Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

No MVP told me about Redirectors - I had one!

41 views
Skip to first unread message

BoaterDave

unread,
Mar 2, 2006, 3:39:36 PM3/2/06
to
Quote
 
Today we announced the release of the 2005 Semi-Annual Web Security Trends Report issued by Websense® Security Labs(TM). The new report summarizes findings for the second half of 2005 and presents projections for the upcoming year. In the second half of 2005, Websense Security Labs was successful in identifying and mitigating several new high profile exploits. We were the first to discover the Microsoft Windows Metafile (WMF) vulnerability being exploited in the wild, and we uncovered websites hosting code that attacks a vulnerability within the Sony BMG Music Entertainment copy protection uninstall program.

The full report is available for download at: http://www.websensesecuritylabs.com/docs/WebsenseSecurityLabs20052H_Report.pdf



AlmostBob

unread,
Mar 2, 2006, 4:11:30 PM3/2/06
to
Did you ask anyone aobout redirectors

--
-
Adaware http://www.lavasoft.de
spybot http://security.kolla.de
AVG free antivirus http://www.grisoft.com
Etrust/Vet/CA.online Antivirus scan
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Panda online AntiVirus scan http://www.activescan.com
Panda online AntiSpyware Scan
http://www.pandasoftware.com/virus_info/spyware/test/
Catalog of removal tools (1)
http://www.pandasoftware.com/download/utilities/
Catalog of removal tools (2)
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?CID=40387
Trouble Shooting guide to Windows http://mvps.org/winhelp2002/
Blocking Unwanted Parasites with a Hosts file
http://mvps.org/winhelp2002/hosts.htm
links provided as a courtesy, read all instructions on the pages before
use
Grateful thanks to the authors/webmasters
_
"BoaterDave" <BoaterDave@nospam invalid> wrote in message
news:%23L0Vylj...@tk2msftngp13.phx.gbl...

BoaterDave

unread,
Mar 2, 2006, 4:26:55 PM3/2/06
to
No Sir - I came here to learn! All I knew was that I had a problem I didn't
understand.

It would appear that I am not alone!

Dave.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"AlmostBob" <anony...@discussions.microsoft.com> wrote in message
news:ulYph3jP...@TK2MSFTNGP12.phx.gbl...

Malke

unread,
Mar 2, 2006, 4:55:35 PM3/2/06
to
BoaterDave wrote:

> No Sir - I came here to learn! All I knew was that I had a problem I
> didn't understand.
>
> It would appear that I am not alone!
>
> Dave.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "AlmostBob" <anony...@discussions.microsoft.com> wrote in message
> news:ulYph3jP...@TK2MSFTNGP12.phx.gbl...
> | Did you ask anyone aobout redirectors

To the OP:

About Usenet:
http://en.wikipedia.org/wiki/Usenet
http://groups.google.com/support/bin/static.py?page=basics.html - Basics
of Usenet

How to Post:
http://www.dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

AlmostBob

unread,
Mar 2, 2006, 5:44:39 PM3/2/06
to
Definitely not alone, all here to learn, but you gotta ask
Even if you arent sure if its the right question ask it
you'll get 11/12 a_hole replies perhaps, (me 4 sure) but the 12th one will
be somebody who had something similar happen and will know what Q to ask you
to point you at the answer.


--
-
Adaware http://www.lavasoft.de
spybot http://security.kolla.de
AVG free antivirus http://www.grisoft.com
Etrust/Vet/CA.online Antivirus scan
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Panda online AntiVirus scan http://www.activescan.com
Panda online AntiSpyware Scan
http://www.pandasoftware.com/virus_info/spyware/test/
Catalog of removal tools (1)
http://www.pandasoftware.com/download/utilities/
Catalog of removal tools (2)
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?CID=40387
Trouble Shooting guide to Windows http://mvps.org/winhelp2002/
Blocking Unwanted Parasites with a Hosts file
http://mvps.org/winhelp2002/hosts.htm
links provided as a courtesy, read all instructions on the pages before
use
Grateful thanks to the authors/webmasters
_
"BoaterDave" <BoaterDave@nospam invalid> wrote in message

news:%23nvYNAk...@tk2msftngp13.phx.gbl...

BoaterDave

unread,
Mar 2, 2006, 6:10:35 PM3/2/06
to
Thanks AlmostBob.

My point was (no, IS!) that during all my trials and tribulations this
winter (having read hundreds of comments from "the wise ones" on Microsoft
Communities sites and in many technical Forums) I have seen nobody refer to
Redirectors (as described in the Websense document).

There has been a long history behind this - as Malke and a number of other
MVP's know.
My post here 25 February 12:10 GMT refers.

I value all the help I have received - but do not like the
"Holier-than-thou" attitude that seems to prevail here.

Dave
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


"AlmostBob" <anony...@discussions.microsoft.com> wrote in message

news:%23CrSlrk...@TK2MSFTNGP11.phx.gbl...

AlmostBob

unread,
Mar 2, 2006, 7:16:55 PM3/2/06
to
a redirector is just another sub class of malware, as described in that pdf
is just websense's name for a bomb that has been around in various guises
for (computer years) centuries *** see below ***
you'll never see anyone refer to packet sniffers, loggers, port masks, by
name either
just generic terms,
get angry at them(us), get despondent at all the wrong answers, but keep
asking, & keep watching cuz now you is gonna be the 12th guy, when somebody
else has that kind of bomb that nobody can get rid of,

Incidentally I am in a really good mood today, thats why I am not my usual
scummy smart aleck, I got a thankyou from another group in a problem I feel
passionate about, Everyone who can, become a blood donor, organ donor,
plasma donor, or marrow donor, save a life today.


*** computer years, beginning of time 1-1-1980
Therefore all the millenia of existence from T.Rex(4.77MHz 64KB 360K) to
H.Sap(2GHz 16GB 1T) in 26 years
I used to own a home built Zylog Z80, I am prehistoric
---


Adaware http://www.lavasoft.de
spybot http://security.kolla.de
AVG free antivirus http://www.grisoft.com
Etrust/Vet/CA.online Antivirus scan
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Panda online AntiVirus scan http://www.activescan.com
Panda online AntiSpyware Scan
http://www.pandasoftware.com/virus_info/spyware/test/
Catalog of removal tools (1)
http://www.pandasoftware.com/download/utilities/
Catalog of removal tools (2)
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?CID=40387
Trouble Shooting guide to Windows http://mvps.org/winhelp2002/
Blocking Unwanted Parasites with a Hosts file
http://mvps.org/winhelp2002/hosts.htm
links provided as a courtesy, read all instructions on the pages before
use
Grateful thanks to the authors/webmasters
_
"BoaterDave" <BoaterDave@nospam invalid> wrote in message

news:O43Gv8kP...@tk2msftngp13.phx.gbl...

Mike Hall (MS-MVP)

unread,
Mar 2, 2006, 7:23:37 PM3/2/06
to
Dave

The point that you are endeavouring to make is still not clear.. are we
supposed to apologise for not having mentioned 'redirectors'?.. should we
apologise in advance for not mentioning that the Maxtor 'drive copying'
software can seriously screw up Office 2003 installations AND Adobe
Reader?..

--
Mike Hall
MVP - Windows Shell/User


"BoaterDave" <BoaterDave@nospam invalid> wrote in message

news:O43Gv8kP...@tk2msftngp13.phx.gbl...

Tom [Pepper] Willett

unread,
Mar 2, 2006, 7:46:14 PM3/2/06
to
Mike:

He's a kook.

Tom
"Mike Hall (MS-MVP)" <mike...@mvps.org> wrote in message
news:eSjbvil...@tk2msftngp13.phx.gbl...

BoaterDave

unread,
Mar 3, 2006, 3:08:32 AM3/3/06
to
Not one "real" person I've spoken to face to face has any idea that it is
possible for one to type a URL in the address box, click "Go" and be whisked
off to a web site which appears to be exactly as they might expect - but
isn't bone fide! They do not realise that it could be a "photograph" of the
real thing and that the content could be harmful.

I quote from a submission of mine elsewhere:-

"My final suspicion regarding all my PC problems is now the Windows XP SP2
CD which I obtained by post from Microsoft (??? ...... or from a spoof web
site???) in August 2004. I carried out my last re-installation of my
operating system (six times since Christmas!) last weekend without using
this disc and then downloaded all updates, including SP2, from the
Internet - everything is working just as it should now!"

Go here to take a peek at this Google site.

http://groups.google.com/group/nz.comp/msg/f0cb6adecb6e3f1e?q=GLB1A2B.exe&hl=en
(you will note Germany as the source of the virus)

It might help you to understand why I resorted to re-installing Windows so
often, instead of trying to catch the intruder by conventional means - I had
tried to do so, so many, many times, but my computer was never really under
my control.

Oh, I nearly forgot: the address label, at the end of my address (after my
Postcode) says not Great Britain, but the German equivalent - GROBBITANNIEN.
Raaaa...ther strange that!

If a virus can come by email - surely it can come on a doctored CD too!

If you are a Technophile, you will know all of the answers (well, most!) and
take all the right precautions. Unless you have a "test" machine (and
hundreds of hours to spare) you will never have actually experienced the
trials and tribulations suffered by us mere mortals who do become
"infected" - there are lots of "us" - just look at the number of queries on
the Newsgroups!

Most individuals who come to this Newsgroup site are only here because they
have experienced a problem and are endeavouring to find a solution. It is
all well and good for a helper to suggest, just as an example, "go to
www.trendmicro.com and run the HouseCall service to see if you have a virus.
If malware already has total control of one's PC, instead of going to the
REAL Trend Micro site you end up being REDIRECTED to a site which looks real
and which you think is checking your PC - but it isn't ........ and gives
you an OK! when the malware is still lurking inside your PC.
How frustrating is that eh? Perhaps YOU will never know - but I've been
there and it is not good news!

I seek only to let others know that it can, and does happen.

My experiences have led me to believe that some of the "bad" guys out there
are at least as clever as the MVP's. The Redirectors (call them what you
will) are selective - if you wish to Google or go on-line shopping (as
examples) no problem but if you try to go to an anti-spyware, anti-virus or
"fixing" site - that's when one is "redirected" or just simply prevented
from accessing the desired information.

Dave

Malke

unread,
Mar 3, 2006, 8:26:06 AM3/3/06
to
BoaterDave wrote:

> Not one "real" person I've spoken to face to face has any idea that it
> is possible for one to type a URL in the address box, click "Go" and
> be whisked off to a web site which appears to be exactly as they might
> expect - but isn't bone fide! They do not realise that it could be a
> "photograph" of the real thing and that the content could be harmful.

(snip)

Mike Hall (MS-MVP)

unread,
Mar 3, 2006, 8:57:59 AM3/3/06
to
Dave

Has it occurred to you that nobody has spoken of this because it hardly ever
happens?.. do you think that there are millions out there who should be
worrying about being a possible victim of a redirector?..

Of course it can happen, but maybe only if your sister is giving birth to
octuplets at the same time as Seti fans discover that the Borg are
transmitting old Elvis Presley songs through a proxy server on Deep Space
Nine on 102.6 FM..

--
Mike Hall
MVP - Windows Shell/User

"BoaterDave" <BoaterDave@nospam invalid> wrote in message

news:uSQ3BppP...@TK2MSFTNGP11.phx.gbl...

Malke

unread,
Mar 3, 2006, 9:02:39 AM3/3/06
to
Mike Hall (MS-MVP) wrote:

> Dave
>
> Has it occurred to you that nobody has spoken of this because it
> hardly ever happens?.. do you think that there are millions out there
> who should be worrying about being a possible victim of a
> redirector?..
>
> Of course it can happen, but maybe only if your sister is giving birth
> to octuplets at the same time as Seti fans discover that the Borg are
> transmitting old Elvis Presley songs through a proxy server on Deep
> Space Nine on 102.6 FM..
>

Hey, Mike - He's just a kook who apparently likes to disrupt newsgroups.
I've now killfiled him and you may want to do the same.

Best regards,

BoaterDave

unread,
Mar 3, 2006, 9:28:57 AM3/3/06
to
Maybe if someone had £245 stolen from you, you would have wanted to have found out just how it was done.
 
So you don't believe this; that's up to you  .......but I didn't post that old message on Google!
 
As Sir Winston Churchill once said;
 
“Man will occasionally stumble over the truth, but most times he will pick himself up and carry on.”
 
I didn't - I searched for the reason ........... and found it!
Dave
 
<snip>

BoaterDave

unread,
Mar 3, 2006, 10:41:32 AM3/3/06
to
Hi Almost Bob!

Should you have a few minutes spare, I'd be grateful if you would have a
read of my posts and the replies on the TomCoyote forum, here:- Forum
question was "Do you know much about Rootkits?"

http://forums.tomcoyote.org/index.php?s=659b993e9c558fcdaffef9a09e8f04ee&showtopic=58382&pid=261903&st=0&#entry261903

(and then come back to me and, perhaps, tell me that you think I'm crazy
too!)

Dave
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

"AlmostBob" <anony...@discussions.microsoft.com> wrote in message
news:ulYph3jP...@TK2MSFTNGP12.phx.gbl...

PA Bear

unread,
Mar 3, 2006, 2:52:40 PM3/3/06
to
<plonk>

BoaterDave wrote:
> Hi Almost Bob!
>
> Should you have a few minutes spare, I'd be grateful if you would have a
> read of my posts and the replies on the TomCoyote forum, here:- Forum

> question was "Do you know much about Rootkits?"...

Tom [Pepper] Willett

unread,
Mar 3, 2006, 6:38:41 PM3/3/06
to
He's pretty much a kook, huh ~Robear?

Tom

"PA Bear" <PABe...@gmail.com> wrote in message
news:OfjcGwvP...@TK2MSFTNGP15.phx.gbl...

Tom [Pepper] Willett

unread,
Mar 3, 2006, 6:39:24 PM3/3/06
to
Kook.

"BoaterDave" <BoaterDave@nospam invalid> wrote in message

news:OLqiY7sP...@tk2msftngp13.phx.gbl...

Tom [Pepper] Willett

unread,
Mar 3, 2006, 6:38:56 PM3/3/06
to
You're still a kook.

"BoaterDave" <BoaterDave@nospam invalid> wrote in message

news:upgZ6jtP...@TK2MSFTNGP15.phx.gbl...

BoaterDave

unread,
Mar 3, 2006, 7:26:22 PM3/3/06
to
Well - I've read the MVP's comments.
 
I'd like to thank all who have responded here for taking the time and trouble to read the Websense Security report.
 
There is obviously nothing therein which indicates any cause for concern.
 
Everyone may now sleep peacefully knowing that their PC has not been compromised. No longer will there be a need for anyone to visit these pages, so even Tom (Pepper) Willett may rest peacefully, knowing that everyone is free of malware. This must be a first - hoorah!
 
Dave
"BoaterDave" <BoaterDave@nospam invalid> wrote in message news:%23L0Vylj...@tk2msftngp13.phx.gbl...

Mike Hall (MS-MVP)

unread,
Mar 3, 2006, 7:58:12 PM3/3/06
to
Dave

My family, myself and all of my clients have not been affected in the way
that you have.. I am not being mean when I tell you that some of them are
not exactly the sharpest knife in the drawer..

--
Mike Hall
MVP - Windows Shell/User

"BoaterDave" <BoaterDave@nospam invalid> wrote in message

news:%23kIbMJy...@tk2msftngp13.phx.gbl...

Tom [Pepper] Willett

unread,
Mar 3, 2006, 8:18:22 PM3/3/06
to
You are still a kook.

"BoaterDave" <BoaterDave@nospam invalid> wrote in message

news:%23kIbMJy...@tk2msftngp13.phx.gbl...

BoaterDave

unread,
Apr 11, 2006, 12:11:03 PM4/11/06
to
Hello again AlmostBob

I've just been rereading all posts here. I note that I had asked you to
follow up something (but I did so incorrectly - sorry!). I just wondered if
you had found time toread all the rest of the replies in this thread.

You seemed to be one of the few here who seemed to have an inkling of my
predicament!

Regards, Dave
--
Retired (early!) but not yet senile!

0 new messages