|
|
|
|
06-26-2003, 04:24 AM
|
#1 |
Re: KazAa ?
have you had Gator on the system?
i have just finished cleaning a client site that had this same sot of problem and it all started with Gator. In my opinion both Gator and Kazaa should been baned from use as they cause WAAAAAYYYYY to many issues. check in your registery to make sure that it is not on the system " ~¿~" <> wrote in message news  TsKa.21025$Ab2.42793@sccrnsc01...> For the last few weeks KazAa has been trying to send packets which contain a > sub-7 trojan. It's being blocked by the firewall, but the thing is: I've > never used KazAa in my system. Anyone have any ideas why this service would > be sending trojans to people who have never even been to the KazAa site? > > Thanks > > RCS |
|
|
|
06-26-2003, 05:14 AM
|
#2 |
|
Posts: n/a
|
Re: KazAa ?
NOTE: This message was sent thru a mail2news gateway.
No effort was made to verify the identity of the sender. -------------------------------------------------------- "RCS" <> wrote in message news:... > have you had Gator on the system? > i have just finished cleaning a client site that had this same sot of > problem and it all started with Gator. Use LavaSoft's Ad-Aware (http://www.lavasoft.nu/) and SpyBot Search & Destroy (http://security.kolla.de/) to locate ad and spyware. > In my opinion both Gator and Kazaa should been baned from use as they cause > WAAAAAYYYYY to many issues. Kazaa is known to have ad/spyware installed. Kazaa Lite (http://www.kazaalite.tk/) is a rogue version of Kazaa with the ad/spyware hacked out of it and it works just as well (probably better without the adware drag). ~~~~~~~~~~~~~~~~~~~~~ This message was posted via one or more anonymous remailing services. The original sender is unknown. Any address shown in the From header is unverified. |
|
|
|
06-26-2003, 06:34 AM
|
#3 |
|
Posts: n/a
|
Re: KazAa ?
"RCS" <> wrote in message news:... > have you had Gator on the system? > i have just finished cleaning a client site that had this same sot of > problem and it all started with Gator. > In my opinion both Gator and Kazaa should been baned from use as they cause > WAAAAAYYYYY to many issues. > > check in your registery to make sure that it is not on the system Nope, no Gator. I have never downloaded KazAa or KazAa-lite into this computer, so I am wondering... Could it be a bot posing as KazAa? It's weird, because I get about 300 packets containing sub-7 trojans everyday. > " ~¿~" <> wrote in message > news TsKa.21025$Ab2.42793@sccrnsc01...> > For the last few weeks KazAa has been trying to send packets which contain > a > > sub-7 trojan. It's being blocked by the firewall, but the thing is: I've > > never used KazAa in my system. Anyone have any ideas why this service > would > > be sending trojans to people who have never even been to the KazAa site? > > > > Thanks > > > > > > |
|
|
|
06-26-2003, 07:37 PM
|
#4 |
|
Posts: n/a
|
Re: KazAa ?
~¿~ wrote:
>I get about 300 packets containing sub-7 trojans everyday. Would you mind elaborating on that? Please give some details on the packet size/contents and what port(s) it attempts to exploit. |
|
|
|
06-27-2003, 07:27 AM
|
#5 |
|
Posts: n/a
|
Re: KazAa ?
RCS wrote:
> In my opinion both Gator and Kazaa should been baned from use as they > cause WAAAAAYYYYY to many issues. While you are right about Gator, I will have to disagree with you regarding Kazaa. Issues involved in Kazaa mostly involve spyware, and the solutions to this are kind of common knowledge - kazaa lite, adaware and/or spyware are all suggested methods. Other issues that may come up from Kazaa or any other program that uses p2p protocols such as viruses are user-specific problems. Let us not forget that virtual file sharing has replaced the traditional file sharing, where you could easily get infected from a floppy disk if you weren't cautious. The only other issue that comes to my mind regarding banning Kazaa would be the copyright laws, but this is an issue for another NG, not A.C.S.  -- __________________________________________________ \_______torowbm AT /__ / ACK and thou_______/ \_____otenet DOT / / shall receive_____/ \_____gr /_/ RLU#306453_____/ |
|
|
|
06-27-2003, 07:29 AM
|
#6 |
|
Posts: n/a
|
Re: KazAa ?
RCS wrote:
> In my opinion both Gator and Kazaa should been baned from use as they > cause WAAAAAYYYYY to many issues. While you are right about Gator, I will have to disagree with you regarding Kazaa. Issues involved in Kazaa mostly involve spyware, and the solutions here are kind of common knowledge - kazaa lite, adaware and/or spybot are all suggested methods. Other issues that may come up from Kazaa or any other program that uses p2p protocols such as viruses are user-specific problems. Let us not forget that virtual file sharing has replaced the traditional file sharing, where you could easily get infected from a floppy disk if you weren't cautious. The only other issue that comes to my mind regarding banning Kazaa would be the copyright laws, but this is an issue for another NG, not A.C.S. -- __________________________________________________ \_______torowbm AT /__ / ACK and thou_______/ \_____otenet DOT / / shall receive_____/ \_____gr /_/ RLU#306453_____/ |
|
|
|
06-27-2003, 05:03 PM
|
#7 |
|
Posts: n/a
|
Re: KazAa ?
On 26 Jun 2003 04:14:49 -0000 I replied to
<Use-Author-Address-Header@[127.1]> on a piece of toilet paper while scribbling their name and phone number on the bathroom wall in alt.computer.security > >Kazaa is known to have ad/spyware installed. Kazaa Lite >(http://www.kazaalite.tk/) is a rogue version of Kazaa with the ad/spyware >hacked out of it and it works just as well (probably better without the >adware drag). MUCH better if you ask me. I haven't had a single problem with it, other than finding idiots sending me 100 meg articles on a dial-up modem. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you think you know me, you don't. .........Satirically yours ** Worst feeling in the world? Sliding down a 51 foot razorblade into a pool of Gin. Best feeling in the world? Watching your nemesis Sliding down a 51 foot razorblade into a pool of Gin.--GroveGnome ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
|
|
06-28-2003, 04:32 PM
|
#8 |
|
Posts: n/a
|
Re: KazAa ?
"The Saint" <> wrote in message
news:... > ~¿~ wrote: > > >I get about 300 packets containing sub-7 trojans everyday. > > Would you mind elaborating on that? Please give some details on the > packet size/contents and what port(s) it attempts to exploit. > I think we have a firewall newbie here. IIRC Kazaa uses a range of ports, one of which matches the default Sub7 port. So what the OP is presumably seeing is actually connect-attempts to a port that the fwall describes as being used by Sub7; they don't 'contain' the trojan, but under different circumstances might be construed as attempts to access a Sub7 if there was one installed on OP's machine. OP: You've probably just picked up an IP address from your ISP that was previously being used by someone who was in the middle of a Kazaa session with some other machines. They must have suddenly gone offline without shutting down Kazaa, and when you came online and got the IP address they had been using, the other Kazaa peers kept sending packets because they didn't know it was now a different machine. Just let your firewall block the packets and don't worry about it. DaveK -- moderator of alt.talk.rec.soc.biz.news.comp.humanities.meow.mis c.moderated.meow Burn your ID card! http://www.optional-identity.org.uk/ Help support the campaign, copy this into your .sig! Proud Member of the Exclusive "I have been plonked by Davee because he thinks I'm interesting" List Member #<insert number here> Master of Many Meowing Minions Holder of the exhalted PF Chang's Crab Wonton Award for kook spankage above and beyond the call of hilarity. PGP Key-ID: 0x0FB504D1 Fingerprint 04B7 2E8C 0245 680E 6484 C441 CEC7 D2BD |
|
|
|
06-29-2003, 10:04 PM
|
#9 |
|
Posts: n/a
|
Re: KazAa ?
" ~¿~" <> wrote in message news:UBvKa.22437$3d.13481@sccrnsc02... > Nope, no Gator. I have never downloaded KazAa or KazAa-lite into this > computer, so I am wondering... Could it be a bot posing as KazAa? It's > weird, because I get about 300 packets containing sub-7 trojans everyday. Most likely you are simply being probed. A lot of hack attempts will probe known ports of thousands of computers in the hopes of eventually finding one with an open port it can exploit. I would suggest testing your machine for open ports using a port scanner. The Gibson Research Center has a web-based port scanner that will do the job for you (https://grc.com/x/ne.dll?bh0bkyd2). I highly recommend it. Installing a firewall will not only help block incoming traffic but firewalls like Zone Alarm and Kerio will allow you to block outgoing traffic as well in case you have a trojan somewhere. Do a web search for Ad-Aware and Spybot Search and Destroy in order to locate any possible trojans and spyware on your computer. I'm sure I'm missing some, but these will be good steps in the right direction. |
|
|
|
06-30-2003, 02:55 AM
|
#10 |
|
Posts: n/a
|
Re: KazAa ?
Dave Korn wrote:
>"The Saint" <> wrote in message >news:... >> ~¿~ wrote: >> >> >I get about 300 packets containing sub-7 trojans everyday. >> >> Would you mind elaborating on that? Please give some details on the >> packet size/contents and what port(s) it attempts to exploit. >> > >I think we have a firewall newbie here. I believe you're right. I was wondering how he would explain "300 packets containing sub-7 trojans". <g> |
|
|
