trojans

Discussion in 'Computer Security' started by news, Jun 27, 2004.

  1. news

    news Guest

    Can any trojan install itsellf if we just visit a website? I know Explorer
    is weak here so i use Firefox instead. Is it still possible?

    Thanks
    news, Jun 27, 2004
    #1
    1. Advertising

  2. news

    jason Guest

    It depends on what you are doing on the site, if it is a music or software
    type it will always say something like "click to accept" or "you must click
    here first" - kickme.to/fosi is an example of that. If you use Mozilla it
    gets shut of all the rubbish, just close the pop-up window and go straight
    to the download. Never accept or agree to anything on that site.
    If any site requires you to click on pop-up windows or states you must
    download and install software FIRST (such as anti-leech) or even lower your
    security settings/turn firewall off, then don't even go near it.
    You will find it is nothing more than a site that has NO content, just lists
    of lists of other sites. They go around in endless loops, link via cash
    generators and rip-off companies that think people are viewing their
    adverts!
    I use FIREFOX for that kind of site, but sites with any real content that
    you can just click on to download are few and far between now.
    Files can't install themselves, you have to be tricked into allowing them to
    be installed!
    Run a virus killer, adaware etc and remember - if a site looks too good to
    be true - it probably is.
    A lot of people in the UK were caught out when they found that clicking on
    things on websites meant they had installed a premium rate dialler. So they
    got massive phone bills, then all innocently said, "I was out, I don't know
    how it happened". What they never said or agreed to was having their
    computers examined to see which porno,music,software, other illegal sites
    they have been using - so they can hardly complain and pretend they didn't
    do anything wrong!
    They all claim to be innocent now which is funny.


    "news" <> wrote in message
    news:kKwDc.96996$...
    > Can any trojan install itsellf if we just visit a website? I know Explorer
    > is weak here so i use Firefox instead. Is it still possible?
    >
    > Thanks
    >
    >



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.711 / Virus Database: 467 - Release Date: 25/06/2004
    jason, Jun 27, 2004
    #2
    1. Advertising

  3. news

    news Guest

    "jason" <> skrev i meddelandet
    news:U5yDc.37$...
    > It depends on what you are doing on the site, if it is a music or software
    > type it will always say something like "click to accept" or "you must

    click
    > here first" - kickme.to/fosi is an example of that. If you use Mozilla it
    > gets shut of all the rubbish, just close the pop-up window and go straight
    > to the download. Never accept or agree to anything on that site.
    > If any site requires you to click on pop-up windows or states you must
    > download and install software FIRST (such as anti-leech) or even lower

    your
    > security settings/turn firewall off, then don't even go near it.
    > You will find it is nothing more than a site that has NO content, just

    lists
    > of lists of other sites. They go around in endless loops, link via cash
    > generators and rip-off companies that think people are viewing their
    > adverts!
    > I use FIREFOX for that kind of site, but sites with any real content that
    > you can just click on to download are few and far between now.
    > Files can't install themselves, you have to be tricked into allowing them

    to
    > be installed!
    > Run a virus killer, adaware etc and remember - if a site looks too good to
    > be true - it probably is.
    > A lot of people in the UK were caught out when they found that clicking on
    > things on websites meant they had installed a premium rate dialler. So

    they
    > got massive phone bills, then all innocently said, "I was out, I don't

    know
    > how it happened". What they never said or agreed to was having their
    > computers examined to see which porno,music,software, other illegal sites
    > they have been using - so they can hardly complain and pretend they didn't
    > do anything wrong!
    > They all claim to be innocent now which is funny.
    >




    But i read that recently there were some kind of spyware/trojan from Russia
    that were installed on Yahoo visitors computer. A firewall could not stop
    it. The spyware sent out information about bank account passwords.

    Apparently only those who used Explorer were targeted. Perhaps it´s all
    about security settings!?
    news, Jun 27, 2004
    #3
  4. news

    Bit Twister Guest

    On Sun, 27 Jun 2004 12:18:43 GMT, news wrote:
    >
    > But i read that recently there were some kind of spyware/trojan from Russia


    "Berbew" trojan

    > that were installed on Yahoo visitors computer.


    I kind of doubt it was caught from Yahoo.com. They are using Freebsd
    servers and the exploit was cause by a worm infecting the Microsoft's
    IIS servers using one of the multiple known IIS vulnerabilities.

    > A firewall could not stop
    > it. The spyware sent out information about bank account passwords.


    Firewall does not stop what is being brought to you by your browser.

    The Anti-virus software is the one to catch it, if it is not a day one
    virus and you have the very virus lastest database update.
    Bit Twister, Jun 27, 2004
    #4
  5. news

    news Guest

    "Bit Twister" <> skrev i meddelandet
    news:...
    > On Sun, 27 Jun 2004 12:18:43 GMT, news wrote:
    > >
    > > But i read that recently there were some kind of spyware/trojan from

    Russia
    >
    > "Berbew" trojan
    >
    > > that were installed on Yahoo visitors computer.

    >
    > I kind of doubt it was caught from Yahoo.com. They are using Freebsd
    > servers and the exploit was cause by a worm infecting the Microsoft's
    > IIS servers using one of the multiple known IIS vulnerabilities.
    >
    > > A firewall could not stop
    > > it. The spyware sent out information about bank account passwords.

    >
    > Firewall does not stop what is being brought to you by your browser.
    >
    > The Anti-virus software is the one to catch it, if it is not a day one
    > virus and you have the very virus lastest database update.




    Perhaps Process guard. Abtrusion trotector or TDS-3 will work for these new
    ones?
    news, Jun 27, 2004
    #5
  6. news

    Chuck Guest

    On Sun, 27 Jun 2004 09:49:04 GMT, "news" <> wrote:

    >Can any trojan install itsellf if we just visit a website? I know Explorer
    >is weak here so i use Firefox instead. Is it still possible?
    >
    >Thanks


    The details are here:
    <http://isc.sans.org/> (Check the articles under Relevant Links).
    Chuck
    Paranoia comes from experience - and is not necessarily a bad thing.
    Chuck, Jun 27, 2004
    #6
  7. news

    Mike Guest

    Bit Twister wrote:

    > On Sun, 27 Jun 2004 12:18:43 GMT, news wrote:
    >
    >>But i read that recently there were some kind of spyware/trojan from Russia

    >
    >
    > "Berbew" trojan
    >
    >
    >>that were installed on Yahoo visitors computer.

    >
    >
    > I kind of doubt it was caught from Yahoo.com. They are using Freebsd
    > servers and the exploit was cause by a worm infecting the Microsoft's
    > IIS servers using one of the multiple known IIS vulnerabilities.
    >
    >
    >>A firewall could not stop
    >>it. The spyware sent out information about bank account passwords.

    >
    >
    > Firewall does not stop what is being brought to you by your browser.


    <Cough> Watchguard <Cough>
    Mike, Jun 27, 2004
    #7
  8. news

    Mimic Guest

    "news" <> wrote in message
    news:DWyDc.97000$...

    > But i read that recently there were some kind of spyware/trojan from

    Russia
    > that were installed on Yahoo visitors computer. A firewall could not stop
    > it. The spyware sent out information about bank account passwords.
    >
    > Apparently only those who used Explorer were targeted. Perhaps it´s all
    > about security settings!?
    >
    >
    >
    >


    Youre far to coherent to be tracker ;P

    --
    Mimic

    Social Engineering - Because theres no patch for human stupidity.
    ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== ( www.hidemyemail.net )
    "Without knowledge you have fear. With fear you create your own nightmares."
    "He who controls Google, controls the world".
    Mimic, Jun 28, 2004
    #8
  9. news

    madmax Guest

    news wrote:

    > Can any trojan install itsellf if we just visit a website? I know Explorer
    > is weak here so i use Firefox instead. Is it still possible?
    >
    > Thanks
    >
    >

    check here
    http://www.digicrime.com/noprivacy.html
    Very interesting
    -max

    --
    To help you stay safe see:
    http://www.geocities.com/maxpro4u/madmax.html
    This message is virus free as far as I can tell.
    Change nomail.afraid.org to neo.rr.com so you can reply
    (nomail.afraid.org has been set up specifically for
    use in Usenet. Feel free to use it yourself.)
    madmax, Jun 28, 2004
    #9
  10. news

    johns Guest


    > check here
    > http://www.digicrime.com/noprivacy.html
    > Very interesting
    > -max


    Not funny Max! I just reported this sight to
    the Feds as malicious. If this site is trying to
    prove something, then it had damn well better
    be careful in how it presents itself.

    johns
    johns, Jun 28, 2004
    #10
  11. news

    johns Guest

    Yes. Latest and meanest hack out there is on commercial
    web sites pushing trojans. If you see anything specific,
    report it back to this group. Bunch of us watching this
    now.

    johns
    johns, Jun 28, 2004
    #11
  12. news

    Leythos Guest

    In article <cboih3$13kp$>, says...
    > Yes. Latest and meanest hack out there is on commercial
    > web sites pushing trojans. If you see anything specific,
    > report it back to this group. Bunch of us watching this
    > now.


    Not sure, but if you are talking about the latest IIS hack that uses IIS
    web servers to push trojans to your Windows box, then I may have found
    how it's being installed on web servers.

    We had a new client call us about problems with their site, NAV was
    detecting a trojan in every image when viewers hit the site. They had
    all patches, and updated AV software. From the AV logs (corporate
    version) it appears that a user with a laptop had downloaded a bunch of
    something that created a sub/java path in his profile and each file was
    infected with the trojan, out of 100+ users in the network he was the
    only one. The server infected with the same trojan, but no where else in
    the company....

    Removal was as simple as stopping IIS, running AV, removing the web site
    footer (since it wasn't being used anyway) option, and restarting. Found
    one dll in the footer of every site that was created.

    --
    --

    (Remove 999 to reply to me)
    Leythos, Jun 28, 2004
    #12
  13. news

    Bit Twister Guest

    On Mon, 28 Jun 2004 00:45:29 -0700, johns wrote:
    >
    >> check here
    >> http://www.digicrime.com/noprivacy.html
    >> Very interesting
    >> -max

    >
    > Not funny Max! I just reported this sight to
    > the Feds as malicious.


    What an idiot.

    I assume you are in this newsgroup trying to learn how
    to secure you system. The site gave you proof how secure your system
    and/or information is.

    > If this site is trying to prove something, then it had damn well
    > better be careful in how it presents itself.


    I went in through the front of the site and played with the exploits
    links. Each exploit warned you up front. What the h*ll do you want.

    I know, all they have to do is provide an End User Licence like
    Microsoft and they will be home free.

    Never click on a link without looking at the main entry
    point first. It is your damned fault for clicking on the provided link.

    Any site which shows the problems with software is good. Bad press
    will get the bugs fixed pretty quick.
    Bit Twister, Jun 28, 2004
    #13
  14. news

    Jim Watt Guest

    On Mon, 28 Jun 2004 12:28:12 GMT, Bit Twister
    <> wrote:

    >On Mon, 28 Jun 2004 00:45:29 -0700, johns wrote:
    >>
    >>> check here
    >>> http://www.digicrime.com/noprivacy.html
    >>> Very interesting
    >>> -max

    >>
    >> Not funny Max! I just reported this sight to
    >> the Feds as malicious.

    >
    >What an idiot.
    >
    >I assume you are in this newsgroup trying to learn how
    >to secure you system. The site gave you proof how secure your system
    >and/or information is.
    >
    >> If this site is trying to prove something, then it had damn well
    >> better be careful in how it presents itself.

    >
    >I went in through the front of the site and played with the exploits
    >links. Each exploit warned you up front. What the h*ll do you want.
    >
    >I know, all they have to do is provide an End User Licence like
    >Microsoft and they will be home free.
    >
    >Never click on a link without looking at the main entry
    >point first. It is your damned fault for clicking on the provided link.
    >
    >Any site which shows the problems with software is good. Bad press
    >will get the bugs fixed pretty quick.


    As far as I can see its an old exploit for Netscape 3 ? When using
    that I programmed in an email address of
    good luck to anyone who ever captured that.

    Whats the 'infected image' stuff about?
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Jun 28, 2004
    #14
  15. news

    Bit Twister Guest

    On Mon, 28 Jun 2004 19:15:46 +0200, Jim Watt wrote:

    > As far as I can see its an old exploit for Netscape 3 ? When using
    > that I programmed in an email address of
    > good luck to anyone who ever captured that.


    I have loaded Mozill.org's Firefox 0.8 on Mandrake linux.
    All the mail attempts trapped out with mailto is not a registered protocol

    I was enjoying playing with the exploits, up to where it said
    something like "Check if we can update Autoexec.bat" and I saw a "I guess so".
    Had to stop and go look in the XP directory to see what may have
    happened if anything. First time I ever looked at it. Zero byte length
    showed with the ls command.
    I quickly looked at my backup partition, saw the same thing.
    Had me going for a minute.

    My solution to possible browser exploits is to create seperate login
    accounts for isp account access, credit cards, banking, surfing,
    email.... When I login to the account I have it kickup the browser,
    newsreader, email whatever I setup the account for using .bash_profile.

    When I exit the browser accounts, .bash_logout deletes the
    subdirectories/files and untars a new copy of a pristine browser setup
    for next time.

    Instead of bookmarks I keep a ascii file of urls with keywords to
    search with.

    > Whats the 'infected image' stuff about?


    No idea, I gave up trying to keep up with all the ways Micro$not can get
    infected. When Realplayer and pdf documents can infect your system it's time
    to drop the OS.
    Bit Twister, Jun 28, 2004
    #15
  16. news

    Bill Unruh Guest

    "johns" <> writes:


    ]> check here
    ]> http://www.digicrime.com/noprivacy.html
    ]> Very interesting
    ]> -max

    ]Not funny Max! I just reported this sight to
    ]the Feds as malicious. If this site is trying to
    ]prove something, then it had damn well better
    ]be careful in how it presents itself.


    Digicrime has been in operation for about 10 years now. Their whole purpose
    is to make you aware of security problems.
    Bill Unruh, Jun 28, 2004
    #16
  17. news

    johns Guest

    What I am seeing is ability to edit the actual web page
    itself. At Mwave.com there was a link to a page that
    had appended right after the last <html> marker, the
    actual code that redirected the user who clicked on
    that link to a server in the Netherlands ( ip address and
    everything ) that connected to the user and simply
    pushed a trojan ( keybd logger ). Mwave had a fire
    wall that kept them from seeing the trojan going to
    their customer, and the customer never left the Mwave
    page. It was simple to see it come down since I
    was not behind the Mwave firewall, and I had f-secure
    ( uptodate hourly ) running .. which spotted it instantly.
    I simply looked at the web page code ..and there the
    poop was. Now, CNN and the Gov are reporting
    that they went to Russia and took the box down.
    How the heck did that bunch manage to directly
    edit the Mwave web site ??? This wasn't some internal
    hack from and angry employee. And the Feds reported
    that many commercial sites were broken into by this
    Russian ( Netherlands ) box, and it was logging customer
    data from those companies. Full report and links are
    on ZDNET. Everybody with uptodate AV must have
    spotted it. We drove Mwave crazy until they went off
    line and fixed it ... then I CALLED them and ordered
    my new ATI Radeon 9600XT .. Hooha! Far Cry is
    looking good!

    johns
    johns, Jun 28, 2004
    #17
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Barry Vee

    Re: eTrust EZ Antivirus and Trojans

    Barry Vee, Aug 4, 2003, in forum: Computer Support
    Replies:
    14
    Views:
    732
    Robert de Brus
    Aug 5, 2003
  2. @}-}-------Rosee

    Re: eTrust EZ Antivirus and Trojans

    @}-}-------Rosee, Aug 4, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    455
    @}-}-------Rosee
    Aug 4, 2003
  3. °Mike°

    Re: eTrust EZ Antivirus and Trojans

    °Mike°, Aug 4, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    460
    °Mike°
    Aug 4, 2003
  4. Mike
    Replies:
    3
    Views:
    504
    S.Heenan
    Aug 23, 2003
  5. Frank Clement-Lorford

    Bloody Trojans and their wooden horse!!!

    Frank Clement-Lorford, Sep 2, 2003, in forum: Computer Support
    Replies:
    4
    Views:
    526
    John and Pat Ochenduszko
    Sep 3, 2003
Loading...

Share This Page