Re: KazAa ?

Discussion in 'Computer Security' started by RCS, Jun 26, 2003.

  1. RCS

    RCS Guest

    have you had Gator on the system?
    i have just finished cleaning a client site that had this same sot of
    problem and it all started with Gator.
    In my opinion both Gator and Kazaa should been baned from use as they cause
    WAAAAAYYYYY to many issues.

    check in your registery to make sure that it is not on the system

    " ~¿~" <> wrote in message
    news:pTsKa.21025$Ab2.42793@sccrnsc01...
    > For the last few weeks KazAa has been trying to send packets which contain

    a
    > sub-7 trojan. It's being blocked by the firewall, but the thing is: I've
    > never used KazAa in my system. Anyone have any ideas why this service

    would
    > be sending trojans to people who have never even been to the KazAa site?
    >
    > Thanks
    >
    >
    RCS, Jun 26, 2003
    #1
    1. Advertising

  2. RCS

    Guest Guest

    NOTE: This message was sent thru a mail2news gateway.
    No effort was made to verify the identity of the sender.
    --------------------------------------------------------


    "RCS" <> wrote in message
    news:...
    > have you had Gator on the system?
    > i have just finished cleaning a client site that had this same sot of
    > problem and it all started with Gator.


    Use LavaSoft's Ad-Aware (http://www.lavasoft.nu/) and SpyBot Search &
    Destroy (http://security.kolla.de/) to locate ad and spyware.


    > In my opinion both Gator and Kazaa should been baned from use as they cause
    > WAAAAAYYYYY to many issues.


    Kazaa is known to have ad/spyware installed. Kazaa Lite
    (http://www.kazaalite.tk/) is a rogue version of Kazaa with the ad/spyware
    hacked out of it and it works just as well (probably better without the
    adware drag).


    ~~~~~~~~~~~~~~~~~~~~~
    This message was posted via one or more anonymous remailing services.
    The original sender is unknown. Any address shown in the From header
    is unverified.
    Guest, Jun 26, 2003
    #2
    1. Advertising

  3. RCS

    ~¿~ Guest

    "RCS" <> wrote in message
    news:...
    > have you had Gator on the system?
    > i have just finished cleaning a client site that had this same sot of
    > problem and it all started with Gator.
    > In my opinion both Gator and Kazaa should been baned from use as they

    cause
    > WAAAAAYYYYY to many issues.
    >
    > check in your registery to make sure that it is not on the system


    Nope, no Gator. I have never downloaded KazAa or KazAa-lite into this
    computer, so I am wondering... Could it be a bot posing as KazAa? It's
    weird, because I get about 300 packets containing sub-7 trojans everyday.


    > " ~¿~" <> wrote in message
    > news:pTsKa.21025$Ab2.42793@sccrnsc01...
    > > For the last few weeks KazAa has been trying to send packets which

    contain
    > a
    > > sub-7 trojan. It's being blocked by the firewall, but the thing is: I've
    > > never used KazAa in my system. Anyone have any ideas why this service

    > would
    > > be sending trojans to people who have never even been to the KazAa site?
    > >
    > > Thanks
    > >
    > >

    >
    >
    ~¿~, Jun 26, 2003
    #3
  4. RCS

    The Saint Guest

    ~¿~ wrote:

    >I get about 300 packets containing sub-7 trojans everyday.


    Would you mind elaborating on that? Please give some details on the
    packet size/contents and what port(s) it attempts to exploit.
    The Saint, Jun 26, 2003
    #4
  5. RCS

    toro Guest

    RCS wrote:

    > In my opinion both Gator and Kazaa should been baned from use as they
    > cause WAAAAAYYYYY to many issues.


    While you are right about Gator, I will have to disagree with you regarding
    Kazaa.
    Issues involved in Kazaa mostly involve spyware, and the solutions to this
    are kind of common knowledge - kazaa lite, adaware and/or spyware are all
    suggested methods.
    Other issues that may come up from Kazaa or any other program that uses p2p
    protocols such as viruses are user-specific problems. Let us not forget
    that virtual file sharing has replaced the traditional file sharing, where
    you could easily get infected from a floppy disk if you weren't cautious.

    The only other issue that comes to my mind regarding banning Kazaa would be
    the copyright laws, but this is an issue for another NG, not A.C.S. :)

    --
    __________________________________________________
    \_______torowbm AT /__ / ACK and thou_______/
    \_____otenet DOT / / shall receive_____/
    \_____gr /_/ RLU#306453_____/
    toro, Jun 27, 2003
    #5
  6. RCS

    toro Guest

    RCS wrote:

    > In my opinion both Gator and Kazaa should been baned from use as they
    > cause WAAAAAYYYYY to many issues.


    While you are right about Gator, I will have to disagree with you regarding
    Kazaa.
    Issues involved in Kazaa mostly involve spyware, and the solutions here
    are kind of common knowledge - kazaa lite, adaware and/or spybot are all
    suggested methods.
    Other issues that may come up from Kazaa or any other program that uses p2p
    protocols such as viruses are user-specific problems. Let us not forget
    that virtual file sharing has replaced the traditional file sharing, where
    you could easily get infected from a floppy disk if you weren't cautious.

    The only other issue that comes to my mind regarding banning Kazaa would be
    the copyright laws, but this is an issue for another NG, not A.C.S. :)

    --
    __________________________________________________
    \_______torowbm AT /__ / ACK and thou_______/
    \_____otenet DOT / / shall receive_____/
    \_____gr /_/ RLU#306453_____/
    toro, Jun 27, 2003
    #6
  7. On 26 Jun 2003 04:14:49 -0000 I replied to
    <Use-Author-Address-Header@[127.1]> on a piece of toilet paper
    while scribbling their name and phone number on the bathroom wall
    in alt.computer.security

    >
    >Kazaa is known to have ad/spyware installed. Kazaa Lite
    >(http://www.kazaalite.tk/) is a rogue version of Kazaa with the ad/spyware
    >hacked out of it and it works just as well (probably better without the
    >adware drag).


    MUCH better if you ask me. I haven't had a single problem with it,
    other than finding idiots sending me 100 meg articles on a dial-up
    modem.

    --
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    If you think you know me, you don't.
    .........Satirically yours
    **
    Worst feeling in the world? Sliding down
    a 51 foot razorblade into a pool of Gin.

    Best feeling in the world? Watching your nemesis Sliding
    down a 51 foot razorblade into a pool of Gin.--GroveGnome
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Just Plain Insane, Jun 27, 2003
    #7
  8. RCS

    Dave Korn Guest

    "The Saint" <-c.pbz> wrote in message
    news:-p.com...
    > ~¿~ wrote:
    >
    > >I get about 300 packets containing sub-7 trojans everyday.

    >
    > Would you mind elaborating on that? Please give some details on the
    > packet size/contents and what port(s) it attempts to exploit.
    >


    I think we have a firewall newbie here. IIRC Kazaa uses a range of ports,
    one of which matches the default Sub7 port. So what the OP is presumably
    seeing is actually connect-attempts to a port that the fwall describes as
    being used by Sub7; they don't 'contain' the trojan, but under different
    circumstances might be construed as attempts to access a Sub7 if there was
    one installed on OP's machine.

    OP: You've probably just picked up an IP address from your ISP that was
    previously being used by someone who was in the middle of a Kazaa session
    with some other machines. They must have suddenly gone offline without
    shutting down Kazaa, and when you came online and got the IP address they
    had been using, the other Kazaa peers kept sending packets because they
    didn't know it was now a different machine. Just let your firewall block
    the packets and don't worry about it.


    DaveK
    --
    moderator of
    alt.talk.rec.soc.biz.news.comp.humanities.meow.misc.moderated.meow
    Burn your ID card! http://www.optional-identity.org.uk/
    Help support the campaign, copy this into your .sig!
    Proud Member of the Exclusive "I have been plonked by Davee because he
    thinks I'm interesting" List Member #<insert number here>
    Master of Many Meowing Minions
    Holder of the exhalted PF Chang's Crab Wonton Award for kook spankage above
    and beyond the call of hilarity.
    PGP Key-ID: 0x0FB504D1 Fingerprint 04B7 2E8C 0245 680E 6484 C441 CEC7 D2BD
    Dave Korn, Jun 28, 2003
    #8
  9. RCS

    An Metet Guest

    " ~¿~" <> wrote in message
    news:UBvKa.22437$3d.13481@sccrnsc02...

    > Nope, no Gator. I have never downloaded KazAa or KazAa-lite into this
    > computer, so I am wondering... Could it be a bot posing as KazAa? It's
    > weird, because I get about 300 packets containing sub-7 trojans everyday.


    Most likely you are simply being probed. A lot of hack attempts will probe
    known ports of thousands of computers in the hopes of eventually finding
    one with an open port it can exploit. I would suggest testing your machine
    for open ports using a port scanner.

    The Gibson Research Center has a web-based port scanner that will do the
    job for you (https://grc.com/x/ne.dll?bh0bkyd2). I highly recommend it.
    Installing a firewall will not only help block incoming traffic but
    firewalls like Zone Alarm and Kerio will allow you to block outgoing
    traffic as well in case you have a trojan somewhere.

    Do a web search for Ad-Aware and Spybot Search and Destroy in order to
    locate any possible trojans and spyware on your computer. I'm sure I'm
    missing some, but these will be good steps in the right direction.
    An Metet, Jun 29, 2003
    #9
  10. RCS

    The Saint Guest

    Dave Korn wrote:

    >"The Saint" <-c.pbz> wrote in message
    >news:-p.com...
    >> ~¿~ wrote:
    >>
    >> >I get about 300 packets containing sub-7 trojans everyday.

    >>
    >> Would you mind elaborating on that? Please give some details on the
    >> packet size/contents and what port(s) it attempts to exploit.
    >>

    >
    >I think we have a firewall newbie here.


    I believe you're right. I was wondering how he would explain "300
    packets containing sub-7 trojans". <g>
    The Saint, Jun 30, 2003
    #10
  11. RCS

    Jessica Guest

    I use www.dnsredirector.com to prevent P2P File Sharing software and other
    spyware from being used / installed on my clients networks

    If anyone out there has some more keywords (domain names) to block let me
    know. (just reply here)
    Also, is there a website or list of more blocking keywords for this program
    or others like it?
    (although I must say thier 'sample' keywords block 99.9% of the crap I'm
    worried about)

    Jessica

    "RCS" <> wrote in message
    news:...
    > have you had Gator on the system?
    > i have just finished cleaning a client site that had this same sot of
    > problem and it all started with Gator.
    > In my opinion both Gator and Kazaa should been baned from use as they

    cause
    > WAAAAAYYYYY to many issues.
    >
    > check in your registery to make sure that it is not on the system
    >
    > " ~¿~" <> wrote in message
    > news:pTsKa.21025$Ab2.42793@sccrnsc01...
    > > For the last few weeks KazAa has been trying to send packets which

    contain
    > a
    > > sub-7 trojan. It's being blocked by the firewall, but the thing is: I've
    > > never used KazAa in my system. Anyone have any ideas why this service

    > would
    > > be sending trojans to people who have never even been to the KazAa site?
    > >
    > > Thanks
    > >
    > >

    >
    >
    Jessica, Jul 5, 2003
    #11
  12. RCS

    sponge Guest

    On Sat, 5 Jul 2003 08:26:54 -0500, "Jessica"
    <> wrote:

    >I use www.dnsredirector.com to prevent P2P File Sharing software and

    other
    >spyware from being used / installed on my clients networks
    >
    >If anyone out there has some more keywords (domain names) to block

    let me
    >know. (just reply here)
    >Also, is there a website or list of more blocking keywords for this

    program
    >or others like it?
    >(although I must say thier 'sample' keywords block 99.9% of the crap

    I'm
    >worried about)
    >
    >Jessica


    Well, if you want to block P2P, you should also block Remote and Local
    Ports 1214 (KaZaa, others), 6346 (Limewire), and 6699 (WinMX), in your
    cleint's firewalls. It won't stop savvy users with the newer versions,
    but it will stop the older versions of this software as well as the
    less-savvy folks who don't know to use non-standard ports for P2P.

    DNSredirector looks almost exactly like DNSKong, which I support and
    for which I maintain updated lists. Feel free to use my named.txt
    file, although nothing on my list is specifically keyed towards
    stopping P2P itself; my main concern is the spyware and ad sites.

    Sponge
    Sponge's Anti-Spyware Source
    www.geocities.com/yosponge
    sponge, Jul 6, 2003
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Belinda

    Kazaa Download Query

    Belinda, Mar 3, 2005, in forum: Firefox
    Replies:
    18
    Views:
    873
    Justin
    Mar 11, 2005
  2. Cindy

    Error when trying to open Kazaa

    Cindy, May 31, 2004, in forum: Microsoft Certification
    Replies:
    1
    Views:
    475
    Guest
    Jun 2, 2004
  3. =?Utf-8?B?VGVqYXk=?=

    Cannot view kazaa website

    =?Utf-8?B?VGVqYXk=?=, Aug 17, 2004, in forum: Microsoft Certification
    Replies:
    6
    Views:
    516
    Guest
    Aug 18, 2004
  4. mimiseh

    Blocking Kazaa traffic by ISP

    mimiseh, Oct 22, 2003, in forum: Cisco
    Replies:
    15
    Views:
    1,668
    DigitalVinyl
    Nov 17, 2003
  5. P
    Replies:
    7
    Views:
    3,772
Loading...

Share This Page