On Thu, 15 Jul 2004 09:00:16 PDT, Jeff Shultz [EMAIL PROTECTED] said:
Such dangerous file attachments included .jpg, .pdf and music files.
Once bitten, twice shy:
http://cert.uni-stuttgart.de/archive/bugtraq/2001/02/msg00168.html
.JPG's are HTML, didn't you know? :)
pgpLhDo1FDrRe.pgp
On Wed, 14 Jul 2004 22:52:07 PDT, Alexei Roudnev [EMAIL PROTECTED] said:
O, noo. You click a button 'I agree' which means nothing for 99.99% of
people over the world. Here is a difference. Do not expect people to 'agree'
if you do not enforce them to follow this (and if your system do not
On Wed, Jul 14, 2004, Michel Py wrote:
- In exchange for his life, appoint Saddam Hussein to rid us of spyware
writers. As he's on a roll, let's put spammers in the deal, too. The guy
has a proven track record, problem is most of us live in a society that
oppose his methods, so this does not
: Wednesday, July 14, 2004 1:12 PM
Subject: Re: Spyware becomes increasingly malicious
Ok.. but has BSD been attacked on the scale that MS code has? I would
argue
no, not even close. Do you believe BSD is invulnerable to attack? Hardly..
Unless you want to go back to text based browsers and kernals
** Reply to message from Alexei Roudnev [EMAIL PROTECTED] on Wed, 14
Jul 2004 22:52:07 -0700
May be, idea was that people read 'license', click button (I agree) and
follow it - never write a code which violates this license? But it is not
true - 99.99% people do not read it and behave as a
]; [EMAIL PROTECTED]
Sent: Wednesday, July 14, 2004 1:12 PM
Subject: Re: Spyware becomes increasingly malicious
Ok.. but has BSD been attacked on the scale that MS code has? I would
argue
no, not even close. Do you believe BSD is invulnerable to attack? Hardly..
Unless you want to go back
PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, July 14, 2004 1:12 PM
Subject: Re: Spyware becomes increasingly malicious
Ok.. but has BSD been attacked on the scale that MS code has? I would
argue
no, not even close. Do you believe BSD is invulnerable to attack? Hardly..
Unless you want to go back to text
Most of the lastest versions appear to install themselves using the
ByteCode Verifier vulnerability in the Microsoft Virtual Machine.
MS do not publish full system specs, and they use undocumented features
themself.
So, what other companies are doing? Yes, correct, they are experimenting,
MS do not publish full system specs, and they use undocumented features
themself.
Ok, say MS puplished their code tomorow, what do you think would happen? All
the crackers and virus writers of the world would join hands and sing 'joy
to the world' and forgive MS for their tresspasses? I
Sorry, it was a _technical_ question - is MAC OS known as having pests
and ad-ware in the comparable numbers (if any)?
* [EMAIL PROTECTED] (John Underhill) [Wed 14 Jul 2004, 19:45 CEST]:
This is spurious logic. You are suggesting that Mac is a more secure
operating system, and I would
]
To: [EMAIL PROTECTED]
Sent: Wednesday, July 14, 2004 3:31 PM
Subject: Re: Spyware becomes increasingly malicious
Sorry, it was a _technical_ question - is MAC OS known as having pests
and ad-ware in the comparable numbers (if any)?
* [EMAIL PROTECTED] (John Underhill) [Wed 14 Jul 2004, 19:45
Ok.. but has BSD been attacked on the scale that MS code has? I would argue
no, not even close. Do you believe BSD is invulnerable to attack? Hardly..
I don't believe anybody is claiming that. However, the BSD code has been
out *and* has been publicly scrutinized for quite a bit longer than
John Underhill wrote:
[snip long post]
One of the best posts I have seen in a long time; thanks, John.
So the question remains, what do we do about it?
That's where it gets tough. Let's begin with what we can't do about it:
- Declare that using IE is illegal. This literally takes an act of
So MS has undocumented 'features', so what? When you install their
software
you agree to a licence, and that you are using their software bound by
their
O, noo. You click a button 'I agree' which means nothing for 99.99% of
people over the world. Here is a difference. Do not expect people to
-:)
Excellent!
==
- Declare that using IE is illegal. This literally takes an act of
congress. And, it would be almost impossible to enforce. Anyway, let's
pretend for a moment that congress does outlaw IE _and_ can enforce it,
it still does not do us much
I guess the big question is, is there anyone (other than those profiting
directly from CWS) that would complain if a provider were to do such a
thing...
looks like a psi-net pink contract inherited by cogent. but since the
psi-cogent rollup was an asset sale rather than a corporate
William Warren wrote:
I second that. The version I saw required a third
party registry editor and booting up into the
recovery console from an XP cd (safe mode didn't cut
it) just to remove a hidden dll.
Which is why I made the executive decision to re-image instead of trying
to fix, as
David Schwartz
One wrong turn probing it can render a machine
unusable until it's reloaded.
Ah, I'm not the only one it appears.
In the meantime, let's at least blackhole all
their IPs on our networks.
Does any of the regular lists keeps try of this and already blacklists?
Michel.
oops
I just realized that I incorrectly quoted William Warren instead of
Brian Battle in my previous post. Sorry guys, cut/paste casualty.
/oops
Sean Donelan wrote:
Could this be a Joe job by someone who doesn't like the
owners of Cool Web Search? The owners of the Cool Web
Search company
LOL..not a problem..:)
Michel Py wrote:
oops
I just realized that I incorrectly quoted William Warren instead of
Brian Battle in my previous post. Sorry guys, cut/paste casualty.
/oops
Sean Donelan wrote:
Could this be a Joe job by someone who doesn't like the
owners of Cool Web Search? The owners
The authors of these coolwebsearch variants are extremely
intelligent programmers with far more understanding of
the bowels of the windows platform than your average
script kiddies. If you get hit with the version I saw,
it's no 10 minute piece of cake.
It makes spywire more dangerous
On Mon, 12 Jul 2004 12:37:37 EDT, Hannigan, Martin [EMAIL PROTECTED] said:
alt with at the browser level
in MS Security Bulletin MS03-011.
I have a hard time blaming MS for everything since in most cases
of these things they do react. How do they force the users to update?
Could they
Brian Battle wrote:
For another hastily-thought-out analogy, it's like someone
breaking into your house and reprogramming your cable box
to keep changing the channel to the home shopping club
every 30 seconds.
That would be the result of the broadcast bit.
Pete
Alexei Roudnev wrote:
It is not a bug; it is specially designed IE feature. MS always was proud
of
their full automation - install on demand,
update automatically, add new software to start at a startup without need
to
be system admin, etc etc... As a result, we have a field full of bugs,
RKJ Date: Mon, 12 Jul 2004 01:43:50 -0300
RKJ From: Rubens Kuhl Jr.
RKJ Try booting into safe mode before running software to detect
RKJ or remove spyware; some of them fight to survive if they are
Also use msconfig to disable non-critical extras. Some of us
have manually ripped out ActiveX
coolwebsearch has become more and more sneaky..so bad that
development of cws shredder has been abandoned by its
developerEither serious lock down you ie(which with CWS is
not going to help) or use something other than ie.
Edward B. Dreger wrote:
RKJ Date: Mon, 12 Jul 2004 01:43:50 -0300
- Original Message -
From: William Warren [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 12, 2004 10:04 PM
Subject: Re: Spyware becomes increasingly malicious
coolwebsearch has become more and more sneaky..so bad that
development of cws shredder has been abandoned
- Original Message -
From: Michel Py [EMAIL PROTECTED]
To: Sean Donelan [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Monday, July 12, 2004 1:24 PM
Subject: RE: Spyware becomes increasingly malicious
Indeed. Lately, I have not been able to clean a very annoying piece of
crud named
On Mon, 12 Jul 2004, William Warren wrote:
coolwebsearch has become more and more sneaky..so bad that
development of cws shredder has been abandoned by its
developerEither serious lock down you ie(which with CWS is
not going to help) or use something other than ie.
William Warren wrote:
coolwebsearch has become more and more sneaky..so
bad that development of cws shredder has been
abandoned by its developer
The smart computer does not exist (if it did, we would not have a job,
would we? ;-)
Either serious lock down you ie (which with CWS is
not
On Mon, Jul 12, 2004 at 04:18:34PM +, Paul Vixie wrote:
somebody, probably sean, mentioned scaling earlier in this thread.
coolwebsearch has become more and more sneaky.. so bad that
development of cws shredder has been abandoned by its developer..
...
the first time only about
Paul Vixie wrote:
or, to put it in terms you can all understand:
why does that provider's upstream still have bgp peers?
Maybe said upstream does not want to deal with TROs and legal issues?
CWS is not illegal as of today.
if you give people the means to hurt you, and they do it,
and you
:
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Paul Vixie
Sent: Monday, July 12, 2004 12:19 PM
To: [EMAIL PROTECTED]
Subject: Re: Spyware becomes increasingly malicious
somebody, probably sean, mentioned scaling earlier in this thread
On 7/12/04 12:33 PM, Michel Py [EMAIL PROTECTED] wrote:
Paul Vixie wrote:
or, to put it in terms you can all understand:
why does that provider's upstream still have bgp peers?
Maybe said upstream does not want to deal with TROs and legal issues?
CWS is not illegal as of today.
CWS
On 7/12/04 12:33 PM, Michel Py
[EMAIL PROTECTED] wrote:
Some peering contracts specify that behaviors that endanger a
network or its
users allow for immediate disconnection. Its a bit of a stretch to invoke
this for a spyware site.
I think you could find a few experts that could
I think depeering is a bit over the top for this situation, but I
wouldn't blink at nullrouting the prefix in question at my cores... :)
I guess the big question is, is there anyone (other than those
profiting directly from CWS) that would complain if a provider were to
do such a thing...
-C
On Mon, 12 Jul 2004, Richard A Steenbergen wrote:
http://www.webhelper4u.com/CWS/cwsoriginial.html
These folks? Looks like it's all Cogent. Surely someone has contacted
Cogent about this?
I'm sure someone has.
The real question should be, does cogent care?
On Jul 12, 2004, at 11:20 AM, Christopher Woodfield wrote:
I think depeering is a bit over the top for this situation, but I
wouldn't blink at nullrouting the prefix in question at my cores... :)
I guess the big question is, is there anyone (other than those
profiting directly from CWS) that
I think depeering is a bit over the top for this situation, ...
if their customer was sucking blood from your customer, and if your peer
was taking a cut of the proceeds, would the issues be any clearer?
I guess the big question is, is there anyone (other than those profiting
directly from
- Original Message -
From: Michel Py [EMAIL PROTECTED]
To: Gregh [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, July 13, 2004 12:41 AM
Subject: RE: Spyware becomes increasingly malicious
Gregh wrote:
Are you honestly serious? I came up against it for
the first time only
PROTECTED]
Sent: Tuesday, July 13, 2004 12:41 AM
Subject: RE: Spyware becomes increasingly malicious
Gregh wrote:
Are you honestly serious? I came up against it for
the first time only about 3 days ago and I got rid
of it in 10 minutes! I can see how it would be a
problem for a newbie
William Warren wrote:
not all the variants are that easy..how about doing a google on
coolwebsearch..scumware.com has a good writeup as well as
spywareinfo.com...the newer variants are not that easy
I second that. The version I saw required a third party
registry editor and booting up
Spyware isn't the best term for what is happening, but it is quickly
exceeding (or contributing) to all the other problems associated with
the online (not just Internet) world.
You probably need to be a paid subscriber or visit a public library
Sean Donelan wrote:
Spyware isn't the best term for what is happening, but it
is quickly exceeding (or contributing) to all the other
problems associated with the online (not just Internet) world.
Indeed. Lately, I have not been able to clean a very annoying piece of
crud named
On Sun, 11 Jul 2004 20:24:19 -0700, Michel Py wrote:
None of the
other crapware removers I have tried could clean the machine either.
Try Bazooka spyware detector from http://www.kephyr.com/. This
detected for me a bunch of malware neither Spybot nor Adaware caught.
Jeffrey Race
- Original Message -
From: Michel Py [EMAIL PROTECTED]
To: Sean Donelan [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Sunday, July 11, 2004 5:24 PM
Subject: RE: Spyware becomes increasingly malicious
Indeed. Lately, I have not been able to clean a very annoying piece of
crud named
Michael Painter wrote:
You're right...it can be a sob to remove. CWShredder
has worked well for me.
http://www.spywareinfo.com/~merijn/cwschronicles.html
First thing I tried after Ad-aware and Spybot, no go :-(
In some cases, the only way out of it is HiJackthis
PROTECTED]
Sent: Monday, July 12, 2004 12:24 AM
Subject: RE: Spyware becomes increasingly malicious
Sean Donelan wrote:
Spyware isn't the best term for what is happening, but it
is quickly exceeding (or contributing) to all the other
problems associated with the online (not just Internet) world
Rubens Kuhl Jr. wrote:
Try booting into safe mode before running software to detect
or remove spyware; some of them fight to survive if they are
running, dunno if it is the case with CoolWebSearch.
Tried that too, does not help with CWS.
Michel.
49 matches
Mail list logo
