Possible trojan in Elf-Bowling game
Patricia A. Shaffer
with Norton 5.02 (virus files updated today) and The Cleaner, both of
which pronounced it free of know viruses and trojans. SO, I executed
the thing, and damned if my AtGuard firewall doesn't ask if its okay to
let the sucker connect to port 80 en route to www.nstorm.com! I blocked
it, of course. Tried to visit the site, but it doesn't come up. Did an
NS Lookup on it, and found it has a slew of IP's:
[www.nstorm.com]
Translated Name: www.nstorm.com
IP Address: 216.234.225.26
IP Address: 216.234.225.27
IP Address: 216.234.225.28
IP Address: 216.234.225.29
IP Address: 216.234.225.30
IP Address: 216.234.225.31
IP Address: 216.234.225.1
IP Address: 216.234.225.2
IP Address: 216.234.225.3
IP Address: 216.234.235.7
IP Address: 216.234.225.4
IP Address: 216.234.225.5
IP Address: 216.234.225.6
IP Address: 216.234.225.7
IP Address: 216.234.235.8
IP Address: 216.234.225.8
IP Address: 216.234.225.9
IP Address: 216.234.225.10
IP Address: 216.234.225.11
IP Address: 216.234.225.12
IP Address: 216.234.225.13
IP Address: 216.234.225.14
IP Address: 216.234.225.17
IP Address: 216.234.225.18
IP Address: 216.234.225.19
IP Address: 216.234.225.20
IP Address: 216.234.225.21
IP Address: 216.234.225.22
IP Address: 216.234.225.23
[Query: 216.234.225.0, Server: arin.net]
ThePlanet.com Internet Services, Inc. (NETBLK-THEPLANET-BLK-1)
1950 Stemmons Freeway, Suite 3048
Dallas, TX 75207
US
Netname: THEPLANET-BLK-1
Netblock: 216.234.224.0 - 216.234.239.255
Maintainer: TPCM
Coordinator:
Pathos, Peter (PP46-ARIN) pat...@THEPLANET.COM
214-800-5999 (FAX) 214-800-5998
Domain System inverse mapping provided by:
NS1.DNS-SERVERS.COM 204.0.130.30
NS2.DNS-SERVERS.COM 204.0.130.31
ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Record last updated on 31-Aug-1999.
Database last updated on 7-Dec-1999 03:52:57 EDT.
I've sent a query to Mr. Pathos ... no response yet.
So, what now? I've warned my daughter, and shall have to contact all
the other friends and family she sent this to ... but I'd sure like to
know what is sneaking past Norton and The Cleaner!
--
Patricia
Proud Citizen of the Commonwealth of Virginia
"Anti-spammers are the immune system of the Internet." (CDR M. Dobson)
"The spam wars are about rendering email useless for unsolicited
advertising before unsolicited advertising renders email useless
for communication."(Walter Dnes/Jeff Wynn) Help Outlaw spam! <http://www.cauce.org>
ham...@cix.compulink.co.uk
> So, what now? I've warned my daughter, and shall have to contact all
> the other friends and family she sent this to ... but I'd sure like to
> know what is sneaking past Norton and The Cleaner!
Feel free to send a sample of the suspect file to sup...@sophos.com for
analysis.
--
Graham Cluley, Senior Technology Consultant, Sophos Anti-Virus
email: gcl...@sophos.com http://www.sophos.com
US Support: +1 888 SOPHOS 9 UK Support: +44 1235 559933
Patricia A. Shaffer
>ra...@swva.net (Patricia A. Shaffer) wrote:
>
>> So, what now? I've warned my daughter, and shall have to contact all
>> the other friends and family she sent this to ... but I'd sure like to
>> know what is sneaking past Norton and The Cleaner!
>
>Feel free to send a sample of the suspect file to sup...@sophos.com for
>analysis.
It's on its way ... <g>
ham...@cix.compulink.co.uk
> Patricia, the game is not infected with anything. Nstorm.com
> produces it and a number of other games. If you'll notice, there
> is a button that you can push to register your high score
> on their server. It is my assumption that it is why it wants
> to connect to port 80.
That's interesting. I haven't seen the program yet, but we've certainly
had a lot of people worried about it judging by the searches on our
website. Maybe the developers could post a message on their website
explaining what's happening (or allow users to register their high scores
in a less brutal way).
Nick FitzGerald
> That's interesting. I haven't seen the program yet, but we've certainly
> had a lot of people worried about it judging by the searches on our
> website. Maybe the developers could post a message on their website
> explaining what's happening (or allow users to register their high scores
> in a less brutal way).
The web-site hits are probably due to a *rumour*
circulating by Email that an Email message with the
elfbowling.exe attachemnt is infected with some
nasty, undetectable (of course) virus that trashes
your PC on 25 December.
I've only seen one of these rumour Emails, and that
was very much second-hand, but for it to have got to
where I received it from, the rumour mill would have
had to have been fairly busy.
--
Nick FitzGerald
ham...@cix.compulink.co.uk
> The web-site hits are probably due to a *rumour*
> circulating by Email that an Email message with the
> elfbowling.exe attachemnt is infected with some
> nasty, undetectable (of course) virus that trashes
> your PC on 25 December.
If anyone still has one of these rumour emails I'd appreciate receiving a
copy of the warning at gcl...@sophos.com
Brandon
> *my* computer without my permission, and no game I play is important
> enough to convince me that I need to be connected to surreptitiously.
> Games are fun, and free games are often very nice, but not at the cost
> of my security. <g>
or stupidity or paranoia
>
> --
> Patricia
>
> Proud Citizen of the Commonwealth of Virginia
> "Anti-spammers are the immune system of the Internet." (CDR M. Dobson)
> "The spam wars are about rendering email useless for unsolicited
> advertising before unsolicited advertising renders email useless
> for communication."(Walter Dnes/Jeff Wynn) Help Outlaw spam! <http://www.cauce.org>
--
"Bill Gates?, I dont know any Bill Gates. Oh, you mean 'by putting
every conceivable
feature into an OPERATING SYSTEM, whether you want it or not, is
innovation' Bill
Gates? Yeah, I know the monopolizer"
http://web.mountain.net/~brandon/main.htm
For Beginners in Linux, Emulation, Midis, Playstation Info, and
Virii.
Brandon
> It really bothers me that people who don't have firewalls could be
> ignorantly hemorrhaging all their personal data whilst playing a "free
> game". I hope I'm wrong, but between nanae and acv, I tend to run a bit
> paranoid online.
really? it doesn't show at all, really.
Mirage
announced this morning that this 'virus' was circulating and advised
toasting it straight away. I sure know where to tune in for advice when the
'Y2K' virus hits! ;o)
Mirage
> The web-site hits are probably due to a *rumour*
> circulating by Email that an Email message with the
> elfbowling.exe attachemnt is infected with some
> nasty, undetectable (of course) virus that trashes
> your PC on 25 December.
>
Patricia B. Shaeffer
I hereby extend my profound apologies for causing concern
to the gaming company I have erroneously FINGERED as having
transplanted a virus on my computer.
This is the result of my being a complete and and utter
incompetenet big mouthed know-it-all, part-time anti-
spamming puss and wannabee viri expert.
As a result of my pure and utter stupidity I have caused
undue concern and sullied the reputation of a well
establshed company residing on the internet, while,I a
failed wife and mother and a major disspointment to my
recently deceased parents are a flop and failure, a big,
loud mouth shonk FUCKING up other more successful people's
endeacours than mine, loser.
Sorry.
Patricia B. Shaeffer
Dumb Fucking Puss deluxe
--
Posted Anonymously.
Bill Blevins
"Patricia B. Shaeffer " <anon...@cotse.com> kicked Regis in the
balls and said:
<snip>
Who the hell is Patricia B. Shaeffer? I've certainly not read any of
her posts. :)
If you're going to flame someone, at least pull your head out of your
ass and get their name right.
---
Bill Blevins
wble...@orion.org
ICQ# 42567863
AOL Instant Messenger
"catbyts"
Paws
Patricia B. Shaeffer <anon...@cotse.com> wrote in message news:1999120807...@cotse.com...
sop...@cix.compulink.co.uk
ham...@cix.compulink.co.uk () wrote:
> If anyone still has one of these rumour emails I'd appreciate receiving
> a copy of the warning at gcl...@sophos.com
Okay, we've published information about the Elf Bowling scare at
http://www.sophos.com/virusinfo/scares/elfbowl.html
Mike Martyn
If anyone has sent you, a game called "elfbowl.exe"
(cool> game, tenpin bowling
with little elves as pins), it apparently has a virus that will be
activated on December 25th.
Either take a risk, or delete before then.
Cheers,
Mike Martyn
<ham...@cix.compulink.co.uk> wrote in message
news:82k3bm$ok3$1...@plutonium.compulink.co.uk...
> ni...@virus-l.demon.co.uk (Nick FitzGerald) wrote:
>
> > The web-site hits are probably due to a *rumour*
> > circulating by Email that an Email message with the
> > elfbowling.exe attachemnt is infected with some
> > nasty, undetectable (of course) virus that trashes
> > your PC on 25 December.
>
> If anyone still has one of these rumour emails I'd appreciate receiving a
> copy of the warning at gcl...@sophos.com
>
sop...@cix.compulink.co.uk
(Patricia B. Shaeffer) wrote:
> Anonymous post.
<snip!>
Sounds like someone's got a grudge against Patricia again. If they had a
problem with her you'd think they would at least have the bottle to post
from their own address.
Patricia A. Shaffer
<anon...@cotse.com> wrote:
>Anonymous post.
>
>
>I hereby extend my profound apologies for causing concern
>to the gaming company I have erroneously FINGERED as having
>transplanted a virus on my computer.
>
>This is the result of my being a complete and and utter
>incompetenet big mouthed know-it-all, part-time anti-
>spamming puss and wannabee viri expert.
>
>As a result of my pure and utter stupidity I have caused
>undue concern and sullied the reputation of a well
>establshed company residing on the internet, while,I a
>failed wife and mother and a major disspointment to my
>recently deceased parents are a flop and failure, a big,
>loud mouth shonk FUCKING up other more successful people's
>endeacours than mine, loser.
>
>Sorry.
>
>Patricia B. Shaeffer
>Dumb Fucking Puss deluxe
You could at least get my name right ... but then you never were one for
keeping facts straight. Bye, again, Rod ... <plonk>
cqu...@iafrica.com
wrote:
>Here is a copy of a note I received today:
>If anyone has sent you, a game called "elfbowl.exe"
>(cool> game, tenpin bowling
>with little elves as pins), it apparently has a virus that will be
>activated on December 25th.
>Either take a risk, or delete before then.
If that's Kriz, it is indeed a virus - meaning it will infect other
files. So playing the game until 24 Dec and then deleting it will be
as much good as blowing out a match after you've lit the fuse.
>--------------- ----- ---- --- -- - - -
Error Messages Are Your Friends
>--------------- ----- ---- --- -- - - -
kurt wismer
> On Wed, 8 Dec 1999 02:30:24 -0500 (EST), "Patricia B. Shaeffer "
> <anon...@cotse.com> wrote:
>
> >Anonymous post.
> >
[snip]
> >
> >Patricia B. Shaeffer
> >Dumb Fucking Puss deluxe
>
> You could at least get my name right ... but then you never were one for
> keeping facts straight. Bye, again, Rod ... <plonk>
i realize you and rod don't get along too well, but i can say with quite a
high degree of certainty that that was not rod... subtlety isn't his
style, he's not the kind of guy to hide behind an anonymous remailer...
when he has something to say, he steps up and says it - *loud*...
there have actually been a rash of forged identities here in the past
month or so... you, me, raid, frederic... possibly more, i don't
remember... and there's been a lot of traffic coming out of coste.com
lately too... some opinionated troll figured out how to use an anon
remailer...
--
"when i ran i didn't feel like a runaway
when i escaped i didn't feel like i got away
there's more to living than only surviving
maybe i'm not there, but i'm still trying"
Patricia A. Shaffer
wrote:
>On Wed, 8 Dec 1999, Patricia A. Shaffer wrote:
>
>> On Wed, 8 Dec 1999 02:30:24 -0500 (EST), "Patricia B. Shaeffer "
>> <anon...@cotse.com> wrote:
>>
>> >Anonymous post.
>> >
>[snip]
>> >
>> >Patricia B. Shaeffer
>> >Dumb Fucking Puss deluxe
>>
>> You could at least get my name right ... but then you never were one for
>> keeping facts straight. Bye, again, Rod ... <plonk>
>
>i realize you and rod don't get along too well, but i can say with quite a
>high degree of certainty that that was not rod... subtlety isn't his
>style, he's not the kind of guy to hide behind an anonymous remailer...
>when he has something to say, he steps up and says it - *loud*...
>
>there have actually been a rash of forged identities here in the past
>month or so... you, me, raid, frederic... possibly more, i don't
>remember... and there's been a lot of traffic coming out of coste.com
>lately too... some opinionated troll figured out how to use an anon
>remailer...
Okay, I apologize to Rod, then ... for this mistake. But you have to
admit, it did have a lot of his tone.
Andreas Mueller
"kurt wismer" <a324...@cdf.toronto.edu> wrote in message
news:Pine.GSO.3.95.991208222956.11642A-100000@eddie...
> On Wed, 8 Dec 1999, Patricia A. Shaffer wrote:
>
> > On Wed, 8 Dec 1999 02:30:24 -0500 (EST), "Patricia B. Shaeffer "
> > <anon...@cotse.com> wrote:
> >
> > >Anonymous post.
> > >
> [snip]
> > >
> > >Patricia B. Shaeffer
> > >Dumb Fucking Puss deluxe
> >
> > You could at least get my name right ... but then you never were one for
> > keeping facts straight. Bye, again, Rod ... <plonk>
>
> i realize you and rod don't get along too well, but i can say with quite a
> high degree of certainty that that was not rod... subtlety isn't his
> style, he's not the kind of guy to hide behind an anonymous remailer...
> when he has something to say, he steps up and says it - *loud*...
>
> there have actually been a rash of forged identities here in the past
> month or so... you, me, raid, frederic... possibly more, i don't
> remember... and there's been a lot of traffic coming out of coste.com
> lately too... some opinionated troll figured out how to use an anon
> remailer...
>
Raid Slam
Shaffer <ra...@swva.net> wrote:
> their privacy policy ... it was 404. I wanted to read about the
> "hoax", but it wanted to establish another port connection with >
javascript ... Idon't surf with javascript enabled. I did find an >
email address, and sent an inquiry.
Shrug. Patricia, perhaps you should return your computer to the place
you purchased it from. I'm sure they'd be willing to give you a refund.
Almost every application these days wants to contact a server on the
internet, to register you, to save a high score, or to check for
updates. (winamp also supports this).
> It really bothers me that people who don't have firewalls could be
> ignorantly hemorrhaging all their personal data whilst playing a
> "free game".
While it's true that you can extract certain items of information on a
persons IP, this requires they be running (a) a RAT and/or (b) have
netbios enabled (which by default it is). However, except in the case
of a rat (as they can be written to do damn near anything) your not at
risk of leaking very much data. Unless, you have file sharing enabled
across your LAN, AND have netbios binded to it, along with netbui.
Providing you don't do these things, your computer at the most will
volunteer whatever you put in for the domain name, and your netbios
name.
If you have file sharing enabled, and have netbios binded, You are at
risk of allowing others from the net to browse your hard disks, and
access your computer as if you were right there doing it yourself.
I don't mean to seem rude, but your best bet would be to have contacted
the company that made the game, and waited for a reply from them before
sounding a paranoia 'trojan in game!' alarm. Not only would it have
conserved bandwidth (not that anybody these days seems to care) but it
would have been less embarrasing for you, should the game turn out to
be (and I suspect it is) legitimate.
Oh and one more thing, Your "firewall" in the strictest sense of the
word, isn't. It's a filter. Unless it's on another computer (not yours)
and yours accesses the net from that computer. Then it's a real
firewall, otherwise it's a windows based filtering program which is not
infallable.
> I hope I'm wrong, but between nanae and acv, I tend to run
> a bit paranoid online.
What exactly is nanae?
Regards,
Raid [SLAM]
http://www.coderz.net/Raid
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
Raid Slam
Shaffer <ra...@swva.net> wrote:
> I apologized above ... but it sure sounded like him ... maybe
> intentionally, trying to restart old flames? I've been too busy
> lately to keep up here as I would like.
How could it sound like him? This is text, it has no sound. Text can be
arranged with cut/paste from sections of a persons posting history to
create a post that might appear to come from them, but which didn't.
Admit it Patricia, you got duped.. Twice. Once by the game you thought
was sending out your precious anti-spam lists, and now for wrongly
targetting Rob.
Stick with your spam fights (heh) and leave anything more complex to
the real experts, mm'kay?
Patricia A. Shaffer
<soho20N...@hotmail.com.invalid> wrote:
>In article <b6gv4sc6u3vgnf676...@4ax.com>, Patricia A.
>Shaffer <ra...@swva.net> wrote:
>
>> I apologized above ... but it sure sounded like him ... maybe
>> intentionally, trying to restart old flames? I've been too busy
>> lately to keep up here as I would like.
>
>How could it sound like him? This is text, it has no sound. Text can be
>arranged with cut/paste from sections of a persons posting history to
>create a post that might appear to come from them, but which didn't.
>Admit it Patricia, you got duped.. Twice. Once by the game you thought
>was sending out your precious anti-spam lists, and now for wrongly
>targetting Rob.
Well, I didn't get "duped" by the game (my daughter may have); I merely
reported suspicious trojan-like activity (i.e., attempting to make an
outward bound connection without any warning). I specifically reported
it here, in acv, where I figured the experts would sort it out properly
... there still has not been any response from the av labs, so why don't
we just wait and see on that, hmm?
As for wrongly targeting Rod ... whoever wrote the post used tactics and
patterns I'd seen in previous posts of his, so I jumped to a conclusion,
which, in retrospect, might have been hasty ... so I apologized. <shrug>
Hind-sight is so much clearer, dontcha know <g>.
>Stick with your spam fights (heh) and leave anything more complex to
>the real experts, mm'kay?
I see you found out what nanae was all about. Sure, I'll be glad to ...
as long as trojans and viruses don't bug me. When I get bugged, I reach
for the RAID! (the insecticide, Raid, dear). I prefer to exterminate the
vermin first, then sterilize the remains, and dispose of them in
ecologically safe ways.
As for my leaving anything more complex to "the real experts", that is
precisely why I do come here. I know my own limits of expertise. I am
willing to admit my lack of depth of knowledge about viruses and
trojans, but I am not willing to roll over and play dead for the
critters who concoct them ... and yes, that is a finger pointed in your
direction. Now be a nice fellow and quit trying to aggravate me.
Patricia A. Shaffer
<soho20N...@hotmail.com.invalid> wrote:
>In article <imuq4ssn5jc782tdg...@4ax.com>, Patricia A.
>Shaffer <ra...@swva.net> wrote:
>
>> their privacy policy ... it was 404. I wanted to read about the
>> "hoax", but it wanted to establish another port connection with >
>javascript ... Idon't surf with javascript enabled. I did find an >
>email address, and sent an inquiry.
>
>Shrug. Patricia, perhaps you should return your computer to the place
>you purchased it from. I'm sure they'd be willing to give you a refund.
My family builds our own computers.
>Almost every application these days wants to contact a server on the
>internet, to register you, to save a high score, or to check for
>updates. (winamp also supports this).
Funny, none of the ones I use do so without asking permission first. I
don't generally register my stuff ... and I don't play those kinds of
games. When I want updates, I know where to go for them ... I don't
need to be force fed, thanks.
>> It really bothers me that people who don't have firewalls could be
>> ignorantly hemorrhaging all their personal data whilst playing a
>> "free game".
>
>While it's true that you can extract certain items of information on a
>persons IP, this requires they be running (a) a RAT and/or (b) have
>netbios enabled (which by default it is). However, except in the case
>of a rat (as they can be written to do damn near anything) your not at
>risk of leaking very much data. Unless, you have file sharing enabled
>across your LAN, AND have netbios binded to it, along with netbui.
>Providing you don't do these things, your computer at the most will
>volunteer whatever you put in for the domain name, and your netbios
>name.
I see you apparently haven't heard about all the items of information
Real has extracted from the computers of folks who used their audio
products ... CD serial numbers, ethernet card nubers, websites visited,
music stored on hard disk, details galore ... don't patronize me, son! I
know how much data is accessible by a determined hacker.
>If you have file sharing enabled, and have netbios binded, You are at
>risk of allowing others from the net to browse your hard disks, and
>access your computer as if you were right there doing it yourself.
Hmmm ... sort of like netbus and back orifice do? <g>
>I don't mean to seem rude, but your best bet would be to have contacted
>the company that made the game, and waited for a reply from them before
>sounding a paranoia 'trojan in game!' alarm. Not only would it have
>conserved bandwidth (not that anybody these days seems to care) but it
>would have been less embarrasing for you, should the game turn out to
>be (and I suspect it is) legitimate.
Read the subject line again ... it was carefully worded. And why should
I wait for a response from a company whose product I suspect before I
ask the experts here ...?
>Oh and one more thing, Your "firewall" in the strictest sense of the
>word, isn't. It's a filter. Unless it's on another computer (not yours)
>and yours accesses the net from that computer. Then it's a real
>firewall, otherwise it's a windows based filtering program which is not
>infallable.
Well, if you are looking for me to enlighten you as to how my system is
set up ... silly boy! Whyever would I want to tell a self-confessed
virus writer anything about what I have set up? Suffice it to say, I am
as safe a computer user as I know how to be, I am a fast learner and
know where to go to find answers, and I pay for the software I choose to
use.
cqu...@iafrica.com
<soho20N...@hotmail.com.invalid> wrote:
>Almost every application these days wants to contact a server on the
>internet, to register you, to save a high score, or to check for
>updates. (winamp also supports this).
Some do allow RAT-like invasion via "unchecked buffer" exploits. AIM
was caught doing this to block msn messages at one time.
Raid Slam
Shaffer <ra...@swva.net> wrote:
> My family builds our own computers.
Building a computer isn't difficult. It's one of my job
responsibilities. However, let's not confuse building one with actually
understanding how they work.
> Funny, none of the ones I use do so without asking permission
> first. I don't generally register my stuff ... and I don't play
those > kinds of games.
No need to cop an attitude...
You may not register software, nor run applications which try to call
home, that's you. You are not everybody. In the business sense, many
people do run applications that do contact home. I realize you don't
like this, and I agree it's not a good policy to do it, but some
software programs do. That's simply a fact of life. If it's internet
aware, there's a real good chance it's going to want to talk to it's
originating server at some point.
> When I want updates, I know where to go for them ... I
> don't need to be force fed, thanks.
It's apparent we have a miscommunication in progress. I didn't suggest
nor did I say you needed to be force fed.
> I see you apparently haven't heard about all the items of
> information Real has extracted from the computers of folks who used >
their audio products ... CD serial numbers, ethernet card nubers, >
websites visited, music stored on hard disk, details galore ... don't
> patronize me, son!
You clearly don't read so well do you? I covered this under option (a)
rat; remote access tool; and variences. This is not the same as
collecting information about you based soley on your IP. In the case
your talking about, the user ran a program which he/she was not aware
was collecting information. I repeat again, this is NOT the same as
collecting data from just your IP.
Oh, and don't call me son.
> I know how much data is accessible by a determined hacker.
Nah, apparently you don't.
> Hmmm ... sort of like netbus and back orifice do? <g>
Umm, No. netbus and back orifice require a server/client program.
Netbui with file sharing enabled requires neither. All you need do, is
map network drive, punch in users IP, and enter the password if the
person bothered to place one. Walla, his local drive, mapped to you.
Big difference, hun.
> Read the subject line again ... it was carefully worded. And why
> should I wait for a response from a company whose product I suspect
> before I ask the experts here ...?
Because the company that produced the game would tend to know more then
someone who does not have access to it's source code. This isn't a hard
thing to understand.
> Well, if you are looking for me to enlighten you as to how my
> system is set up ... silly boy! Whyever would I want to tell a >
self-confessed virus writer anything about what I have set up?
You've already told me your running atguard firewall. (I have that and
several other programs). You've further explained that the game tried
to contact it's home on port 80 of your machine that's running the
firewall software. So you see, You gave me information without even
realizing it.
Had you spent less time preparing your assualt on me, and more time
reading what I wrote; this wouldn't be required. But since you didn't...
I wasn't looking for enlightment of your system setup from you, Your
incompetent as far as security issues go, overly paranoid, and just
plain stupid.
> Suffice it to say, I am as safe a computer user as I know how to be,
I > am a fast learner and know where to go to find answers, and I pay
for > the software I choose to use.
Paying for the software you choose to use is an honorable thing,
however, that wasn't the topic of this thread.
Raid Slam
wrote:
> Some do allow RAT-like invasion via "unchecked buffer" exploits.
> AIM was caught doing this to block msn messages at one time.
LoL. unchecked buffer exploits is usually a glitch in the string
handling code. Ie; it doesn't check to see if the incoming data stream
has exceeded it's storage capacity. Laylems terms, fucking lazy coder
who didn't do range checking/error handler.
I didn't know AIM had pulled this, thanks for letting me know.
Raid Slam
Shaffer <ra...@swva.net> wrote:
> Well, I didn't get "duped" by the game (my daughter may have); I
> merely reported suspicious trojan-like activity (i.e., attempting to
> make anoutward bound connection without any warning). I specifically
> reported it here, in acv, where I figured the experts would sort it >
out properly
Yes you did. You got paranoid, and decided to alert on it, without
contacting it's creators first. That's being duped, suckered, wool
pulled over your eyes.
> .... there still has not been any response from the av labs, so
> why don't we just wait and see on that, hmm?
We've already seen the letter the company wrote regarding the game, and
two av labs, sophos and norton have posted about it; Needless to say,
what they posted doesn't support your claim of possible virus/trojan.
> As for wrongly targeting Rod ... whoever wrote the post used
> tactics and patterns I'd seen in previous posts of his, so I jumped
to > a conclusion,which, in retrospect, might have been hasty ... so I
> apologized.
might have been hasty. Whoever did this or that... Awe face it pat, you
accused the wrong person, without any evidence whatsoever to do so. You
obviously hold a grudge against him, and apparently myself based on
your previous reply.
> I see you found out what nanae was all about.
If I knew what nanae is/was/will be, I wouldn't be asking you. So
again, What is nanae?
> Sure, I'll be glad to as long as trojans and viruses don't bug me. >
When I get bugged, I reach for the RAID! (the insecticide, Raid, >
dear). I prefer to exterminate the vermin first, then sterilize the >
remains, and dispose of them in ecologically safe ways.
Ahh.. Akin to shouting "virus!" and formatting your hard disk in a
quick haste to "exterminate" the vermin. Real intelligence you display,
indeed.
Btw, My nick isn't taken from the insectide bottle, it does however
have to do with computers. (that should have been obvious).
> willing to admit my lack of depth of knowledge about viruses and
> trojans, but I am not willing to roll over and play dead for the
> critters who concoct them ... and yes, that is a finger pointed in
> your direction. Now be a nice fellow and quit trying to aggravate me.
You are a very paranoid person if that's why you think I replied to
you. I don't expect nor request that you or anyone else roll over and
play dead. But, hey, if your wrong about something; expect to be called
on it. If you call that rolling over and playing dead, then you suffer
from an overinflated ego. You have no reason to be pointing any fingers
at me, Everything i've said to you has had factual basis for saying it.
A few of your comments are off the wall at best, however.
Travis Kirton
play this game, how about using a TCP/IP log program to see what data is
being sent.
Travis Kirton
"Patricia A. Shaffer" <ra...@swva.net> wrote in message
news:pnit4sgbfdmmj12tn...@4ax.com...
> On Tue, 07 Dec 1999 19:47:24 -0600, Bill Blevins <wble...@orion.org>
> wrote:
>
> >This is an email I received from NStorm regarding Elf Bowling.
> >
> <snipped> I got the same thing, several times. Considering the fact
> that I had already said Norton didn't detect any viruses, and that I
> reported "trojan" activity, I thought it was rather an auto-ack in
> response to what they thought was yet another hoax report.
>
> Someone else posted here that it was probably an automatic registration
> thing. I was also offered the explanation, by a company representative,
> that the contact was a "call home" experiment:
>
> >The activity you see is simply an HTTP request sent to our nstorm server,
> >and a response from the server. Absolutely no information is collected
or
> >sent from the computer playing the game. This is in there as a test of
> >possible future technology to allow us to send "live updates" to future
> >games (example - being able to display on the game what the 5 current
high
> >scores are at the time it is played).
>
> My guess is that somewhere there is an answer ... unfortunately, the
> examples provided are not quite congruent. In any case, Real got
> royally reamed for gathering personal data surreptitiosly with its audio
> programs, and a couple other companies are scurrying to avoid publicity
> for preparing to do the same thing Real did. Just because one is a bit
> paranoid doesn't mean they are *not* out to get one's data!
Travis Kirton
You're the biggest moron that has ever set foot on this earth.
Travis Kirton
"Patricia B. Shaeffer " <anon...@cotse.com> wrote in message
news:1999120807...@cotse.com...
> Anonymous post.
>
>
> I hereby extend my profound apologies for causing concern
> to the gaming company I have erroneously FINGERED as having
> transplanted a virus on my computer.
>
> This is the result of my being a complete and and utter
> incompetenet big mouthed know-it-all, part-time anti-
> spamming puss and wannabee viri expert.
>
> As a result of my pure and utter stupidity I have caused
> undue concern and sullied the reputation of a well
> establshed company residing on the internet, while,I a
> failed wife and mother and a major disspointment to my
> recently deceased parents are a flop and failure, a big,
> loud mouth shonk FUCKING up other more successful people's
> endeacours than mine, loser.
>
> Sorry.
>
> Patricia B. Shaeffer
> Dumb Fucking Puss deluxe
>
> --
> Posted Anonymously.
>
>
kurt wismer
> "kurt wismer" <a324...@cdf.toronto.edu> wrote in message
[snip]
> > there have actually been a rash of forged identities here in the past
> > month or so... you, me, raid, frederic... possibly more, i don't
> > remember... and there's been a lot of traffic coming out of coste.com
> > lately too... some opinionated troll figured out how to use an anon
> > remailer...
> Time to start using PGP signatures?
not on your life... few people would bother (or know how) to check them
(can you imagine how much time it would take to check the 150+ messages
per day that go through here?) and so the forge monkeys could just add
false signatures to the forged messages and make them look legit...
Christiane
I am a normal user with not very much knowledge of comps, viruses, trojans
or god knows what else.
I thought this was a place to get advise from people who are willing to give
advise and not a place to
*insult* others who are asking for help and admit that they want other
peoples opinions.
Someone sent me this elfbolw.exe today and I remembered that I heard about
it containing a
virus and I had seen the topic here a few days ago. I did not open the file
because me as a normal user and no 'crack',
I was 'paranoid, stupid, dumm' and all of the other words that have been
used in previous mails.
About 70% of the posted messages are insults without any information about
the real issue.
Thanks to the 30%.
On a last note: Before you start going on about my grammar, spelling or
choice of words: I am not English and I do appologise already in advance for
my unbarable and unexcusable lack of knowledge on every level - computer
wise and English wise.
I am aware about it - so don't waste your time on it.
Cheers
Christiane
Travis Kirton <kir...@lfihomes.com> wrote in message
news:4OW34.5266$e03.2...@typ12.deja.bcandid.com...
Eric Chien
outward bound connection. More of a privacy issue than a trojan issue
(perhaps... highly debatable and since this is a.c.v., i'm sure
someone will debate it :) ).
Nonetheless, the program makes a connection to tell a server that you
are playing the game. This allows NStorm to track how many people
(potentially unique, at least computer-wise) are playing the game and
when. This isn't (I didn't notice anything) mentioned when you play
the game.
You can find statements to this fact on Nstorm (www.nstorm.com) or of
course do your own analysis.
...Eric
Patricia A. Shaffer
wrote:
>I have a thought. If you're concerned about what data is going out when you
>play this game, how about using a TCP/IP log program to see what data is
>being sent.
No data is being sent from my system because I do not allow outgoing
unless I specifically allow it.
An update on this ... NSTORM's primary goal is to sell data to
advertisers. From the homepage:
> Ban the Banners and Start the Storm™.
> Catchy huh? It should be, because it describes
> how NVision Design can help you take your
> market by storm. NStorm™ is a patent pending
> process that drives millions of hits to our clients'
> Web sites. NStorm combines your message with
> the fun of e-mail games, then lets the natural
> course of e-mail exchange distribute the message
> to potentially millions of would-be customers.
And from their Privacy Policy:
> NVision Design also assumes no responsibility, and shall not be
> liable for, any damages to, or viruses that may infect, your
> computer equipment or other property on account of your
> access to use of, or browsing in the Site or your downloading
> of any materials, data, text, images, video, or audio from the
> Site.
So they are not taking *any* responsibility for site security. They
invite folks to download "games" as a means of spreading advertising
messages, and encourage the spread of these games via e-mail, but will
not guarantee them free from virus or trojan even when originally
downloaded from their website.
> 4. Any communication or material you transmit to the Site by
> electronic mail or otherwise, including any data, questions,
> comments, suggestions, or the like is, and will be treated as,
> non-confidential and non-proprietary. Anything you transmit
> or post may be used by NVision Design or its affiliates for any
> purpose, including, but not limited to, reproduction,
> disclosure, transmission, publication, broadcast and posting.
Hmmm ... transmission "otherwise" ... like when my computer is ordered
by their game to "call home"?
Folks, this *may* still look like a reputable company to some of you,
but it looks to me as though it is aiming to funnel data to its real
clients, or at least, to shunt users to their websites, without so much
as a notice to that effect. That is intrusive, abusive, and constitutes
a misappropriation of private resources for their own purposes. It may
also constitute fraud, since the folks who get the games from friends
via e-mail are not warned in advance ... nor do they get to read the
enlightening Privacy Policy.
For those of you who are still thinking me paranoid, I'll give you some
more ammunition: I am thinking that all the hype from Norton, et al.,
about there being no viruses found in the games was a bit too
convenient: I'm guessing folks who reported trojan behavior didn't know
that was what it was, and Norton, being too stuck up to bother to read
the accompanying letter to get the details of what was observed, scanned
it and reported no viruses.
Richard M. Smith
I downloaded and ran Elfbowling on my Win98 system with a packet sniffer.
The first time I ran the program, it made the follow HTTP GET request
to www.nstorm.com:
GET http://www.nstorm.com/gamehits/elfbowl/elfmain.html?75086
First off, they have a syntax error in the GET request. It shouldn't
include "http://www.nstorm.com" in the command. The 75086
is probably some sort of user ID. The Nstrom Web server
returns a 404 error -- Page Not Found.
Looks like to me they are counting the number of times the
game is passed along. A bit odd, but not the end of the world.
I ran the game a few more times, but didn't see it sending
out any more info.
Richard
Webbtron
people.
craignews:4a225sgv94rd1dpng...@4ax.com...
Joakim von Braun
I think most of you are missing same basic facts. First of all do not
think there is any good protection for unknown trojans at all. There os
not a single AV or antitrojan program on the Internet that is able to
detect unknown trojan horses.
Antitrojans programs like The Cleaner or TDS-2 only detects some 50 per
cent of the known trojans written the three last years. The AV programs
are much worse. They only detect five to fifteen per cent of the known
trojans. Not very good or reliable protection.
The general knowledge about trojans is very limited. And when you se
people talking about a program possibly infetcted with a trojan horse and
they declare the program "virus free" is a hole dirrent story.
One have to take the defence against trojans more seriously and at the
same time learn people that trojans (or worms) are not just an other form
of viruses. Trojans are completly different from viruses.
Cheers,
Joakim