Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How was this "attack" possible?

1 view
Skip to first unread message

MyCom

unread,
Aug 3, 2004, 4:28:33 AM8/3/04
to
Last night, I was chatting with my friend in a private
room created in www.chat-avenue.com and I was minding my
business, just chatting with my friend (I've known her for
two years so I do not suspect her of anything).

There is an option to allow pop-ups for private messages
from others, but I didn't check this option (since people
like to bug me with stupid private messages). All of a
sudden, another browser window that was black opens and I
get a prompt through Internet Explorer asking me if I want
to allow an ActiveX (I have it set in my internet zone to
prompt me if an ActiveX control or plug-in wants to run).

I obviously said "no" and I was confused as to why another
browser window was opening on me when I didn't click on
any links and I was just chatting with my friend. When I
clicked "no," the browser window started jumping around
and the first, regular chat room window (chat-avenue.com)
was "frozen," meaning I couldn't close it, interact within
it, etc. I also couldn't close out the jumping browser, it
was just floating around the screen and stopped me from
doing anything to it.

I then engaged the Internet lock in my ZoneAlarm firewall
(cuts off all Internet). I was then able to close out this
other offending browser window and return to my chatting.

After looking at my History, I found whatever this was to
be www.monkeydoo.com/online/cool4.php (PRANKED, you are an
Idiot). My friend said it happened to her too except she
saw the words "YOU ARE AN IDIOT" in the black browser
window, whereas I didn't (I guess because I denied ActiveX
from running?).

Sorry for the long post, but two quesions: How, with
Windows 2000 and Internet Explorer completely patched and
up-to-date through www.windowsupdate.com, and with my
ZoneAlarm firewall, was this person able to "attack" me by
allowing this monkeydoo.com browser window to
involuntarily open up on me and wreak havoc? I have to
assume it was sent by someone else in another room because
I had no other browser windows open except for the chat
room (chat-avenue.com).

Second question is: what harm could have been done by
this? (Of course, I ran Ad-aware and an anti-virus
afterwards and fortunately, my computer came up clean.)
For what it's worth, the chat app used for chat-avenue.com
is DigiChat 4.0.3.1 (Digi-Net Technologies,
www.digichat.com).

Thanks for reading this far; any replies/answers
appreciated!

S. Pidgorny <MVP>

unread,
Aug 3, 2004, 6:21:26 AM8/3/04
to
The appearence of the popup window might be not a result of the browser
vulnerability but a result of the chat server compromise - to my best
knowledge, Internet Explorer without add-ons opens pop-up windows. Install a
pop-up blocker. If the system is fully updated and you didn't allow the
ActiveX to run, likely there's no consequence for you.

--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-

"MyCom" <anon...@discussions.microsoft.com> wrote in message
news:a19d01c47933$dd6c45d0$a501...@phx.gbl...

r

unread,
Aug 3, 2004, 11:43:05 AM8/3/04
to
Spyware/Virus Removal and Prevention:
http://www.fixyourwindows.com/windowsxpsolutions.htm

How to optimize Windows XP/2000/ME for the best performance:
http://www.fixyourwindows.com

MyCom

unread,
Aug 3, 2004, 4:15:18 PM8/3/04
to
Thank you for your time and your reply.

Well, I did a little digging around on Google, and found
this:
___________________________________________________________
Digi-Net Technologies DigiChat User IP Information
Disclosure Vulnerability
BugTraq ID: 5019
Remote: Yes
Date Published: Jun 14 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5019
Summary:

DigiChat is a web based chat application [Java-based
client/server] maintained by Digi-Net. DigiChat runs on
most Microsoft Windows and UNIX platforms.

It is possible for chat users to obtain sensitive
information about other chat visitors.

By design, only ChatMasters are able to resolve the IP
address of visiting chat users. However, it is reportedly
possible for users to obtain the IP address of chat
visitors by including '<Param Name="Showip"Value="True">'
in the chat applet. As a result, IP address information is
disclosed when viewing the information details of visitors.

An attacker may exploit this flaw to gain unauthorized
access to sensitive information about site users.

This issue has been reported in DigiChat 3.5, however
other versions may also be affected by this.
___________________________________________________________
I know this might not be related to what happened to me
(especially since I was using DigiChat 4.0.3.1), but it
makes the point that I guess not everything is 100%
secure. A search on Google reveals not so reputable places
advertising programs to help you "boot" people off
DigiChat, hack into DigiChat, etc.

Either way, like you said, my system is indeed updated, I
ran a virus and spyware scan, and I have a firewall.
Hopefully, I'm okay.

However, I don't think I'll be going to chat-avenue.com or
to use DigiChat again; my computer is too important to me
to lose it through chatting with someone. (Paranoid, yes,
but hey, better to be safe than sorry!)

NO-hackers

unread,
Aug 3, 2004, 10:22:22 PM8/3/04
to
You my or my not be in deep S#@$, there is a new hack that
pop ups a fake window asking you a Q. thaat you would say
NO to but in this hack NO means Yes. So you just oked it
>.
>

MyCom

unread,
Aug 4, 2004, 1:01:07 AM8/4/04
to
>-----Original Message-----
>You my or my not be in deep S#@$, there is a new hack
>that pop ups a fake window asking you a Q. thaat you
>would say NO to but in this hack NO means Yes. So you
>just oked it

Proof? Do you have a link to a reputable site that
explains this in detail?

S. Pidgorny <MVP>

unread,
Aug 4, 2004, 7:19:35 AM8/4/04
to
Probably he/she doesn't. I never heard of successfull tampering with the
ActiveX security dialog box. All porn dialers and that kind of malware ask
you to press "yes" on the dialog box.

--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-

"MyCom" <anon...@discussions.microsoft.com> wrote in message

news:bb3a01c479e0$0d23ed30$a601...@phx.gbl...

MyCom

unread,
Aug 5, 2004, 11:01:02 PM8/5/04
to
I've personally experienced where you click on "no" but
then another dialog box appears that says something
like, "You have to click YES to download this!"

S. Pidgorny, I also haven't heard of successful tampering
with ActiveX dialog boxes where innocently clicking "no"
amounts to a "yes." I believe "NO-hackers" (the person who
posted this) is fibbing, unless he or she provides the
proof I asked for.

>.
>

MyCom

unread,
Aug 12, 2004, 5:31:17 AM8/12/04
to
WELL, thank you for the help, everyone, but I figured out
the how and why of this thing! No one hacked into anyone's
computer and no one sent the "you are an idiot" boot
thing. It was simply a boot mechanism in place by the
administrator of chat-avenue.com to stop unruly flooders.

http://www.chatave.com/forums/showthread.php?t=1678

Mystery solved! I can breathe a big fat sign of relief
that my computer wasn't "hacked" into. :oP

0 new messages