Dale schreef: > Hi guys, and Holly, :D > > I'm on dial-up and try to watch my traffic and every once in a while > I see a little blip on gkrellm. I fired up ethreal and started to > sniff around. Parden the pun there. LOL This is what it says > though which is strange. It's really the last two lines that matter > but I am putting the whole thing here just in case. Sorry so long. > <snip> >> Microsoft Messenger Service, NetrSendMessage Operation: >> NetrSendMessage (0) Server Max Count: 10 Offset: 0 Actual Count: 10 >> Server: Microsoft Client Max Count: 35 Offset: 0 Actual Count: 35 >> Client: inform you about a virus detection Message Max Count: 497 >> Offset: 0 Actual Count: 497 Message [truncated]: Windows has >> detected a virus on your system. In order to remove it please >> follow this steps:\n\n1. Start Microsoft Internet Explorer or your >> default web browser.\n2. Type into the navigation bar: >> http://www.cleanmyreg. > > > > What is this? Is this some spam and it pops up a window if I were > using windoze? I went to the site and it looks like they want to > sell something, which I ain't buying by the way. ;-)
Yes-- not that I know anything about this, but it looks like a "trick" popup. The site does not seem to be checking your browser ID (which would say Linux), but instead assumes that 1) you are a Windows user (after all, isn't everybody?) 2) you use IE (after all, doesn't everybody?) 3) you do not have a competent admin on your system -- the message uses Microsoft Messenger Service, which is turned on by default under Windows, and enables these kind of popup messages across LAN and WAN, sort of like a mini MSN-- which I believe it connects to as well-- and is not only quite "useless" except to people like this, but also quite insecure because it lets unknown people like this send you "messages" without your active consent. Any Windows user I know with even a grain of competence turns it off first thing after installation. But of course Joe and Jane Average User don't know to do this because their OS is supposed to competently administer their system for them. Oh, well keeps my bf in barter trade goods for cleaning the PCs of Joe and Jane out again every 3 months or so. > How can I tell them to stop this? 1) Don't go to the site. 2) If you must go to the site, don't do so with IE (if you're using Windows for whatever reason) 3) If you must go to the site using IE, for heaven's sake, don't click that link (though that may not protect you; some sites will also transfer their payload when you try to close the popup even if you don't click the link) 4) If you must go to the site using Windows, then have a good a) firewall, 2) ad-blocker, 3) spyware blocker/cleaner, and 4) antivirus scanner present on the system. You could also complain to 1) the site 2) the hosting admin 3) the authorities, but it's clearly a "commercial deal" for somebody -- either the host or the admin has coded/allowed this pass-through to be present on their site, and /somebody/ has either been paid to do so or expects to get paid for doing so in terms of click-through revenues or advertising view revenues or, more unpleasantly, virus or trojan proliferation, and imo, "regular users" are unlikely to stop the flow of compensation except by not participating. But you don't have Windows or the Microsoft Messenger Service on a Gentoo box; this foolishness is not actively dangerous to you; especially since you don't have a Registry either, so there's no reason for you to follow the link to any supposed Registry-cleaning program. GKrellm is just reporting that somebody tried to send you a message through this non-existent service. > Oh, only my main rig does this. My three servers which have no GUI > stuff or browsers installed do not get this, that I can see anyway. > > Another thing a bit off topic. I noticed earlier that there was a > post in some foreign language, looked like Japaneese or Chinese and > looked like spam to me. Later I got one in my personal email. Can > someone get my email address from this list? I have got a few emails > from people, which is OK as long as it is not spam. Just curious. I > like the list but I didn't know my private email would become > public, if this is true. I never understand about how people think their email address is "private", when it's meant to allow communication between the public network (the Internet) and you. You can take your number out of the phone book too, which means that _most_ random people will be unlikely to call you, but anyone can simply punch a series of numbers--even accidentally-- and call you, because you are connected to the public telephone network by your phone number. In the early days of telemarkting, that used to happen a lot; even now, there are computer-generated phone calls that call and when you pick up the phone, you get a computer talking to you (often telling you to hold on for a live person who's going to try to sell you something). Such setups don't know your "private" telephone number; they're just guessing randomly, but managed to reach you anyway. Your phone number, address and email address are semi-public just by the fact of their existence. As for the list, I'm sure that the list's list of user addresses is not made public, but the list is publically archived on gmane and is available via newsgroups. It's certainly possible for a bot to troll the archives and attempt to extract email addresses, just as it is possible for a bot to put random strings in front of your ISP's domain name and send out spam to all generated addresses (which would be unrelated to your email address being visible on this list). And it has been known to happen that somebody on this or any list gets infected by a virus (we don't live in a pure Linux world after all, and some people run 1) Linux on Windows via VMWare or Win4Lin, 2) run mailservers connected to Windows machines that may become infected by a virus that propagates through the network; 3) dual-boot and possibly share their PC with a non-technical person who allowed the PC to become infected by a virus; 4) are connecting to the list from a Windows machine that is not under their control (i.e., from a hotel or Internet cafe while travelling on business), and said infected machine trolls the individual user's address book for places to send their spam or proliferate the virus/trojan. Having sent mail with this email address, it is no longer "private" (the only way to keep a secret truly secret is to be the only one who knows it, after all); anybody who reads your mail now knows your address, and you have no way of knowing who is reading your mail-- who is "all the members of this list"? How many people is that? Do you know all of our email addresses, and have you signed a waiver saying "I want everybody on this list <list of each and every one of our email addresses> to know my email address"? No? Then you have already made your email address "public" by using it to send mail to people that you don't specifically know (the public, otherwise known as "us"). If you'd like an address to use for the list that would run some interference between your personal email address and any possible spammers, I (and probably 95% of everybody else on this list) can send you a GMail invite which you can use as your "public" email address, which would then "catch" such additional unwanted generated mail so it never reaches your personal ISP email. You might also consider re-evaluating your ISP-- I never saw the list mail you're referring to, and I also never got the original PayPal crap people talked about (though I got the replies, which was funny as I had no idea what people were talking about)-- they didn't even get filtered to my Trash. I really never got them, and I think that's because they were caught by my ISP's spam filter. Does your ISP filter spam? My boyfriend the Windows user, on the other hand, has a policy of checking his mail via our ISP's Webmail before downloading it. He just deletes what little spam gets through the filters off the servers before opening Mozilla Mail and downloading the rest. Which to me seems like a PITA, but it is an effective solution (in the usual Windows style of more work on the user's part because you can't trust your OS to protect you in any way whatsoever). Again, if your ISP does not provide webmail, you can use GMail, Hotmail, Yahoo!Mail or whatever web-based mail account to communicate with the list, insulating your ISP account from any spam that participating in a public list might cause to occur. HTH, Holly -- gentoo-user@gentoo.org mailing list
