I tried to see what it was faking Opera to identify as Explorer... didn't work. I switched to IE and the mystery was unveiled. It was an ActiveX something (of course). Didn't allow it to run and bailed out quickly.
Guys were sued for only scanning ports to see if there was a potential security hole... This time the contraption works from the inside and no firewall or closed ports can stop it. And you can't sue anyone as long as it was you who agreed to let it do its job, and you were aware it scans the content of your drives... Cristian P.S. I have installed ZoneAlarm on my Windows computer and it works nicely. I recommend it. It also does that MD5 check to authentificate the programs allowed to open ports for output and input data. Of course the first thing Klez.H and Bugbear do when started, is to kill ZoneAlarm and other known firewalls if running:) For Linux users I highly recommend enabling the firewall, using ipchains or iptables. There are some good scripts that do it in a more user-friendly way. A common practice for the script kiddies is to plant a rootkit on a linux computer using one of the well known security-holes. Some use it for nothing more than getting an account in order to run an irc proxy like psybnc, being unaware of the fact the also they turn the computer into a DDoS attack platform and, most important, leave the information there at the mercy of the author of the tool they're using... On Tue, 12 Nov 2002, L.D. Best wrote: > Date: Tue, 12 Nov 2002 17:14:38 -0400 > From: L.D. Best <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Cc: LifeRaft <[EMAIL PROTECTED]> > Subject: Fw: Good news--Bad news > > Is this as dangerous and I think it is? They even give instructions on > how to bypass the dozerware firewall to allow them to download and run > their "cleanup" software on your system. > > Paranoid I may be, but I think this sort of thing should be illegal ... > can you imagine how many computers could be trashed -- after being > stripped of personal data -- from a single mass spamming? > > I've always known that "for the children" was a horrendous threat, but > the potential destruction this type of activity offers scares me far > worse than sadam-who's-insane > > l.d. > ==== > > ----- Forwarded message begin ----- > From: "Free Product Samples" <[EMAIL PROTECTED]> > > The bad news is, every PC picks up online porn. It can happen through > an email, or by accidentally visiting an adult site. The good news, > there is something you can do about it. > > Take our FREE PC scan to make sure you're safe: > http://click.fpsamplesmail.com/sp/t.pl?id=53047:88068716 > > Want to know more about why this happens? > > Q: I accidentally opened an adult web site once, but I quickly left the > site. Should I really be worried about it? > A: Yes! Because your PC can record every picture from every website you > visit, even one accidentally opened adult website can cause offensive > content to be saved to your PC. > > Q: What can I do about it? > A: You can use a free, online detection tool that helps you find out if > unwanted, hidden files have been picked up from the Internet. > > Q: Can you tell me more about the free online tool? > A: ContentAudit checks your PC for saved files you may find offensive. > ContentAudit identifies explicit adult content along with files related > to drugs, violence, terrorism, etc. Some ContentAudit users do not find > content that concerns them (they're lucky), but many others actually do > find offensive content has been stored on their computer. > > Find out for sure what's been saved on your PC! > > Click Below to check your PC for FREE: > http://click.fpsamplesmail.com/sp/t.pl?id=53048:88068716 > > ________________________________________________________ > > Our records indicate you have opted in to receive samples, free offers and money > saving tips while visiting one of our marketing partners. > > If you would no longer like to receive these offers via email, you can > unsubscribe by sending a blank email to > mailto:unsub-88068716-2025@;fpsamplesmail.com > OR > Sending a postal mail to CustomerService > 424 E. Central Blvd #118, Orlando, FL 32801 > > This message was sent to address [EMAIL PROTECTED] > > ------ Forwarded message end ------ > > -- Arachne V1.70;rev.3, NON-COMMERCIAL copy, http://arachne.cz/ > > >
