: IMA server
I kept having problems with having to wait and wait for my hard drive light to stop blinking before my machine would do anything
my computer friend found out yesterday that someone was using my computer as a server using my cable modem's bandwidth when I had not been running my firewall
I had tried to upgrade Zone Alarm and wound up with a "free trial" copy somehow
He found tons of files that didn't belong
he said yesterday that a program can be enbedded in a jpg file
http://www.chevelles.com/forum/confused.gif
Got a lot of cleaning out to do now
http://www.chevelles.com/forum/frown.gif
Matt Smith Aug 9th, 01, 9:21 AM Dean,
What you had is what we call a Backdoor Trojan http://www.chevelles.com/forum/frown.gif. This is some of the WORST kind of nastyware because it allows someone to take over TOTAL CONTROL of your box http://www.chevelles.com/forum/frown.gif. The person that is controlling you has varying abilites, depending on the Trojan used. They have full file control, can grab your passwords, can spy on any IM's you may use, can use your mic/cam to spy on you etc.. This is, unfortuanlly, the latest craze with 15 year-old kiddies http://www.chevelles.com/forum/frown.gif. The client (controlling) end of some of these F****** things is easy enough for a 10 year old to use http://www.chevelles.com/forum/mad.gif THE PEOPLE THAT USE AND CODE THESE THINGS ARE SOME OF THE LOWEST SCUM ON EARTH http://www.chevelles.com/forum/mad.gif I have bourne witness to the horrors Trojans cause and have seen dear friends go through hell as a result. Off that soapbox.
As for the *.jpg problem, the *.jpg itself can't carry nastyware, but there's a vulerability in Winblows that allows anyone to make an *.exe file LOOK like a *.jpg file http://www.chevelles.com/forum/frown.gif. Later, I'll make some screenshots to tell you how to take care of this http://www.chevelles.com/forum/smile.gif. I presume you've learned never to let your guard down?? http://www.chevelles.com/forum/smile.gif
Cecil Aug 9th, 01, 11:57 AM Matt,
I read a while back that "they" were trying to pass some legislation or something that makes the person whose computer is taken over liable, at least partly, for any damage caused. This was when the stream of "denial of service" attacks were going on, where "always on" systems (cable modem, DSL)were being infected with a small program that just tried to open connections to various servers (I think AMAZON.COM was one of them).
Have you seen anything on this recently?
Matt Smith Aug 9th, 01, 1:22 PM Cecil,
Yes, I have heard this being suggested. the BIG problem with this type of Trojan is that they allow others to use your computer to commit illegal activities. So much of this BS is occuring, that its even been suggested that people that are compromised be SUED http://www.chevelles.com/forum/frown.gif. Dean, I'll be willing to bet that in your case some of the files you got stuck with are either one of 3 things, pirated software, cracking utilities, or porno. It's common pratice for these scum to use a Trojaned machine to store their crap on so they don't get caught with the stuff http://www.chevelles.com/forum/mad.gif. I would delete all the junk and change ALL your passwords NOW. If you're REALLY paranoid, I suggest a reformat is in order http://www.chevelles.com/forum/frown.gif. I would also recommend that you get a progrm such a Tauscan (http://www.tauscan.com) to scan for Trojans. Anti-virus software is NOT DESIGNED to really handle Trojans and in some cases is not effective against them http://www.chevelles.com/forum/frown.gif
[This message has been edited by Matt Smith (edited 08-09-2001).]
Dean, I've pulled your info off the site for now. this guy will have all your passwords including the ones to the T/C.
removed the moderator status too. Will update when you are in the clear.
uh, oh. have you ftp'd into chevelles.com lately? You have the BIG password on your machine.
update.
You have no access to chevelles.com right now. already changed the server info.
I've also whacked your access to macc.chevelles.net
You will have to change your password everywhere you use it. I've changed some of them and when you are clear, let me know and I'll send the change to you.
If you think of anywhere else, let me know so we can plug up any possible holes.
al
[This message has been edited by Al (edited 08-09-2001).]
Matt Smith Aug 9th, 01, 2:37 PM Al,
Shut down ALL of Dean's admin accounts NOW, Dean, change your tech password RIGHT NOW. This is a MAJOR incident. Dean, I think it best that you reformat that machine now. I want to MAKE SURE that your box is clean.
Good move Al http://www.chevelles.com/forum/smile.gif this was a MAJOR incident I really must post something about Trojans so that this dosen't happen to admin again
[This message has been edited by Matt Smith (edited 08-09-2001).]
[This message has been edited by Matt Smith (edited 08-09-2001).]
Deacon Aug 9th, 01, 4:03 PM That's cool Al, I'm glad I mentioned it
I left that machine with him so I'm not on it now also not on cable right now either and am running a fire wall
I'll never log onto my cable modem again without fire wall protection or even dial up for that matter
I'll most likely low level format and start over In a few days
Got to get back to the Show now, it's about time for Chuck to pull in
Dean Call
Matt Smith Aug 9th, 01, 5:59 PM Dean,
Please find out WHAT TROJAN it was that you had, thanks http://www.chevelles.com/forum/smile.gif
Deacon Aug 10th, 01, 6:43 AM <BLOCKQUOTE>quote:</font><HR>Originally posted by Matt Smith:
Dean,
Please find out WHAT TROJAN it was that you had, thanks http://www.chevelles.com/forum/smile.gif<HR></BLOCKQUOTE>
He wants to dig through all that stuff and see what he can find out before he re-formats it
I'll see what all he finds
This machine (my old one) which has been used mostly on dial up doesn't seem to have been infected
I guess the hackers aren't too interested in 56 K when I'm using it
I am running two firewalls now, Norton and Zone alarm
Is it ok to run both at the same time
I am back on Cable at this time no pop ups
I miss the "open discussion" forum
http://www.chevelles.com/forum/frown.gif
Oh well, Back to the show
I won't be near a computer til Sunday now
Thanks,
-------------
Dean
Gold member #3 http://personal.clt.bellsouth.net/clt/m/g/mgervin/smilies/biggthumpup.gif
[This message has been edited by Deacon (edited 08-10-2001).]
John_Muha Aug 10th, 01, 9:31 AM [QUOTE]Originally posted by Deacon:
[B]
I miss the "open discussion" forum
Hey Reverend,
Maybe we can trade identities during the day. I know it would drive a couple of guys crazy.(bad thought, bad thought)
Dean, email me and I'll let you know how to get in.
Enjoy the weekend!
Dean Aug 12th, 01, 5:36 PM Thanks Al !
------------------
Dean Call
Team Gold member #3 http://personal.clt.bellsouth.net/clt/m/g/mgervin/smilies/biggthumpup.gif
A.C.E.S. # 00235
Mid America Chevelle Club (http://macc.chevelles.net) #001
chevelles.net (http://chevelles.net)
My 69 (http://chevelles.com/showroom/deans69.jpg)
14th annual ACES/Midwest Chevelle Regionals pictures (http://www.bull-enterprises.com/dalesplace/htm/chevelle_shows/shows.htm)
A merry heart does good, like medicine, but a broken
spirit dries the bones.
[This message has been edited by Dean (edited 08-12-2001).]
| |