Re: Can you ID the program that did this??

Fri, 29 Jan 1999 10:25:31 -0500 

On Thu, Jan 28, 1999 at 08:26:21PM -0500, Security Administrator wrote:
> A user on our system (using Windows and running ICQ, in case its relevant)
> was going about their work when suddenly a window popped up with the
> message "Message from a friendly hacker.  Just wanted to let you know your
> computer is hackable."  The only button available to push said "OK".  The
> message was in various type styles and fonts.  The window specifically did
> not have a title bar or side bars - it was a simple, blank window.  There
> were also no commercial markings anywhere in or on the window.
> 
> 
> If you can identify a program that might have done this, I would
> appreciate it immesurably.  As it is, we really don't know what we are up
> against.

Sounds like BackOrifice or Netbus. Either run your favourite virus scanner
which is capable of detecting these programs, or go to

 http://www.spiritone.com/~cbenson/current_projects/backorifice/backorifice.htm

for a program which claims it can detect and remove all running instances of
BackOrifice, or 

 http://members.tripod.com/~deltasitez/netbus.html

for a list of programs which claim to detect and remove Netbus. Should you
accidentally blow up your comupter using these tools, don't blame me... I
haven't tried any of them since I do not use a vulnerable operating system
(both BO and Netbus are targeted at Windows 95 and Windows 98. NT is not
vulnerable (yet). Linux - which I use - isn't either, although you might be
able to run the BO or Netbus `server'  in the WINE Windows `emulator' - haven't
tried that one yet).  

Good luck...

Cheers//Frank
-- 
  WWWWW      ___________________________
 ## o o\    /       Frank de Lange       \    =================================
 }#   \|   /      +31-70-3712708 day      \   #   WARNING: Do not add these   #
  ##---# _/      +31-320-252965 night      \  # addresses to any mass mailing #
   ####   \[EMAIL PROTECTED]/  #  list without prior approval  #
           \  [EMAIL PROTECTED]  /   #     of the address owner.     #
            ------------------------------    =================================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to