good.

SpywareBlaster from http://www.javacoolsoftware.com/spywareblaster.html is another useful utility that blocks many nasty and sneaky things from installing themselves via loopholes in the ActiveX components of IE.  Its not too technical for anyone to get basic protection, though it does also have some more advanced features for those who know a bit more.

Finally, one for the slightly more technical is HijackThis from http://www.spywareinfo.com/~merijn/index.htm
This one lets you see exactly what is active on your system, what potentially worrying things might be in your registry, etc.  It is really more a tool for the more experienced and technical, but it can produce detailed reports of what may need to be examined for *anyone* to pass on to their techie friends.  Highly recommended.
garysgirl
Deputy Moderator 10 ToursDeputy Moderator 5 ToursDeputy Moderator 1 Tour
Member Seraphic
since 09-29-2002
Posts 20064
Florida, USA


22 posted 09-07-2003 11:42 PM       View Profile for garysgirl   Edit/Delete Message      Find Poems   Click to visit garysgirl's Home Page   View IP for garysgirl

Thank you for this information, Black_Knight.
Ethel
 
 Post A Reply Post New Topic   Go to the Next Oldest/Previous Topic Return to Topic Page Go to the Next Newest Topic 
All times are ET (US) Top
  User Options
>> Discussion >> The Alley >> So Nice to be Popular Format for Better Printing EMail to a Friend Not Available
Print Send ECard

 

pipTalk Home Page | Main Poetry Forums

How to Join | Member's Area / Help | Private Library | Search | Contact Us | Today's Topics | Login
Discussion | Tech Talk | Archives | Sanctuary



© Passions in Poetry and netpoets.com 1998-2013
All Poetry and Prose is copyrighted by the individual authors