Zombie porn spam?
Android Cat
http://grc.com/dos/grcdos.htm
The lights may be on, but nobody's @Home
I have recorded the IPs and account numbers of more than 100 @home
subscribers who have security-compromised Windows machines currently
running active Trojan attack Zombies. As we will see below, each of
those machines also receives a complimentary copy of the latest version
(v2.21) of the incredibly invasive Sub7Server Trojan. This grants the
hacker who is controlling the Zombie - the "Zombie-master" - absolute
control over his victims' machines. Among the many invasions the
Sub7Server Trojan enables is monitoring every keystroke for the purpose
of capturing online passwords, credit card numbers, eBanking passwords
and you name it.
Now, you might think that this would be significant to @home's chief of
security, Todd Welch, but it isn't. I tried to talk to him on the phone,
leaving a detailed voicemail describing the situation, but I was
shuffled off into the system and asked to eMail the IP's to
"ab...@home.com". Refusing to have the machine IP's disappear and never
to know what, if anything, had been done, I called back the next day and
got Todd on the phone. I have no idea why, but he didn't sound at all
happy to be talking with me. It was as if he wished this problem would
just go away - or that at least, I would.
I explained that many of the compromised and Zombie-infected @home
machines were showing a machine name of *.sfba.home.com, which I
presumed, and he reluctantly confirmed, stood for "San Francisco Bay
Area". Since @home is in Redwood City on the Bay Area Peninsula, I
thought that perhaps I could fly up to their offices, then he and I
could make a few house calls on some Bay Area Zombie-infected @home
subscribers.
=====
The sporner just whacked was a sfba machine. Hmm... a detection method
for the Sub7Server Trojan might be useful. (It might be possible to use
the same hole to immediately shut off the sporn, but that'd be ethically
dodgy.) It would be nice to know if Co$ (or who ever) is using
throw-away accounts like the last time, or hijacked zombie computers.
Ron of that ilk.
Phil Scott
Frog2, can you comment on this post. It seems that if Gibson is correct, that
the zombi tactic could be used to produce credible sporn from a critics
computer..and then be used to prosecute him or invalidate him in court on some
other set up charges. Something like the Henson. or Erlich cases.
To win the case you would have to first be allowed to educate a jury in how the
zombie operates, then prove it was a zombie to the jury.. that might be costly
no?
If you fail or are not allowed, as in the henson case, you get to spend a bit
of time in the slammer, and labled rather badly as it were.
Or am I off on some point here.
Phil Scott
On Wed, 6 Jun 2001 13:52:33 -0400, "Android Cat" <androi...@hotmail.com>
wrote:
©Anti-Cult® - www.users.wineasy.se/noname/
In Message-ID: <3b1e777d...@news.tdl.com>
From: phils...@hotmail.com (Phil Scott).
Organization: The Diamond Lane.
Wrote on the subject: Frog2 Re: Zombie porn spam?:
>
>Frog2, can you comment on this post. It seems that if Gibson is correct, that
>the zombi tactic could be used to produce credible sporn from a critics
>computer..and then be used to prosecute him or invalidate him in court on some
>other set up charges. Something like the Henson. or Erlich cases.
>
>To win the case you would have to first be allowed to educate a jury in how the
>zombie operates, then prove it was a zombie to the jury.. that might be costly
>no?
>
>If you fail or are not allowed, as in the henson case, you get to spend a bit
>of time in the slammer, and labled rather badly as it were.
>
>Or am I off on some point here.
>
>Phil Scott
>
Aw for fucks sake, first the zombie has to be put on the puter, either
by an E-mail attachement, or by directly copying it to the HD. The
zombie prg has to be run once, to make it do it's initial business.
Who in these days are stupid enough to run a received attachment from
unknown parties, and who is stupid enough not to have a good and up to
date virus program?
However, of course if such a zombie was created as a news program,
capable of being connected to from outside, of course it would be
possible to hijack the puter it was put on.
That said, I can't feel sorry for anyone stupid enough to run unknown
attachements, so if some critic is being attacked in this way, keeping
in mind how easy it is to defend youself...
Sten-Arne
--
---------------------------------------------------------------------
PR Series 12
PROPAGANDA BY REDEFINITION OF WORDS
[...]
"Psychiatry" and "psychiatrist" are easily redefined to mean "an
anti-social enemy of the people". This takes the kill crazy
psychiatrist off the preferred list of professions. This is a good use
of the technique as for a century the psychiatrist has been setting an
all time record for inhumanity to man. [...]
The way to redefine a word is to get the new *definition* repeated as
often as possible.
Thus it is necessary to redefine medicine, psychiatry, and psychology
downward and define Dianetics and Scientology upwards.
This, so for as words are concerned, is the public opinion battle for
belief in *your* definitions, and not those of the opposition.
A consistent, repeated effort is the key to any success with this
technique of propaganda.
One must know how to do it.
-- L. Ron Hubbard
HCOPL 5 Oct 1971
---------------------------------------------------------------------
******* Body thetans? We don't need no stinking Body Thetans! *******
*********** http://www.users.wineasy.se/noname/index.htm ************
IRC #Scientology JavaChat http://www.users.wineasy.se/noname/irc.html
* Multimedia: http://www.users.wineasy.se/noname/multimed/index.htm *
******************* ze...@wineasy.se (Anti-Cult) ********************
---------------------------------------------------------------------
Phil Scott
I got the impression that the zombie could be inserted through an open port or
other means.
Not all critics are computer specialists you know. That doesnt mean they are
idiots. In fact Sten, Id bet you 100 to 1 odds that you are unable to do
quality brain surgery.. doesnt mean you are an idiot. Just means that brain
surgery isnt your specialty.
In my case I am an industrial systems engineer, that takes most of my time, I
have not spent the time required to become a hacker or maintain those skills...
we are the targets of the hacking though.
From what Ive seen Black Ice for instance supposedly a good program has failed
in a number of cases, there will it seems always be ways to defeat security
programs used by regular citizens if Gibsons experience is any clue.
Phil Scott
Phil Scott
<Anti...@galacticfederation.homeip.net> wrote:
>Aw for fucks sake, first the zombie has to be put on the puter, either
>by an E-mail attachement, or by directly copying it to the HD.
Gibson seemed to indicate that the zombie could be inserted by other means, no
need for it to come in as an attachment etc.
btw. I have not opened an attachment from even fairly well know sources in 5
years.
>and who is stupid enough not to have a good and up to
>date virus program?
I guess 'good' is relative, Gibson said Black Ice for instance didnt work on the
zombies.
>
>However, of course if such a zombie was created as a news program,
>capable of being connected to from outside, of course it would be
>possible to hijack the puter it was put on.
Thats interesting isnt it? Could the cult use this to insert zombies that take
over ones computer and can be controlled by the 'zombie master' as he calls them
to say for instance issue kiddie porn from ones computer?
Phil Scott
Thomas Oakley
Hash: SHA1
Phil Scott wrote:
>
> On Wed, 06 Jun 2001 20:39:56 +0200, ©Anti-Cult® -
> www.users.wineasy.se/noname/
> <Anti...@galacticfederation.homeip.net> wrote:
>
> >Aw for fucks sake, first the zombie has to be put on the puter,
> >either by an E-mail attachement, or by directly copying it to the
> >HD.
>
> Gibson seemed to indicate that the zombie could be inserted by
> other means, no need for it to come in as an attachment etc.
That would be basically impossible, unless someone used some really
strange buffer overflow exploits in certain software. Generally
speaking, unless you or someone else executes the "zombie" file (or
anything else), it won't become active. Just common sense.
> btw. I have not opened an attachment from even fairly well know
> sources in 5 years.
>
> >and who is stupid enough not to have a good and up to
> >date virus program?
>
> I guess 'good' is relative, Gibson said Black Ice for instance
> didnt work on the zombies.
Black Ice is a firewall, actually. A crappy one judging by Gibson's
data.
> >
> >However, of course if such a zombie was created as a news program,
> >capable of being connected to from outside, of course it would be
> >possible to hijack the puter it was put on.
>
> Thats interesting isnt it? Could the cult use this to insert
> zombies that take over ones computer and can be controlled by the
> 'zombie master' as he calls them to say for instance issue kiddie
> porn from ones computer?
That was a hypotethical situation. Reading a bit of news won't get
you infected with anything, as far as I know. Unless, of course, the
Micro$oft newsreader runs inline VBScript, in which case you could
get a script virus. Sounds unlikely, though. Very unlikely, since it
hasn't been exploited yet.
Really, learning more about computers will leave you less open to
any kinds of attacks, and will reduce the amount of paranoia
considerably.
> Phil Scott
>
> >
> >That said, I can't feel sorry for anyone stupid enough to run
> >unknown attachements, so if some critic is being attacked in this
> >way, keeping in mind how easy it is to defend youself...
> >
> >Sten-Arne
> >
- --T. Oakley-------
- --Eekgay----------
- --ID: 0x84660AD1--
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBOx6GHksUEceEZgrREQLC6ACeOcMPvf1+P6N4y0rdd0JkDz2MllcAoNaK
hk0jCVuw4EFLyxUu5e1qVokJ
=GeJX
-----END PGP SIGNATURE-----
Android Cat
<Anti...@galacticfederation.homeip.net> wrote in message
news:futshtolrionf4fmt...@ARSCC.Sweden.Dep.OSA.Surveillanc
e...
> On Wed, 06 Jun 2001 18:39:57 GMT.
> In Message-ID: <3b1e777d...@news.tdl.com>
> From: phils...@hotmail.com (Phil Scott).
> Organization: The Diamond Lane.
> Wrote on the subject: Frog2 Re: Zombie porn spam?:
>
> >
> >Frog2, can you comment on this post. It seems that if Gibson is
correct, that
> >the zombi tactic could be used to produce credible sporn from a
critics
> >computer..and then be used to prosecute him or invalidate him in
court on some
> >other set up charges. Something like the Henson. or Erlich cases.
>
> Aw for fucks sake, first the zombie has to be put on the puter, either
> by an E-mail attachement, or by directly copying it to the HD. The
> zombie prg has to be run once, to make it do it's initial business.
>
> Who in these days are stupid enough to run a received attachment from
> unknown parties, and who is stupid enough not to have a good and up to
> date virus program?
There is a bug in Outlook/Outlook Express where it will autorun some
attachments (.vbs I think) as soon as the email is opened. I think that
there's a patch for this stupid hole. (*sigh* The number of times I've
told friends never to send me "cute" .exe files because I will *not* run
them...)
Ron of that ilk.
Ralph Hilton
-0400 in msg <z9uT6.32775$_5.37...@news20.bellglobal.com>, :
>From Steve Gibson's DDOS page:
>http://grc.com/dos/grcdos.htm
>
>The lights may be on, but nobody's @Home
>The sporner just whacked was a sfba machine. Hmm... a detection method
>for the Sub7Server Trojan might be useful. (It might be possible to use
>the same hole to immediately shut off the sporn, but that'd be ethically
>dodgy.) It would be nice to know if Co$ (or who ever) is using
>throw-away accounts like the last time, or hijacked zombie computers.
I think it very unlikely that they are using zombie bots. If they were then
I would have expected to see a series of other, far more damaging, DOS
attacks.
--
Ralph Hilton
http://www.fzint.org/rhilton
Freezone International: http://www.fzint.org
C-Meter: http://www.inquisitive-instruments.co.uk/
©Anti-Cult® - www.users.wineasy.se/noname/
In Message-ID: <3b1e7cad...@news.tdl.com>Wrote on the subject: Re: Frog2 Re: Zombie porn spam?:
Come one Phil, that's not at all what happens. Don't get paranoid on us
will ya?
The zombie has to be sneaked into the puter with an attachement, and the
idiot receiving said attachement have to click it too.
>
>Not all critics are computer specialists you know. That doesnt mean they are
>idiots. In fact Sten, Id bet you 100 to 1 odds that you are unable to do
>quality brain surgery.. doesnt mean you are an idiot. Just means that brain
>surgery isnt your specialty.
>
>In my case I am an industrial systems engineer, that takes most of my time, I
>have not spent the time required to become a hacker or maintain those skills...
>we are the targets of the hacking though.
>
>From what Ive seen Black Ice for instance supposedly a good program has failed
>in a number of cases, there will it seems always be ways to defeat security
>programs used by regular citizens if Gibsons experience is any clue.
>
>Phil Scott
>>
>>Sten-Arne
Yeah well, keep the paranoia Phil. I can live without it, and your
credibility will go to hell, if you ever had any...
Knowledge is the answer to paranoia, and all you need to know is
available at the click of the mouse.
Sten-Arne
©Anti-Cult® - www.users.wineasy.se/noname/
In Message-ID: <3b1e7ec8...@news.tdl.com>Wrote on the subject: Re: Frog2 Re: Zombie porn spam?:
>On Wed, 06 Jun 2001 20:39:56 +0200, ©Anti-Cult® - www.users.wineasy.se/noname/
><Anti...@galacticfederation.homeip.net> wrote:
>
>
>>Aw for fucks sake, first the zombie has to be put on the puter, either
>>by an E-mail attachement, or by directly copying it to the HD.
>
>Gibson seemed to indicate that the zombie could be inserted by other means, no
>need for it to come in as an attachment etc.
Bullfucking shit!
>
>btw. I have not opened an attachment from even fairly well know sources in 5
>years.
Then you are pretty safe.
>
>
>>and who is stupid enough not to have a good and up to
>>date virus program?
>
>I guess 'good' is relative, Gibson said Black Ice for instance didnt work on the
>zombies.
Well, the zombie itself doesn't come crawling into the puter via some
open port per se. It does indeed come via mail attachement, or other
stupid file downloads and execustion thereof.
>
>>
>>However, of course if such a zombie was created as a news program,
>>capable of being connected to from outside, of course it would be
>>possible to hijack the puter it was put on.
>
>Thats interesting isnt it? Could the cult use this to insert zombies that take
>over ones computer and can be controlled by the 'zombie master' as he calls them
>to say for instance issue kiddie porn from ones computer?
NO THEY CAN'T. NOT UNLESS YOU RUN UNKNOWN STUPID ATTACHEMENTS, OR RUN
FILES YOU DON'T KNOW ANYTHING ABOUT!
Was that clear enough?
>
Sten-Arne
©Anti-Cult® - www.users.wineasy.se/noname/
In Message-ID: <iOvT6.33189$_5.38...@news20.bellglobal.com>
From: "Android Cat" <androi...@hotmail.com>.
Organization: Bell Nexxia.
Wrote on the subject: Re: Frog2 Re: Zombie porn spam?:
Well, OE is outlawed on every damned puter I administer. It's crap,
crap, and then some crap!
If people refuse to stop using OE, then I refuse to take responsibility
of that puter. Easy as that.
Sten-Arne
Android Cat
news:3b1e7ec8...@news.tdl.com...
> On Wed, 06 Jun 2001 20:39:56 +0200, ©Anti-Cult® -
www.users.wineasy.se/noname/
> <Anti...@galacticfederation.homeip.net> wrote:
>
>
> >Aw for fucks sake, first the zombie has to be put on the puter,
either
> >by an E-mail attachement, or by directly copying it to the HD.
>
> Gibson seemed to indicate that the zombie could be inserted by other
means, no
> need for it to come in as an attachment etc.
>
> btw. I have not opened an attachment from even fairly well know
sources in 5
> years.
No, the trojan has to be run first. Then it listens on a port.
> >and who is stupid enough not to have a good and up to
> >date virus program?
>
> I guess 'good' is relative, Gibson said Black Ice for instance didnt
work on the
> zombies.
I don't think Gibson described Black Ice as "good". :^)
> >
> >However, of course if such a zombie was created as a news program,
> >capable of being connected to from outside, of course it would be
> >possible to hijack the puter it was put on.
>
> Thats interesting isnt it? Could the cult use this to insert zombies
that take
> over ones computer and can be controlled by the 'zombie master' as he
calls them
> to say for instance issue kiddie porn from ones computer?
That zombie program could allow someone to remotely do *anything* with
it. Send bogus emails, news, etc. As well, files could be
upload/download/modified. So threatening emails could be sent to, say,
the president of the United States, and incriminating files left on the
computer for the Secret Service to find.
But you have to either open the door for them or leave it open.
Take the security holes I found Gregg's machine last year: I could have
mounted his hard drive, copied the trojan to it, and then modified his
autoexec.bat to run it the next time he rebooted. When he did, I would
own his machine. (Rather than merely being able to delete/modify all
this files. :^)
Even a user with a dialup connection could be gotten by a trojan that
"phones home" when connected.
So it's always important to make sure that your computer is locked down
tight -- and trust no executables.
Ron of that ilk.
Phil Scott
<Anti...@galacticfederation.homeip.net> wrote:
Is it true as some say that email sent in HTML format can carry trojans, or
zombies etc. HTML being an executable file when sent as email.?
The culties posting to ACT for a long time had an almost exclusive habit of
sending me HTML formatted email.... in that time frame I had a lot of computer
crashes. Since that time, I dont get HTML formatted email anymore and my
computer has been quite stable.
Phil Scott
Android Cat
news:3B1E861F...@spam.me.not.sunpoint.net...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Phil Scott wrote:
> >
> > On Wed, 06 Jun 2001 20:39:56 +0200, ©Anti-Cult® -
> > www.users.wineasy.se/noname/
> > <Anti...@galacticfederation.homeip.net> wrote:
> >
> > >Aw for fucks sake, first the zombie has to be put on the puter,
> > >either by an E-mail attachement, or by directly copying it to the
> > >HD.
> >
> > Gibson seemed to indicate that the zombie could be inserted by
> > other means, no need for it to come in as an attachment etc.
>
> That would be basically impossible, unless someone used some really
> strange buffer overflow exploits in certain software. Generally
> speaking, unless you or someone else executes the "zombie" file (or
> anything else), it won't become active. Just common sense.
If someone has a local area network and shares files, Windows will by
*default* open those shares to the Internet connection too. An open
port 137 is pretty easy to scan for. If your C: drive is writable,
you'll be toast.
> That was a hypotethical situation. Reading a bit of news won't get
> you infected with anything, as far as I know. Unless, of course, the
> Micro$oft newsreader runs inline VBScript, in which case you could
> get a script virus. Sounds unlikely, though. Very unlikely, since it
> hasn't been exploited yet.
Oh great, and now you went and told them! :^)
Ron of that ilk.
Android Cat
news:tr1tht04bivan8479...@4ax.com...
> "Android Cat" <androi...@hotmail.com> wrote on Wed, 6 Jun 2001
13:52:33
> -0400 in msg <z9uT6.32775$_5.37...@news20.bellglobal.com>, :
>
> >From Steve Gibson's DDOS page:
> >http://grc.com/dos/grcdos.htm
> >
> >The lights may be on, but nobody's @Home
>
> >The sporner just whacked was a sfba machine. Hmm... a detection
method
> >for the Sub7Server Trojan might be useful. (It might be possible to
use
> >the same hole to immediately shut off the sporn, but that'd be
ethically
> >dodgy.) It would be nice to know if Co$ (or who ever) is using
> >throw-away accounts like the last time, or hijacked zombie computers.
>
> I think it very unlikely that they are using zombie bots. If they were
then
> I would have expected to see a series of other, far more damaging, DOS
> attacks.
True, it's unlikely--they'd have to find someone as capable as a 13 year
old script-kiddie. Could be tough! :^)
Ron of that ilk.
Thomas Oakley
Hash: SHA1
Android Cat wrote:
>
> "Thomas Oakley" <dark...@spam.me.not.sunpoint.net> wrote in
> message news:3B1E861F...@spam.me.not.sunpoint.net...
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > Phil Scott wrote:
> > >
> > > On Wed, 06 Jun 2001 20:39:56 +0200, ©Anti-Cult® -
> > > www.users.wineasy.se/noname/
> > > <Anti...@galacticfederation.homeip.net> wrote:
> > >
> > > >Aw for fucks sake, first the zombie has to be put on the
> > > >puter, either by an E-mail attachement, or by directly copying
> > > >it to the HD.
> > >
> > > Gibson seemed to indicate that the zombie could be inserted by
> > > other means, no need for it to come in as an attachment etc.
> >
> > That would be basically impossible, unless someone used some
> > really strange buffer overflow exploits in certain software.
> > Generally speaking, unless you or someone else executes the
> > "zombie" file (or anything else), it won't become active. Just
> > common sense.
>
> If someone has a local area network and shares files, Windows will
> by *default* open those shares to the Internet connection too. An
> open port 137 is pretty easy to scan for. If your C: drive is
> writable, you'll be toast.
Ah, yes, that's true, the damn NetBEUI et al. Firewalls come in
handy there, though.
Man, I'm just not used to Windows' "security" features (oxymoron?).
If I had a Linux-compatible ISDN card, I'd use it 24/7. Buggered if I
can get any drivers for the POS, though. That's why I'm buying an SGI
Indy R5000PC ;)
> > That was a hypotethical situation. Reading a bit of news won't
> > get you infected with anything, as far as I know. Unless, of
> > course, the Micro$oft newsreader runs inline VBScript, in which
> > case you could get a script virus. Sounds unlikely, though. Very
> > unlikely, since it hasn't been exploited yet.
>
> Oh great, and now you went and told them! :^)
>
> Ron of that ilk.
Hah, got me there ;) Seriously speaking, though, does Outlook run
inline VBScript? That'd mean you only have to *look* at a mail to
unleash gobs of scripty nastiness on yourself. This is exactly why I
try to avoid M$ products. Ick.
- --T. Oakley-------
- --Gnarb-----------
- --ID: 0x84660AD1--
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBOx6XaEsUEceEZgrREQI1SgCfZQbUUVQOq00CicryZK7RwZA9uB0AoJDc
OSH8HDR9xsJGXegSeu9ZfaUn
=VKsT
-----END PGP SIGNATURE-----
Android Cat
I'm not sure what the limits of HTML in email are, but *I* sure wouldn't
read it in anything other than text format. I got spam once that some
code to cause a banner ad hit. (Spam 10,000 people and get a whole lot
of banner ad hit.) I notified the banner company about the spammer.
Ron of that ilk.
Ed
Android Cat wrote:
>
> "ŠAnti-CultŽ - www.users.wineasy.se/noname/"
Here is how Outlook Express can be set to avoid the problem
above. This is from a list, I don't use OE.
Ed
--------begin quote--
Outlook Express is the most vulnerable email client for viruses. The
following information will help you protect your computer and lower
the risk
of infection. Changing your settings in OE and IE are two things that
should
be a priority for protecting yourself and lowering the risk of
infection.
Bellow you'll find a walk through for changing the settings that
create the
risk of infection.
Preview Pane: If you have Outlook Express, you may know that it's one
of the
main targets of viruses. What you may not know is why, or how to fix
it. One
reason it's vulnerable is because of the preview pane. That's the
option that
automatically opens any email you highlight. It's also the way to get
a virus
that isn't attached, it's actually inside the body of the email.
Once you
open it, you catch the virus. Here's how to fix that little mess.
WHY-EEE
Outlook Express doesn't make this clear to it's users is beyond me.
Anyway...
Open Outlook Express and click on View then the Layout tab. You see
that
little option for the Preview Pane? Uncheck that little box. Now you
can't
preview any email you receive, you'll have to double click on them to
read
them. That way, when you read about a new virus, you have a better
chance of
avoiding it because it won't automatically be opened when you
highlight it.
Be careful not to delete any of your email while it's open because if
you
do... the next email will open up automatically. So, click out of any
unwanted email first, then delete.
HTML Settings: Now that we can receive email coded with html, there is
a risk
of getting an embedded virus or worm inside the HTML code. . There
are two
options to remove this vulnerability. Disable "Active Scripting" in
the
"Restricted Sites" zone and set E-Mail to run in the "Restricted
Sites" zone.
To do this: Open Internet Explorer. Select the Tools/Internet
Options then
select the Security Tab, click Restricted Sites icon, select "Custom
Level"
scroll down to "Active Scripting" and set it to Disable or Prompt,
click OK.
Open Outlook Select Tools/Options, then click the Security Tab. In the
"Security Zones" section, select the "Restricted Sites" zone. Another
way to
protect your friends from getting a bug or virus from your email is to
turn
off the HTML settings for sending email.
Open Outlook Select Tools/Options, then click on the Send tab. Note
the two
options bellow for html or plan text. Check both plain text options.
Click
OK. You're done. To disable 'Active Scripting' in the 'Restricted
Sites' zone
and set E-Mail to run in the 'Restricted Sites' zone. Optional Change:
Open
Internet Explorer
Select Tools/Options, then click the Security tab, click the
Restricted Sites
icon, click 'Custom Level', scroll down to 'Active Scripting' and set
it to
Disable or Prompt, click OK.
Open Outlook Select Tools/Options, then click the Security Tab. In the
'Security Zones' section, choose the 'Restricted Sites' zone.
-----end----
Phil Scott
<dark...@spam.me.not.sunpoint.net> wrote:
> Hah, got me there ;) Seriously speaking, though, does Outlook run
>inline VBScript? That'd mean you only have to *look* at a mail to
>unleash gobs of scripty nastiness on yourself. This is exactly why I
>try to avoid M$ products. Ick.
Anyone have any comment on this? Frog?
Phil Scott
Phil Scott
wrote:
>"Phil Scott" <phils...@hotmail.com> wrote in message
>news:3b1e9197...@news.tdl.com...
>> On Wed, 06 Jun 2001 22:10:37 +0200, ©Anti-Cult® -
>www.users.wineasy.se/noname/
>> <Anti...@galacticfederation.homeip.net> wrote:
>>
>>
>> Is it true as some say that email sent in HTML format can carry
>trojans, or
>> zombies etc. HTML being an executable file when sent as email.?
>>
>> The culties posting to ACT for a long time had an almost exclusive
>habit of
>> sending me HTML formatted email.... in that time frame I had a lot of
>computer
>> crashes. Since that time, I dont get HTML formatted email anymore
>and my
>> computer has been quite stable.
>
>I'm not sure what the limits of HTML in email are, but *I* sure wouldn't
>read it in anything other than text format.
Well what do you do, the email is on your list and you dont find out its HTML
until you open it... so there you are reading the damn HTML email. It had been
posted previously that since HTML email was executing that it has been used as a
carrier for virus's. Seems that a zombie could be implanted that way too.
Can Sten or anyone comment on this? I find your comment that *you wouldnt read
it in HTML format a bit unnerving.
Phil Scott
Thomas Oakley
Hash: SHA1
Phil Scott wrote:
>
> On Wed, 06 Jun 2001 23:49:48 +0300, Thomas Oakley
> <dark...@spam.me.not.sunpoint.net> wrote:
>
> > Hah, got me there ;) Seriously speaking, though, does Outlook
> > run
> >inline VBScript? That'd mean you only have to *look* at a mail to
> >unleash gobs of scripty nastiness on yourself. This is exactly why
> >I try to avoid M$ products. Ick.
>
> Anyone have any comment on this? Frog?
>
> Phil Scott
Here's one take on the issue. Quite accurate as well:
http://www.satirewire.com/news/0103/outlook.shtml
- --T. Oakley-------
- --Atiresay--------
- --ID: 0x84660AD1--
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBOx6dBUsUEceEZgrREQIkngCg1LRaddrQOxkXkprMbM3fJdH3OGgAoJq7
r8149dh470GrjOtGNJwTrj9Y
=ADGD
-----END PGP SIGNATURE-----
©Anti-Cult® - www.users.wineasy.se/noname/
In Message-ID: <3b1e9ce1...@news.tdl.com>
From: phils...@hotmail.com (Phil Scott).
Organization: The Diamond Lane.
Wrote on the subject: Re: Frog2 Re: Zombie porn spam?:
>On Wed, 6 Jun 2001 16:52:57 -0400, "Android Cat" <androi...@hotmail.com>
>wrote:
>
>>"Phil Scott" <phils...@hotmail.com> wrote in message
>>news:3b1e9197...@news.tdl.com...
>>> On Wed, 06 Jun 2001 22:10:37 +0200, ©Anti-Cult® -
>>www.users.wineasy.se/noname/
>>> <Anti...@galacticfederation.homeip.net> wrote:
>>>
>>>
>>> Is it true as some say that email sent in HTML format can carry
>>trojans, or
>>> zombies etc. HTML being an executable file when sent as email.?
>>>
>>> The culties posting to ACT for a long time had an almost exclusive
>>habit of
>>> sending me HTML formatted email.... in that time frame I had a lot of
>>computer
>>> crashes. Since that time, I dont get HTML formatted email anymore
>>and my
>>> computer has been quite stable.
>>
>>I'm not sure what the limits of HTML in email are, but *I* sure wouldn't
>>read it in anything other than text format.
>
>Well what do you do, the email is on your list and you dont find out its HTML
>until you open it... so there you are reading the damn HTML email. It had been
>posted previously that since HTML email was executing that it has been used as a
>carrier for virus's. Seems that a zombie could be implanted that way too.
Since I see that you are using Agent, and Agent is not HTML capable, you
would get an icon (HTML) whenever any E-mail or usenet article was in
HTML. Clicking on that icon would open your browser, and then executing
the HTML code. I never, repeat, NEVER ever open any HTML E-mail, or
usenet article, without first having checked it from within Agent, menu
options "Message/Show Raw Message"
>
>Can Sten or anyone comment on this? I find your comment that *you wouldnt read
>it in HTML format a bit unnerving.
I have commented, and anyone sending anything else than pure text
messages to me, is likely to not having that message read at all. All
depending on of course, if I feel that I have the time to check the
source code or not.
>
>Phil Scott
>
Sten-Arne
>
>
>> I got spam once that some
>>code to cause a banner ad hit. (Spam 10,000 people and get a whole lot
>>of banner ad hit.) I notified the banner company about the spammer.
>>
>>Ron of that ilk.
>>
>>
>>
--
Phil Scott
wrote:
>"Ralph Hilton" <aon.91...@aon.at> wrote in message
Thats what i thought, I was being paranoid for nothing...
>
>Ron of that ilk.
>
>
>
Phil Scott
<dark...@spam.me.not.sunpoint.net> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>Phil Scott wrote:
>>
>> On Wed, 06 Jun 2001 23:49:48 +0300, Thomas Oakley
>> <dark...@spam.me.not.sunpoint.net> wrote:
>>
>> > Hah, got me there ;) Seriously speaking, though, does Outlook
>> > run
>> >inline VBScript? That'd mean you only have to *look* at a mail to
>> >unleash gobs of scripty nastiness on yourself. This is exactly why
>> >I try to avoid M$ products. Ick.
>>
>> Anyone have any comment on this? Frog?
>>
>> Phil Scott
>
> Here's one take on the issue. Quite accurate as well:
> http://www.satirewire.com/news/0103/outlook.shtml
that was interesting, but you still have to open an attachment or exe file for
the virus to get in your computer no? Or will just reading the email do it, if
it is in HTML format.
I would sure like to see more details on this subject. If the cultie hackers
can find a way to get zombies into a persons computer passively, you see how
that could be a problem especially if as Gibson says they can use the zombie to
send emails and posts from ones computer, and plant say porn etc undetected...
thiings could get real messy fast.
Phil Scott
Boudewijn van Ingen
You just gave me an idea. let me chew on this for a bit...
Groeten,
Boudewijn.
Jeff Lee
wrote:
>
>Can Sten or anyone comment on this? I find your comment that *you wouldnt read
>it in HTML format a bit unnerving.
You'll find a lot of people who were on the Internet in its early days
are the same way, especially people who got their start in Unix, where
the "one task, one tool" paradigm was (and still is) very popular.
Once upon a time, mail and news were plain-text-only media. They were
just for communicating, not for writing advertising brochures or
desktop-publishing style newsletters. The text -- the message you
were trying to convey -- was the important thing, not fancy fonts or
images.
HTML increases the size of the message. Not only because of the
markup tags, but because messages containing HTML formatting need to
contain a second, plain-text copy for the use of mail clients that
don't display HTML.
HTML messages *can* pose a security risk, especially if you're silly
enough to enable scripting languages in your reader.
And there's also the "Bah! Pointless newfangled frippery!" factor.
I fall into the category of people who hate HTML email. Not because
I'm afraid of it, but because (IMHO) it's completely unnecessary. If
I want to mark something up in HTML, I'll put up a Web page.
Bah! Humbug!
--
Jeff Lee je...@shipbrook.comNOSPAM http://www.shipbrook.com/jeff/
"The only thing that helps me maintain my slender grip on reality
is the friendship I share with my collection of singing potatoes."
©Anti-Cult® - www.users.wineasy.se/noname/
In Message-ID: <3b1ea9aa$1...@news2.lightlink.com>
From: ptsc <ptsc AT nym DOT alias DOT net>.
Organization: Lightlink Internet.
Wrote on the subject: Re: Frog2 Re: Zombie porn spam?:
>On Wed, 06 Jun 2001 22:07:18 +0200, ©Anti-Cult® -
>www.users.wineasy.se/noname/ <Anti...@galacticfederation.homeip.net>
>wrote:
>
>>Come one Phil, that's not at all what happens. Don't get paranoid on us
>>will ya?
>
>>The zombie has to be sneaked into the puter with an attachement, and the
>>idiot receiving said attachement have to click it too.
>
>No it doesn't. There are other ways of getting it there, the most
>obvious being copying it directly onto their hard drive over the
>Internet through an open NetBIOS share.
>
>ptsc
Yeah well, of course. However I doubt that many people here have
networked computers, and network shared folders, and on top of that non
pwd protected such. Having shared folders/drives on a non networked
puter, sounds so silly that it's not even worth commenting on.
Those that have, should learn to unbind unneccessary protocols
naturally.
©Anti-Cult® - www.users.wineasy.se/noname/
In Message-ID: <3b1e...@news2.lightlink.com>
From: ptsc <ptsc AT nym DOT alias DOT net>.
Organization: Lightlink Internet.
>On Wed, 06 Jun 2001 20:39:56 +0200, ©Anti-Cult® -
>www.users.wineasy.se/noname/ <Anti...@galacticfederation.homeip.net>
>wrote:
>
>>On Wed, 06 Jun 2001 18:39:57 GMT.
>>In Message-ID: <3b1e777d...@news.tdl.com>
>>From: phils...@hotmail.com (Phil Scott).
>>Organization: The Diamond Lane.
>>Wrote on the subject: Frog2 Re: Zombie porn spam?:
>
>>>Frog2, can you comment on this post. It seems that if Gibson is correct, that
>>>the zombi tactic could be used to produce credible sporn from a critics
>>>computer..and then be used to prosecute him or invalidate him in court on some
>>>other set up charges. Something like the Henson. or Erlich cases.
>
>>>To win the case you would have to first be allowed to educate a jury in how the
>>>zombie operates, then prove it was a zombie to the jury.. that might be costly
>>>no?
>
>>>If you fail or are not allowed, as in the henson case, you get to spend a bit
>>>of time in the slammer, and labled rather badly as it were.
>
>>>Or am I off on some point here.
>
>>Aw for fucks sake, first the zombie has to be put on the puter, either
>>by an E-mail attachement, or by directly copying it to the HD. The
>>zombie prg has to be run once, to make it do it's initial business.
>
>>Who in these days are stupid enough to run a received attachment from
>>unknown parties, and who is stupid enough not to have a good and up to
>>date virus program?
>
>That, or leave their NetBIOS port open with a hard drive shared and no
>password. You'd be surprised. Check 64.2.3.198 out for
>starters--which is interesting because it doesn't appear to be a
>NetBIOS share.
>
>Perhaps it's something else, like a command interface for a zombie.
>
>>However, of course if such a zombie was created as a news program,
>>capable of being connected to from outside, of course it would be
>>possible to hijack the puter it was put on.
>
>>That said, I can't feel sorry for anyone stupid enough to run unknown
>>attachements, so if some critic is being attacked in this way, keeping
>>in mind how easy it is to defend youself...
>
>That, or have NetBIOS enabled over TCP/IP with a shared hard drive
>with no password, or a really stupid one. Then someone drops a trojan
>installer into your Startup folder and your machine is a zombie when
>you next reboot.
>
>Someone has stated that every machine used in this sporge has port 139
>open, which would seem to indicate something. Frankly, I've only seen
>one, but I haven't been checking them very diligently either.
>
>ptsc
Yeah well, puters with always on Internet connection are more often than
not, so poorly configured that the owner should be whacked with many
clue sticks.
Sten-Arne
©Anti-Cult® - www.users.wineasy.se/noname/
Well, the most interesting part there, while checking out 64.2.3.198,
was that my firewall blocked access attempts to my puter from
24.104.7.35, however that turns out to be you.
And, friend, you can't access anything else than the index file, for
reasons I'm not prepared to tell :-)
24.104.7.35, -, 2001-06-07, 00:17:31, W3SVC, SERVER, 213.65.104.153, 30,
19, 203, 404, 3, hax0red, by, -,
24.104.7.35, -, 2001-06-07, 00:17:41, W3SVC, SERVER, 213.65.104.153,
731, 30, 0, 200, 0, HEAD, /index.html, -,
24.104.7.35, -, 2001-06-07, 00:17:42, W3SVC, SERVER, 213.65.104.153, 0,
30, 111, 404, 2, HEAD, /_vti_pvt, -,
24.104.7.35, -, 2001-06-07, 00:17:44, W3SVC, SERVER, 213.65.104.153, 0,
30, 111, 404, 2, HEAD, /iisadmin, -,
24.104.7.35, -, 2001-06-07, 00:17:45, W3SVC, SERVER, 213.65.104.153, 0,
30, 111, 404, 2, HEAD, /samples, -,
ZoneAlarm:
FWIN,2001/06/07,00:17:28 +2:00
GMT,24.104.7.35:2607,213.65.104.153:21,TCP (flags:S)
FWIN,2001/06/07,00:17:28 +2:00
GMT,24.104.7.35:2608,213.65.104.153:23,TCP (flags:S)
FWIN,2001/06/07,00:17:30 +2:00
GMT,24.104.7.35:2614,213.65.104.153:111,TCP (flags:S)
FWIN,2001/06/07,00:17:30 +2:00
GMT,24.104.7.35:2615,213.65.104.153:139,TCP (flags:S)
FWIN,2001/06/07,00:17:30 +2:00
GMT,24.104.7.35:2616,213.65.104.153:443,TCP (flags:S)
FWIN,2001/06/07,00:17:31 +2:00
GMT,24.104.7.35:2618,213.65.104.153:8181,TCP (flags:S)
Stop it ptsc :-)
Sten-Arne
>
>Perhaps it's something else, like a command interface for a zombie.
>
>>However, of course if such a zombie was created as a news program,
>>capable of being connected to from outside, of course it would be
>>possible to hijack the puter it was put on.
>
>>That said, I can't feel sorry for anyone stupid enough to run unknown
>>attachements, so if some critic is being attacked in this way, keeping
>>in mind how easy it is to defend youself...
>
>That, or have NetBIOS enabled over TCP/IP with a shared hard drive
>with no password, or a really stupid one. Then someone drops a trojan
>installer into your Startup folder and your machine is a zombie when
>you next reboot.
>
>Someone has stated that every machine used in this sporge has port 139
>open, which would seem to indicate something. Frankly, I've only seen
>one, but I haven't been checking them very diligently either.
>
>ptsc
--
©Anti-Cult® - www.users.wineasy.se/noname/
In Message-ID: <3b1e...@news2.lightlink.com>
From: ptsc <ptsc AT nym DOT alias DOT net>.
Organization: Lightlink Internet.
>On Wed, 06 Jun 2001 22:10:37 +0200, ©Anti-Cult® -
>www.users.wineasy.se/noname/ <Anti...@galacticfederation.homeip.net>
>wrote:
>
>>>>Aw for fucks sake, first the zombie has to be put on the puter, either
>>>>by an E-mail attachement, or by directly copying it to the HD.
>
>>>Gibson seemed to indicate that the zombie could be inserted by other means, no
>>>need for it to come in as an attachment etc.
>
>>Bullfucking shit!
>
>Look at these machines. According to one observer port 139 is open on
>all of them at the time of sporging. (Personally I've only noticed
>the one, 24.6.3.198, which is open right now as I speak.)
>
>If there's an open share there (there isn't on 24.6.3.198 *now* though
>there may have been before our 'friend' got to it) that can be
>exploited in a number of ways. In fact, it can easily be turned into
>full control of the machine. (Port 139 being open is default
>configuration for Windoze machines.) Yours is closed.
>
>ptsc
24.6.3.198 is open like a barns door right now. Since I refuse to hack
anything, I will not take advantage of this. However, others are taking
advantage of it, by using this to post porno spam to ARS.
Port 7 (Echo)
Port 13 (Daytime)
Port 21 (FTP)
Port 23 (Telnet)
Port 25 (SMTP)
Port 37 (Time)
Port 43 (Whois)
Port 70 (Gopher)
Port 79 (Finger)
Port 80 (WWW)
Port 110 (POP3)
Port 119 (NNTP)
Port 139 (nbsession)
Port 194 (IRC)
Phil Scott
<Anti...@galacticfederation.homeip.net> wrote:
I read and post the NG via agent, i get email via hotmail.
The html hotmail comes in I believe undetectably and you dont see its HTML until
you open it... I could be wrong I havent looked for an html indicator yet.
So can you address the issue then of zombie code being slipped into ones
computer by that route?
Phil Scott
Phil Scott
>On Wed, 06 Jun 2001 21:16:50 GMT, phils...@hotmail.com (Phil Scott)
>wrote:
>>
>>Can Sten or anyone comment on this? I find your comment that *you wouldnt read
>>it in HTML format a bit unnerving.
>
>You'll find a lot of people who were on the Internet in its early days
>are the same way, especially people who got their start in Unix, where
>the "one task, one tool" paradigm was (and still is) very popular.
>
>Once upon a time, mail and news were plain-text-only media. They were
>just for communicating, not for writing advertising brochures or
>desktop-publishing style newsletters. The text -- the message you
>were trying to convey -- was the important thing, not fancy fonts or
>images.
>
>HTML increases the size of the message. Not only because of the
>markup tags, but because messages containing HTML formatting need to
>contain a second, plain-text copy for the use of mail clients that
>don't display HTML.
>
>HTML messages *can* pose a security risk, especially if you're silly
>enough to enable scripting languages in your reader.
Thank you very much... however such sillyness term would only apply to competent
hacker type if they made the mistatke
, those hundreds of millions of us who make our livings as butchers, bakers,
brain surgeons and indusrial engineers are not up on that stuff, and really
unless we switch careers likely never will be... and its NOT just this one
issue, I am sure there are hundreds of ways a person can get screwed via his
computer/net set up.
Phil Scott
Phil Scott
<Anti...@galacticfederation.homeip.net> wrote:
OK you guys are loosing me now....does the discussion regarding open ports on
various machines mean that someone could place zombie code in the machine and
take it over?
If so...then it does appear that the average joe critic computer user, non
hacker type could get screwed rather easily, that is framed by the cult with
sporge etc from his own computer by a zombie master running his machine.... and
that you do NOT have to open an a email attachment to get infected... and it can
be done easily by various other means discussed in this thread.
For a critic that the cult routinely targets to set up for crimes, I'd say thats
an issue. Or am I still missing something?
Phil Scott
Jeff Lee
>>
>> HTML messages *can* pose a security risk, especially if you're silly
>> enough to enable scripting languages in your reader.
>
> Thank you very much... however such sillyness term would only apply to competent
> hacker type if they made the mistatke
>
> , those hundreds of millions of us who make our livings as butchers, bakers,
> brain surgeons and indusrial engineers are not up on that stuff, and really
> unless we switch careers likely never will be... and its NOT just this one
> issue, I am sure there are hundreds of ways a person can get screwed via his
> computer/net set up.
I do apologize, Phil, you're absolutely right.
I should have written, "... especially if you're unfortunate enough to be
using an email client written by programmers lacking the foresight to
disable scripting languages by default, due to the potential for abuse."
©Anti-Cult® - www.users.wineasy.se/noname/
In Message-ID: <3b1eb4cc...@news.tdl.com>
Yes, that's already been posted about in this thread I believe, or
perhaps it was in another similar thread. Unfortunately I didn't save
the authors name, I believe it was Ed though. I have the article saved
of course, but to save time I'll just take the text from my Clipboars
manager. Here's a cut/paste of everything you should do with IE/Outlook.
In the case of your HTML question, scroll down to that part, however you
really should make sure that you configure the whole IE/OE package, as
suggested below.
Sten-Arne
--------begin quote--
Scripting" in the "Restricted Sites" zone and set E-Mail to run in the
"Restricted Sites" zone. To do this: Open Internet Explorer. Select
the Tools/Internet Options then select the Security Tab, click
Restricted Sites icon, select "Custom Level" scroll down to "Active
Scripting" and set it to Disable or Prompt, click OK.
Open Outlook Select Tools/Options, then click the Security Tab. In the
"Security Zones" section, select the "Restricted Sites" zone. Another
way to protect your friends from getting a bug or virus from your
email is to turn off the HTML settings for sending email.
Open Outlook Select Tools/Options, then click on the Send tab. Note
the two options bellow for html or plan text. Check both plain text
options. Click OK. You're done. To disable 'Active Scripting' in the
'Restricted Sites' zone and set E-Mail to run in the 'Restricted
Sites' zone. Optional Change: Open Internet Explorer Select
Tools/Options, then click the Security tab, click the Restricted Sites
icon, click 'Custom Level', scroll down to 'Active Scripting' and set
it to Disable or Prompt, click OK.
Open Outlook Select Tools/Options, then click the Security Tab. In the
'Security Zones' section, choose the 'Restricted Sites' zone.
-----end----
©Anti-Cult® - www.users.wineasy.se/noname/
In Message-ID: <3b1eb78b...@news.tdl.com>
>On Thu, 07 Jun 2001 00:40:12 +0200, ©Anti-Cult® - www.users.wineasy.se/noname/
><Anti...@galacticfederation.homeip.net> wrote:
>
>
>OK you guys are loosing me now....does the discussion regarding open ports on
>various machines mean that someone could place zombie code in the machine and
>take it over?
Well, if the netbios port is open, and the puter is setup with non pwd
protected Drive/Folder/file shares, it is possible to do that yes. If
not, it takes an attachment and running of said attachement, or to
download and run a trojan program.
Hell, the simple answer to all this, is that if you don't know what
you're doing, and what file shares and netbios and such things are, then
you ARE indeed vurnerable to many different attacks on the net.
I suggest that you buy yourself some book about networking actually, and
spend some hours learning about shares and such things. However, the
most important thing IMO is to use a firewall, ZoneAlarm from
www.zonelabs.com will indeed protect you from lots of attack attempts.
Also find out how you unbind the Netbios from your particular version of
Windoze, in that way you'll save youself from lots of potential
problems.
Sten-Arne
>
>If so...then it does appear that the average joe critic computer user, non
>hacker type could get screwed rather easily, that is framed by the cult with
>sporge etc from his own computer by a zombie master running his machine.... and
>that you do NOT have to open an a email attachment to get infected... and it can
>be done easily by various other means discussed in this thread.
But it IS easy to protect yourself. I repeat "unbinding Netbios",
install ZoneAlarm
>
>For a critic that the cult routinely targets to set up for crimes, I'd say thats
>an issue. Or am I still missing something?
Well, we should not scare people too much, but there is indeed potential
problems. That's nothing new, these problems have existed for many many
years.
Sten-Arne
Phil Scott
<Anti...@galacticfederation.homeip.net> wrote:
Thanks for the advice, but I think some should be scared.. especially critics
that cult is targeting, at least enough to take your advice here and cover the
most vulnerable aspects.
From what I can tell if a zombie program uses your computer to send threats or
kiddie porn it will be difficult enough to disprove that you could end up in the
slammer writing long letters to the court about what a zombie is and the judge
would just say 'nice shore story'.... if you did manage to prevail it could be
years and thousands of dollars later.
Id say it *is a serious issue as Steve Gibson has described it... especially
with the latest versions of windows coming out... and the cults long term heroic
effforts sparing no cash, sometimes millions of dollars, to frame people.
Or is that an exageration?
Phil Scott
©Anti-Cult® - www.users.wineasy.se/noname/
In Message-ID: <3b1e...@news2.lightlink.com>
From: ptsc <ptsc AT nym DOT alias DOT net>.
Organization: Lightlink Internet.
Wrote on the subject: Re: Frog2 Re: Zombie porn spam?:
>On Thu, 07 Jun 2001 00:12:41 +0200, ©Anti-Cult® -
>www.users.wineasy.se/noname/ <Anti...@galacticfederation.homeip.net>
>wrote:
>
>>Yeah well, of course. However I doubt that many people here have
>>networked computers, and network shared folders, and on top of that non
>>pwd protected such. Having shared folders/drives on a non networked
>>puter, sounds so silly that it's not even worth commenting on.
>
>>Those that have, should learn to unbind unneccessary protocols
>>naturally.
>
>Lots of people who have cable modems are totally clueless and would
>just give you a dumb, sheeplike stare as soon as you said the word
>"protocol." Further, they probably didn't even install the software
>themselves, that was done by a service tech only a shade above
>clueless.
>
>Lots of people also have home networks, shared with something like
>InternetShare, and don't even know they're sharing their hard drives
>with the entire universe.
>
>ptsc
Sigh, I know...
This looks like it's time for some serious business, trying to help
people configuring their puters in safe mode. Unfortunately sine English
isn't my first language I would be the wrong person trying to help
English speakers.
www.grc.com had some good pages how to safely configure Win95/98/NT,
unbinding unnessecary protocols and such things, but www.grc.com seems
to be down now, thanks to the fucking DOS attack. I do have some of
those pages locally, but it'll take some HTML editing to make them work
as they should. Perhaps I'll simply put them up on my own server
tomorrow, at least until www.grc.com comes back up again.
Sten-Arne, trying my best not to fall into the paranoia trap :-)
©Anti-Cult® - www.users.wineasy.se/noname/
In Message-ID: <3b1ebe02...@news.tdl.com>
Well, let me clarify this a bit. With ZoneAlarm installed, you would be
alerted by a question from ZoneAlarm, if you really want to allow this
"zombie" with probably a random name, to access the net. If you answer
NO, which you of course would do whenever some to you unknown program or
application tries to access the net, then you are perfectly safe.
All the above of course if you by some unknown way have managed to get
your puter infected. If any unknown program tries to access the net,
then of course it's high time to remove that program.
Sten-Arne
ptsc
<aon.91...@aon.at> wrote:
>"Android Cat" <androi...@hotmail.com> wrote on Wed, 6 Jun 2001 13:52:33
>-0400 in msg <z9uT6.32775$_5.37...@news20.bellglobal.com>, :
>>The sporner just whacked was a sfba machine. Hmm... a detection method
>>for the Sub7Server Trojan might be useful. (It might be possible to use
>>the same hole to immediately shut off the sporn, but that'd be ethically
>>dodgy.) It would be nice to know if Co$ (or who ever) is using
>>throw-away accounts like the last time, or hijacked zombie computers.
>I think it very unlikely that they are using zombie bots. If they were then
>I would have expected to see a series of other, far more damaging, DOS
>attacks.
I think these attacks are very manual and ad hoc. It also could be
that a truly devastating attack would create such a counter-response
that it's been deemed inappropriate, when an annoying, irritating
attack will be allowed to go on longer and creates less of a
"footprint."
ptsc
ptsc
www.users.wineasy.se/noname/ <Anti...@galacticfederation.homeip.net>
wrote:
>Yeah well, of course. However I doubt that many people here have
>networked computers, and network shared folders, and on top of that non
>pwd protected such. Having shared folders/drives on a non networked
>puter, sounds so silly that it's not even worth commenting on.
>Those that have, should learn to unbind unneccessary protocols
>naturally.
Lots of people who have cable modems are totally clueless and would
Android Cat
<Anti...@galacticfederation.homeip.net> wrote in message
news:2sbthto84u42t0t6k...@ARSCC.Sweden.Dep.OSA.Surveillanc
e...
> On Wed, 06 Jun 2001 18:18:24 -0400.
> In Message-ID: <3b1e...@news2.lightlink.com>
> From: ptsc <ptsc AT nym DOT alias DOT net>.
> Organization: Lightlink Internet.
> Wrote on the subject: Re: Frog2 Re: Zombie porn spam?:
>
> >
on
> >all of them at the time of sporging. (Personally I've only noticed
> >the one, 24.6.3.198, which is open right now as I speak.)
> >
> >If there's an open share there (there isn't on 24.6.3.198 *now*
though
> >there may have been before our 'friend' got to it) that can be
> >exploited in a number of ways. In fact, it can easily be turned into
> >full control of the machine. (Port 139 being open is default
> >configuration for Windoze machines.) Yours is closed.
> >
> >ptsc
There are some Linux "exploits" that actually run around and plug up any
holes -- other than the one it itself installs...
The open NetBios port is a good clue. It's a pity that we don't know
what (if anything) the ISPs are finding out from their end. In a
perfect world, @home is letting the Woodhaven sporner continue as a
"honeypot" trap to catch the perps. Yeah, right!
>
> 24.6.3.198 is open like a barns door right now. Since I refuse to hack
> anything, I will not take advantage of this. However, others are
taking
> advantage of it, by using this to post porno spam to ARS.
Let's not mince words: Child Pornography -- the one "hot button" item
that police can get support and funding to track down. (Has *anyone*
clicked on those links? Not me.)
The ethics are damning. Is this like seeing someone break into a house,
and you enter or not to stop him? (And try explaining this to a court
later.) *sigh*, if only I had $cientology Brand Ethics, rather than
human ones.
> Port 7 (Echo)
> Port 13 (Daytime)
> Port 21 (FTP)
> Port 23 (Telnet)
> Port 25 (SMTP)
> Port 37 (Time)
> Port 43 (Whois)
> Port 70 (Gopher)
> Port 79 (Finger)
> Port 80 (WWW)
> Port 110 (POP3)
> Port 119 (NNTP)
> Port 139 (nbsession)
> Port 194 (IRC)
There's a fairly complete list at:
http://www.iana.org/assignments/port-numbers
Ron of that ilk.
Boudewijn van Ingen
wrote:
>On Wed, 06 Jun 2001 20:39:56 +0200, ?Anti-Cult? - www.users.wineasy.se/noname/
><Anti...@galacticfederation.homeip.net> wrote:
>
>
>>Aw for fucks sake, first the zombie has to be put on the puter, either
>>by an E-mail attachement, or by directly copying it to the HD.
>
>Gibson seemed to indicate that the zombie could be inserted by other means, no
>need for it to come in as an attachment etc.
The _first_ zombie needs to be actually *run*, like any other virus.
Subsequent versions or updates can then be installed, because the
first zombie will open some way for them and run them in turn.
If you have installed and enabled the NETBEUI stuff in your network
configuration, and also have enabled file sharing as well as printer
sharing on your machine, and if that machine is directly connected to
the Internet for extended periods at a time without any extra
protection (I think this list of conditions is more or less complete),
it is technically possible to install such a virus from the Internet
on your computer. However this method has some considerable drawbacks
for the hacker. For obvious reasons I won't go into details. ;-)
Another, (perhaps even more common) technique to get some virus into
your computer and also get it running, is through clever use of the
holes in javascript on machines running windows. I am not an expert on
securing your webbrowser (there are too many plug-ins for me to keep
track of), but PLEASE BE CAREFUL OUT THERE ON THE WEB. As soon as you
come across one of these sites that open another window when you leave
the site, especially if it is a window without controls, your computer
may have been infected.
Mine has been on several occasions, much to my delight... ;-)
>btw. I have not opened an attachment from even fairly well know sources in 5
>years.
Good sensible practice. I have the luxury of a separate machine to do
such dangerous experiments on, as well as a good firewall that logs
all IP-traffic very efficiently. If you don't know what you're doing:
DO NOT EVER "OPEN" OR "RUN" OR "START" EXECUTABLES YOU'VE DOWNLOADED
FROM USENET OR RECEIVED BY E-MAIL!!!
>>and who is stupid enough not to have a good and up to
>>date virus program?
>
>I guess 'good' is relative, Gibson said Black Ice for instance didnt work on the
>zombies.
Some things seem to get mixed up here.
1) On the one hand there is firewall software for Windows, Such as
BlackIce and the superior (according to Gibson's tests) ZoneAlarm. The
job of this kind of software is to keep an eye on the various "ports"
on your computer, and the network traffic coming in and going out.
Good firewall software will allow NO TRAFFIC AT ALL through any "port"
unless you specifically authorize that "port" to be opened.
Unfortunately, the process of deciding what is legitimate traffic and
what is not is not only cumbersome for an end-user without the
specific knowledge but without guidance it might become even
impossible.
I believe that that is the reason for this difference in test-results
that Steve Gibson got. If BlackIce considers it 'normal' that many
people run an IRC-client, then it may leave open the necessary ports
for that by default, in order to make life for the end-user 'easier'.
Since the zombie that Gibson looked at technically did nothing else
than 'start an IRC-client', it was not detected.
I haven't looked at BlackIce, and it might be possible to close these
specific ports in that piece of software. But since you would again
need specific knowledge about that, this is not the right approach for
firewall software.
2) On the other hand there are virus detection programs. They usually
monitor your disks and sometimes also incoming e-mail and/or news,
looking for known viruses. That means that they can alert you only if
a _KNOWN_ virus (or trojan or zombie or whatever you call it) is
coming in or is already present on your computer. Usually they need to
be regularly updated with information about new viruses.
>>However, of course if such a zombie was created as a news program,
>>capable of being connected to from outside, of course it would be
>>possible to hijack the puter it was put on.
>
>Thats interesting isnt it? Could the cult use this to insert zombies that take
>over ones computer and can be controlled by the 'zombie master' as he calls them
>to say for instance issue kiddie porn from ones computer?
While it is relatively easily possible for anyone to install a couple
of hundred such zombie-programs on random computers, it is much harder
to install only _one_ such program on a specifically targeted machine.
And it becomes virtually impossible for some hacker if you install
ZoneAlarm and some good virus-scanning software.
So if your computer has a (semi-)permanent connection to the Internet
and runs Windows, that is what you should do.
Sorry for the inconvenience to those that have no knowlegde about
these matters, you will have to learn some of the basics. I'm (almost)
always willing to try and explain...
>Phil Scott
>
>>
>>That said, I can't feel sorry for anyone stupid enough to run unknown
>>attachements, so if some critic is being attacked in this way, keeping
>>in mind how easy it is to defend youself...
>>
>>Sten-Arne
[rest snipped, we've seen it by now]
Groeten,
Boudewijn.
Android Cat
<Anti...@galacticfederation.homeip.net> wrote in message
news:02btht8uf3gebn5qj...@ARSCC.Sweden.Dep.OSA.Surveillanc
e...
> was that my firewall blocked access attempts to my puter from
> 24.104.7.35, however that turns out to be you.
>
> And, friend, you can't access anything else than the index file, for
> reasons I'm not prepared to tell :-)
> Stop it ptsc :-)
When I found Gregg's machine wide open, I did check few other critics'
machines for open NetBios ports. I didn't find any. (And Dansai and
Velcro Gwen's machines seemed safe too. For which I'm glad, the
temptation to step over the line would have been massive! ;^)
In the end, I decided that loudly telling people about ShieldsUp! and
Zone Alarm was the best move. And I guess that I'm doing it again just
in case someone wasn't paying attention. (And I've got egg on my face
too. Until I got an ADSL connection, I hadn't done a proper security
audit. I'd previously cleaned up my connection to my dial-up ISP, but a
later reinstall of Windows put them all back.)
If someone doesn't know what they are doing, use stuff from people that
do, otherwise you're just playing in traffic.
And it doesn't make a difference if you're using Windows, Linux, or
Mac -- they've all had "exploits", and probably will have more in the
future. (Windows definitely takes the Flying Cluster Fuck Through A
Rolling Donut Award, but mainly for its stupid defaults. If you "fix"
it [like a vet does a cat], it's not that bad.)
Ron of that ilk.
Hans Reese
On Wed, 06 Jun 2001 21:43:26 GMT, phils...@hotmail.com (Phil Scott)
wrote:
[minor reformatting...]
>>Hah, got me there ;) Seriously speaking, though, does Outlook run
>>inline VBScript? That'd mean you only have to *look* at a mail to
>>unleash gobs of scripty nastiness on yourself.
Yes.
[snip]
>... you still have to open an attachment or exe file for
>the virus to get in your computer no?
No.
> Or will just reading the email do it, if
>it is in HTML format.
Exactly. Provided you enable the automatic preview option, which you
obviously should't... ;-)
I'm not sure how that option is called in English versions of O.E., but it's
in the 'View'-option of the main menu. With preview enabled, every email is
effectively "Opened" whenever it gets highlighted in the message list. This
will happen automatically when there is only one new message. Some other
security-related settings play a role here too, but that's the "feature" to
look for, AFAIK.
--
Groeten
Hans Reese
I always thought they where joking. Then I started reading. Now I know they
never, ever joke.
Read www.xenu.net
Android Cat
<Anti...@galacticfederation.homeip.net> wrote in message
news:9oathtsovtdb0b627...@ARSCC.Sweden.Dep.OSA.Surveillanc
e...
than
> not, so poorly configured that the owner should be whacked with many
> clue sticks.
And Microsoft should be whacked with large clue sticks for
automaniacilly copying the local settings as the default when adding an
Internet connection.
Ron of that ilk.
Zinj
The reason that Wingate is notorious in this sense is that it's a SOCKS proxy
server, like many others, and pretty decent. But it's delivered, or was
delivered to many people with port 1080 open by default, so, when you make your
home network use your single cablemodem/dsl whatever connection, you were also
allowing everyone else on the internet to use your computer for 'modem
sharing'.
If you have one internet connection, and 3 computers, it's a cool thing to let
them use the one computer with the connection to pretend they're all that
connection and grandma, sis and junior can all get on the internet at the same
time.
All they have to do is set the one computer with the connection as the 'proxy'.
Wingate is in disrepute because it comes by default with that 'port' open... so
*anyone* can 'bounce' himself off of your machine... and show your IP addy to
the internet.
Zinj
Android Cat
> On Thu, 07 Jun 2001 00:40:12 +0200, ©Anti-Cult® -
www.users.wineasy.se/noname/
> <Anti...@galacticfederation.homeip.net> wrote:
>
>
> OK you guys are loosing me now....does the discussion regarding open
ports on
> various machines mean that someone could place zombie code in the
machine and
> take it over?
>
> If so...then it does appear that the average joe critic computer user,
non
> hacker type could get screwed rather easily, that is framed by the
cult with
> sporge etc from his own computer by a zombie master running his
machine.... and
> that you do NOT have to open an a email attachment to get infected...
and it can
> be done easily by various other means discussed in this thread.
>
> For a critic that the cult routinely targets to set up for crimes, I'd
say thats
> an issue. Or am I still missing something?
Okay, I'll take it step by step, because this is important. (And Co$ is
probably drooling over every word.)
Yes, the average joe critic could be screwed over unless they are
careful.
1) If the user has a local area network with shared drives, Windows will
automatically allow those shares to the entire Internet when the ISP
connection is installed. (This can even be a problem with dial-up
connections. I could write a bot to monitor ars, check TCPIP addresses
of posters and probe machines for weakness in real time.)
Possible Result: Access to drives, read files, write files, write of a
full Back Orifice/Sub7 bootstrap.
Solution: Remove NETBEUI and File/Printer sharing from your Internet
connection via Control Panel/Networks. Problem: Requires some
technical knowledge or a good walk-though. Alternate: Install Zone
Alarm. (I'm a belt-and-suspenders kind of guy. I made sure that my
machine locked down *and* installed Zone Alarm.)
2) By default, Outlook Express will autoload/autorun scripts in the
preview windows, and process HTML email.
Possible Result: Running or installation of Ghod knows what.
Solution: Turn off preview, *immediately*! Then use the steps that Ed
posted to "fix" Outlook Express. Castrate the bugger! Problem: It's
the smegging defaults!
3) Running trojan attachments.
Solution: Don't.
That more or less covers it, I think.
Ron of that ilk.
Boudewijn van Ingen
Sorry to reply to my own message. And with a cryptic message at that.
But indeed, I have now foud out a lot more.
The current "sporn" attack on ars (and other newsgroups) is more
closely linked to Steve Gibson's story than you might think.
I'm sorry I cannot tell more now.
Groeten,
Boudewijn.
Boudewijn van Ingen
www.users.wineasy.se/noname/ <Anti...@galacticfederation.homeip.net>
wrote:
>On Wed, 06 Jun 2001 19:25:51 -0400.
>In Message-ID: <3b1e...@news2.lightlink.com>
>From: ptsc <ptsc AT nym DOT alias DOT net>.
>Organization: Lightlink Internet.
>Wrote on the subject: Re: Frog2 Re: Zombie porn spam?:
>
>>On Thu, 07 Jun 2001 00:12:41 +0200, ?Anti-Cult? -
And even then, you're forgetting about the gaping hole that some
web-browsers create... ;-)
Hint: If you want to catch one of these zombies, follow the URL's in
the "sporn" postings here. They are cleverly hidden, but there is a
good chance you'll catch one...
Groeten,
Boudewijn.
Boudewijn van Ingen
wrote:
>phils...@hotmail.com (Phil Scott) wrote:
>>>
>>> HTML messages *can* pose a security risk, especially if you're silly
>>> enough to enable scripting languages in your reader.
>>
>> Thank you very much... however such sillyness term would only apply to competent
>> hacker type if they made the mistatke
>>
>> , those hundreds of millions of us who make our livings as butchers, bakers,
>> brain surgeons and indusrial engineers are not up on that stuff, and really
>> unless we switch careers likely never will be... and its NOT just this one
>> issue, I am sure there are hundreds of ways a person can get screwed via his
>> computer/net set up.
>
>I do apologize, Phil, you're absolutely right.
>
>I should have written, "... especially if you're unfortunate enough to be
>using an email client written by programmers lacking the foresight to
>disable scripting languages by default, due to the potential for abuse."
That's why I was very disappointed when I found out that Qualcomm's
Edora e-mail program had a default "preview" window that showed the
HTML content of any email even before you open it. This window is
actually filled by calling upon the standard Windows explorer, with
all it's available options enabled, including the execution of VBS.
Disabling this socalled "feature" was quite a daunting task. But I
have a manual for it somewhere. Anyone using Eudora with doubts about
this issue should contact me.
Groeten,
Boudewijn.
Boudewijn van Ingen
wrote:
>On Thu, 07 Jun 2001 00:13:43 +0300, Thomas Oakley
><dark...@spam.me.not.sunpoint.net> wrote:
>>Phil Scott wrote:
>>> On Wed, 06 Jun 2001 23:49:48 +0300, Thomas Oakley
>>> <dark...@spam.me.not.sunpoint.net> wrote:
>>> > Hah, got me there ;) Seriously speaking, though, does Outlook
>>> > run
>>> >inline VBScript? That'd mean you only have to *look* at a mail to
>>> >unleash gobs of scripty nastiness on yourself. This is exactly why
>>> >I try to avoid M$ products. Ick.
>>>
>>> Anyone have any comment on this? Frog?
>>>
>>> Phil Scott
>>
>> Here's one take on the issue. Quite accurate as well:
>> http://www.satirewire.com/news/0103/outlook.shtml
>
>
>that was interesting, but you still have to open an attachment or exe file for
>the virus to get in your computer no?
Alas. Micro$oft and similarly inclined producers of rubbish software
want to 'please' their users with "previews" of any message that is
selected in some list. That means that your software has a small
window somewhere, displaying an equally small picture of the contents
of the message, while you yourself are merely wondering around in the
index of your "in-box". However small that picture might look to you,
it still contains all elements of whatever was sent.
If the default Micro$oft settings are used, your system is very
vulnerable indeed. Scipts included. For your convenience...
>Or will just reading the email do it, if
>it is in HTML format.
If you have any kind of "preview" window on your screen, all you have
to to is _SELECT_ the message....
>I would sure like to see more details on this subject. If the cultie hackers
>can find a way to get zombies into a persons computer passively, you see how
>that could be a problem especially if as Gibson says they can use the zombie to
>send emails and posts from ones computer, and plant say porn etc undetected...
>thiings could get real messy fast.
IMNSHO, Outlook, due to it's "seamless integration" with other M$ apps
(like VB) and the notorious lack of security features in M$-Windows,
is the most deadly piece of software available on the Internet today.
People should use Eudora, with a few adaptations to it's ini-files...
(And the addition of PGP, of course.)
Groeten,
Boudewijn.
Ed
Phil Scott wrote:
>
> On Wed, 06 Jun 2001 23:49:48 +0300, Thomas Oakley
> <dark...@spam.me.not.sunpoint.net> wrote:
>
> > Hah, got me there ;) Seriously speaking, though, does Outlook run
> >inline VBScript? That'd mean you only have to *look* at a mail to
> >unleash gobs of scripty nastiness on yourself. This is exactly why I
> >try to avoid M$ products. Ick.
>
> Anyone have any comment on this? Frog?
>
See my other post on this.
Ed
> Phil Scott
>
> >
> >
> >- --T. Oakley-------
> >- --Gnarb-----------
> >- --ID: 0x84660AD1--
> >
> >-----BEGIN PGP SIGNATURE-----
> >Version: PGP 7.0.4
> >
> >iQA/AwUBOx6XaEsUEceEZgrREQI1SgCfZQbUUVQOq00CicryZK7RwZA9uB0AoJDc
> >OSH8HDR9xsJGXegSeu9ZfaUn
> >=VKsT
> >-----END PGP SIGNATURE-----
Frog2
to disable it temporarily, but just getting it on your machine for a
few days will tell you everything that is going on with your machine
network-wise.
phils...@hotmail.com (Phil Scott) writes:
> On Thu, 07 Jun 2001 00:40:12 +0200, ←Anti-Cult� - www.users.wineasy.se/noname/
> <Anti...@galacticfederation.homeip.net> wrote:
>
>
> OK you guys are loosing me now....does the discussion regarding open ports on
> various machines mean that someone could place zombie code in the machine and
> take it over?
>
> If so...then it does appear that the average joe critic computer user, non
> hacker type could get screwed rather easily, that is framed by the cult with
> sporge etc from his own computer by a zombie master running his machine.... and
> that you do NOT have to open an a email attachment to get infected... and it can
> be done easily by various other means discussed in this thread.
>
> For a critic that the cult routinely targets to set up for crimes, I'd say thats
> an issue. Or am I still missing something?
>
> Phil Scott
>
> >On Wed, 06 Jun 2001 18:18:24 -0400.
> >In Message-ID: <3b1e...@news2.lightlink.com>
> >From: ptsc <ptsc AT nym DOT alias DOT net>.
> >Organization: Lightlink Internet.
> >Wrote on the subject: Re: Frog2 Re: Zombie porn spam?:
> >
> >>On Wed, 06 Jun 2001 22:10:37 +0200, ←Anti-Cult� -
> >>www.users.wineasy.se/noname/ <Anti...@galacticfederation.homeip.net>
> >>wrote:
> >>
> >>>>>Aw for fucks sake, first the zombie has to be put on the puter, either
> >>>>>by an E-mail attachement, or by directly copying it to the HD.
> >>
> >>>>Gibson seemed to indicate that the zombie could be inserted by other means, no
> >>>>need for it to come in as an attachment etc.
> >>
> >>>Bullfucking shit!
> >>
> >>Look at these machines. According to one observer port 139 is open on
> >>all of them at the time of sporging. (Personally I've only noticed
> >>the one, 24.6.3.198, which is open right now as I speak.)
> >>
> >>If there's an open share there (there isn't on 24.6.3.198 *now* though
> >>there may have been before our 'friend' got to it) that can be
> >>exploited in a number of ways. In fact, it can easily be turned into
> >>full control of the machine. (Port 139 being open is default
> >>configuration for Windoze machines.) Yours is closed.
> >>
> >>ptsc
> >
> >24.6.3.198 is open like a barns door right now. Since I refuse to hack
> >anything, I will not take advantage of this. However, others are taking
> >advantage of it, by using this to post porno spam to ARS.
> >
> >Port 7 (Echo)
> >Port 13 (Daytime)
> >Port 21 (FTP)
> >Port 23 (Telnet)
> >Port 25 (SMTP)
> >Port 37 (Time)
> >Port 43 (Whois)
> >Port 70 (Gopher)
> >Port 79 (Finger)
> >Port 80 (WWW)
> >Port 110 (POP3)
> >Port 119 (NNTP)
> >Port 139 (nbsession)
> >Port 194 (IRC)
> >
Jommy Cross
wrote in msg <3b1e9c71...@news.tdl.com>:
>On Wed, 06 Jun 2001 23:49:48 +0300, Thomas Oakley
><dark...@spam.me.not.sunpoint.net> wrote:
>
>
>> Hah, got me there ;) Seriously speaking, though, does Outlook run
>>inline VBScript? That'd mean you only have to *look* at a mail to
>>unleash gobs of scripty nastiness on yourself. This is exactly why I
>>try to avoid M$ products. Ick.
Ick indeed, but if <choose opsys> was as popular as MS it'd be as heavily
exploited. There are *always* exploits against poorly configured systems,
and in a large population of systems there will *always* be
poorly-configured systems. Enter the zombie master.
>
>Anyone have any comment on this? Frog?
>
>Phil Scott
>
LookOut can be made to run VBS and JavaScript in email-embedded HTML, some
versions do it out of the box. It's a good idea to *turn off the preview
window*.
It's a good idea to examine the contents of suspect emails through the
Properties dialogs. You'd need to understand what you're looking at to some
degree, and be mildly psychic to know what to suspect in a high volume
client.
It's a good idea to *turn off scripting* on your LookOut email machine
(maybe not so easy with no dedicated email machine).
It's a good idea to run ZoneAlarm and a virus checker.
It's a good idea to use a mail client other than LookOut better
configurable for what it will and won't execute.
Ever yours in fandom,
Jommy Cross
---------------------------------------------------
This message brought to you by Radio Free Albemuth:
before you hallucinate
--------------------------------------------------
SCN Lurker
>On Wed, 06 Jun 2001 18:39:57 GMT.
>In Message-ID: <3b1e777d...@news.tdl.com>
>From: phils...@hotmail.com (Phil Scott).
>
>>
>>Frog2, can you comment on this post. It seems that if Gibson is correct, that
>>the zombi tactic could be used to produce credible sporn from a critics
>>computer..
On Wed, 06 Jun 2001 20:39:56 +0200, ©Anti-Cult® -
www.users.wineasy.se/noname/ <Anti...@galacticfederation.homeip.net>
>Aw for fucks sake, first the zombie has to be put on the puter, either
>by an E-mail attachement, or by directly copying it to the HD. The
>zombie prg has to be run once, to make it do it's initial business.
Well, with an enormous percentage of Win9x boxes out there with
totally unprotected shares, it would be *trivial* to get a bot of any
sort planted on to a machine. I could write a program in an hour that
would planet the program of my choice (back orifice, whatever) onto
1,000's of machines in a blink of an eye.
So, just to be clear, an email attachment is not the only way to
become infected.
Don't get me wrong, I'm not trying to feed the black helicopters, but
a certain amount of prudence is justified.
- SCN Lurker
John Dorsay
> Let's not mince words: Child Pornography -- the one "hot button" item
> that police can get support and funding to track down. (Has *anyone*
> clicked on those links? Not me.)
Yeah, one. I quickly found a netbus server trojan along with an html
page inviting the user to run it. The web host is in Venezuela.
PS to any pathetic brainwashed nut cult zombies who may be drooling over
the possibility that I have kiddie porn on my computer:
I cruise the web with everything off. java, javascript, AND images.
So even if there really is kiddie porn on the site I went to, I didn't
see it. I didn't even cache it.
The only file I downloaded from the site was "patch.exe", which is
indeed the netbus trojan.
But I didn't run it. Maybe next time. Squick squick squick.
--
Regards, John
Exceedingly Rude and Discourteous Psychiatric Pawn
Read about Scientology and the abuse of survivors of brain injury:
SCN Lurker
>On Wed, 06 Jun 2001 18:06:20 -0400.
>In Message-ID: <3b1ea9aa$1...@news2.lightlink.com>
>From: ptsc <ptsc AT nym DOT alias DOT net>.
>Organization: Lightlink Internet.
>Wrote on the subject: Re: Frog2 Re: Zombie porn spam?:
>
>>www.users.wineasy.se/noname/ <Anti...@galacticfederation.homeip.net>
>>wrote:
>>
>>>Come one Phil, that's not at all what happens. Don't get paranoid on us
>>>will ya?
>>
>>>The zombie has to be sneaked into the puter with an attachement, and the
>>>idiot receiving said attachement have to click it too.
ptsc wrote:
>>No it doesn't. There are other ways of getting it there, the most
>>obvious being copying it directly onto their hard drive over the
>>Internet through an open NetBIOS share.
>>
>>ptsc
On Thu, 07 Jun 2001 00:12:41 +0200, ©Anti-Cult® -
www.users.wineasy.se/noname/ <Anti...@galacticfederation.homeip.net>
wrote:
>Yeah well, of course. However I doubt that many people here have
>networked computers, and network shared folders, and on top of that non
>pwd protected such. Having shared folders/drives on a non networked
>puter, sounds so silly that it's not even worth commenting on.
>
>Those that have, should learn to unbind unneccessary protocols
>naturally.
Let me tell you a true story.
Last year, I was working on a project that required using Lanman over
TCP so I spent some time brushing up on Win networking API's.
After coding my app, I was quite surprised at how easy it was to
attach network shares. So, I wrote another app that probed my local
class c to see how may unprotected shares were out there. I ran the
program and came back with SEVENTY TWO machines! Holy fuck! I could
not believe that 28% of all the machines on my class c were sitting
ducks.
I then got to thinking that maybe I'd be a "white hat" and help these
poor slobs. So, I wrote yet another program that found the shares and
uploaded a program that would display an alarming message. I uploaded
it to about 6 peoples computers. I waited a day and went and had a
look to see if any of them had shut down their shares. Two of them
had and the remaining four STILL HAD UNPROTECTED SHARES!
Unbelievable. I concluded the project at that point figuring that
people were just plain stupid and didn't deserve my help.
Anyhow, the moral of the story is your claim about not many people
having unprotected shares is probably too generous.
- SCN Lurker
Boudewijn van Ingen
I have reasons to believe that there is more to it than that.
Can't say more, right now. sorry.
Groeten,
Boudewijn.
Boudewijn van Ingen
<androi...@hotmail.com> wrote:
>"?Anti-Cult? - www.users.wineasy.se/noname/"
Good for you. You wouldn't have found any actual "Child pornography",
just more links luring you towards such evil content... and eventually
towards a page that installs a "zombie program" (as described on Steve
gibson's page) on your computer. You would have bocome another sucker.
>The ethics are damning. Is this like seeing someone break into a house,
>and you enter or not to stop him? (And try explaining this to a court
>later.) *sigh*, if only I had $cientology Brand Ethics, rather than
>human ones.
Indeed. Learn about computers. Then within twenty years, you can
answer your own question.
I take the fifth. ;-)
Groeten,
Boudewijn.
Android Cat
user, non
> >>hacker type could get screwed rather easily, that is framed by the
cult with
> >>sporge etc from his own computer by a zombie master running his
machine.... and
> >>that you do NOT have to open an a email attachment to get
infected... and it can
> >>be done easily by various other means discussed in this thread.
> >
> >But it IS easy to protect yourself. I repeat "unbinding Netbios",
> >install ZoneAlarm
> >
> >>
> >>For a critic that the cult routinely targets to set up for crimes,
I'd say thats
> >>an issue. Or am I still missing something?
Nope. But it's nothing new (problems, that is).
> >Well, we should not scare people too much, but there is indeed
potential
> >problems. That's nothing new, these problems have existed for many
many
> >years.
>
>
> Thanks for the advice, but I think some should be scared.. especially
critics
> that cult is targeting, at least enough to take your advice here and
cover the
> most vulnerable aspects.
Anybody, especially with a semi-perm connection should cover themselves.
It might be the cult, or it might be Vinnie the 14 year old haxor from
Boise Idaho. Always CYA. (Cover your assets.)
> From what I can tell if a zombie program uses your computer to send
threats or
> kiddie porn it will be difficult enough to disprove that you could end
up in the
> slammer writing long letters to the court about what a zombie is and
the judge
> would just say 'nice shore story'.... if you did manage to prevail it
could be
> years and thousands of dollars later.
Yes. Zombied email and news would look like it came from your machine.
If you're lucky, you get the A-team from the FBI or Secret Service
checking your machine. If life is normal, you get Sgt. Plodder whose
nephew uses that Windows thang. (This is not meant as a denegration of
law enforcement officers who are suddenly nominated as the local
"Internet Expert". May the Gods help you! [I've been told that I'm a
minor deity of computers, so you have my blessing, FWIW.])
> Id say it *is a serious issue as Steve Gibson has described it...
especially
> with the latest versions of windows coming out... and the cults long
term heroic
> effforts sparing no cash, sometimes millions of dollars, to frame
people.
>
> Or is that an exageration?
The new version of Windows aren't really an issue. It just lowers the
bar to point that script kiddies can generate untracable DDOS attacks.
That was always possible, either through Linux/*ix or bypassing the
Windows sock stack.
It's a serious issue. Luckily, Co$ has been behind the power-curve when
it comes to net-knowledge, but they eventually learn. Remember back a
year ago when they used sock-puppets that leaked their IP addresses?
Now they all use services that filter that out
Phil Scott
wrote:
snip
>Yes. Zombied email and news would look like it came from your machine.
>If you're lucky, you get the A-team from the FBI or Secret Service
>checking your machine. If life is normal, you get Sgt. Plodder whose
>nephew uses that Windows thang. (This is not meant as a denegration of
>law enforcement officers who are suddenly nominated as the local
>"Internet Expert". May the Gods help you! [I've been told that I'm a
>minor deity of computers, so you have my blessing, FWIW.])
>
>> Id say it *is a serious issue as Steve Gibson has described it...
>especially
>> with the latest versions of windows coming out... and the cults long
>term heroic
>> effforts sparing no cash, sometimes millions of dollars, to frame
>people.
>>
>> Or is that an exageration?
>
>The new version of Windows aren't really an issue. It just lowers the
>bar to point that script kiddies can generate untracable DDOS attacks.
>That was always possible, either through Linux/*ix or bypassing the
>Windows sock stack.
>
>It's a serious issue. Luckily, Co$ has been behind the power-curve when
>it comes to net-knowledge, but they eventually learn. Remember back a
>year ago when they used sock-puppets that leaked their IP addresses?
>Now they all use services that filter that out
How long will it be before they hire some serious hackers to do the job on the
critics? My guess is ... not long. they are desperate and they can do a lot
of damage in that fashion. they can even arrange for an ongoing log with real
pedophiles, then arrange for the critic to get 'discovered' as part of a sting.
I talked to my ISP about the possiblily of me being forged a while back and he
said 'well Id check my logs, and if you were on that server at the time, you'd
be toast' a bit unnerving.
Right now it seems some serious fire walls and monitoring is in order. I would
be willng to pay someone to help me get set up and learn the software and
issues, and eyeball my machine for weaknesses.
Phil Scott
>
>
>
>
SCN Lurker
Ingen) wrote:
>That's why I was very disappointed when I found out that Qualcomm's
>Edora e-mail program had a default "preview" window that showed the
>HTML content of any email even before you open it. This window is
>actually filled by calling upon the standard Windows explorer, with
>all it's available options enabled, including the execution of VBS.
>
>Disabling this socalled "feature" was quite a daunting task. But I
>have a manual for it somewhere. Anyone using Eudora with doubts about
>this issue should contact me.
IIRC, Eudora can use IE as the preview app for HTML or it's own built
in parser. The built in parser won't run script.
- SCN Lurker
Christopher Wood - xenu.ca
<androi...@hotmail.com> wrote:
(SNIP)
>2) By default, Outlook Express will autoload/autorun scripts in the
>preview windows, and process HTML email.
>
>Possible Result: Running or installation of Ghod knows what.
>
>Solution: Turn off preview, *immediately*! Then use the steps that Ed
>posted to "fix" Outlook Express. Castrate the bugger! Problem: It's
>the smegging defaults!
My solution to the Outlook Express problem is to not use Outlook
Express.
One of the common Outlook Express problems is that under some settings
(I don't recall which) file extensions are hidden from the user. So, a
file which may look (just to take a recent example) like HOMEPAGE.HTML
is actually HOMEPAGE.HTML.vbs, a malicious executable file.
So I recommend Eudora or Pegasus as replacements for Outlook Express.
Of course, another good thing to do is to remove the Windows Scripting
Host, the Windows component that permits .vbs files to run.
btw, here's that recent example:
http://www.symantec.com/avcenter/venc/data/vbs.vb...@mm.html
-------------------------------------------
-- Scientology's gate is down. --
Canadian Scientology information is now at:
http://xenu.ca/
-------------------------------------------
ultram...@webtv.net
the problem of this century and is continuing to evolve.
Its the inability to prosecute for kiddie porn that bothers me actually.
CoS probably has the same problems to a smaller extent. As difficult as
it it is to trace--it can be done. Delivery of a penalty is just as much
an issue. Why chase and trace if prosecution is not probable. One needs
to be creative in delivering justice to the perpetrators door. The laws
and and policing havent caught up to the level of the criminal in this
case.
Mike
"My Father was a Sick,Sadistic,Vicious Man"
L.Ron Hubbard Jr. 1983
Boudewijn van Ingen
wrote:
You're right. It was the quoting-fix that needed the use of
undocumented options in the INI file, not the preview. ;-)
Groeten,
Boudewijn.
SCN Lurker
<cw...@NOSPAMxenu.ca> wrote:
>On Wed, 6 Jun 2001 20:30:05 -0400, "Android Cat"
><androi...@hotmail.com> wrote:
>
>(SNIP)
>
>>2) By default, Outlook Express will autoload/autorun scripts in the
>>preview windows, and process HTML email.
>>
>>Possible Result: Running or installation of Ghod knows what.
>>
>>Solution: Turn off preview, *immediately*! Then use the steps that Ed
>>posted to "fix" Outlook Express. Castrate the bugger! Problem: It's
>>the smegging defaults!
>
>My solution to the Outlook Express problem is to not use Outlook
>Express.
>
>One of the common Outlook Express problems is that under some settings
>(I don't recall which) file extensions are hidden from the user.
...
That is the default behavior of the OS/shell. Open up Windows
Explorer, go to View, Folder Options, choose View Tab and unselected
"Hide extensions of Known File Types".
- SCN Lurker
Christopher Wood - xenu.ca
wrote:
>On Thu, 07 Jun 2001 03:07:53 -0300, Christopher Wood - xenu.ca
Yeah, and that's another bloody problem. Why should anything in the
shell impact on the functionality of the email client??
(But then that's something that smarter and better-informed people
than me have been saying for years.)