114006

I'm really pissed off this week! My computer has been invaded by SpyWare!

March 25th, 2000 10:17 PM

I won't get into details, but I had to turn off my firewall to run some tests to find out what is hidden inside my computer...

...and my assumptions were right. Something was hidden! Some kind of SpyWare.

And guess what folks, it can happen to anyone of us.

Though the doors are now under lock and key, it's kind of like sleeping with the enemy. The enemy woke up and did some damage. Nothing serious, but it makes you kind of think why would somebody do this?

Why would these scanners to this? I'm no big shot (believe me).

I'm not trying to alarm anybody... but there are more reports of immature hackers (real hackers probably don't go for small fries like us) doing damage to anybody... ANYBODY!

This is not right. And don't think a Virus Scanner helps... because this is totally different from a Virus.... it's more like a Trojan? Or a Back Orfice (I think that's the name of it).

Anyways, I'm just pissed off. I still have to do some more work in fixing this problem... and even then I'm not really sure if I'm 100% protected (nobody is).

I'll keep all of you updated.

Danziger :^)

114007

March 25th, 2000 11:13 PM

I've got some friends that even coded a trojan and do some hacking too (i tried it a few times but it simply was no fun). I can guarantee you that no real hacker will try to fry you, it's those small damn freaks that download a trojan somewhere and toy around with it. There will always be some of those suckers.
Get Lockdown2000(.com) it's a very good internet protection tool you can really trust.
TNT

Tciny

114008

March 25th, 2000 11:37 PM

Get OptOut ( http://grc.com/optout.htm ).

It detects (and optionally removes) Spyware and all that crap Aureate puts on your computer / in your registry.
But be carefull, some freeware / shareware (Go!zilla, unregistered CuteFTP) won't work anymore after you've removed the Aureate crap.

Even if you're not going to download OptOut, it's a really REALLY good idea to have your ports scanned on http://www.grc.com/ .
You'd be suprised...

Anyways, Danziger... what firewall do you use ? I use ZoneAlarm and am quite happy with it.

Krusty

114009

March 26th, 2000 12:29 AM

ZoneAlarm is great! No regrets. But, you should close your NetBios port (Port 139).

All Windows9x computers have everything binded to everything. That is just bad!

The details are at grc.com's ShieldsUp site.

Danziger :^)

114010

March 26th, 2000 12:35 AM

http://grc.com/su-bondage.htm

Network Bondage... it's no short read... please read everything thoroughly and carefully.

Danziger :^)

114011

March 26th, 2000 01:56 AM

Get Black ICE. It's a very good tool to give you highly advanced security. http://www.networkice.com/Products/BlackICE/default.htm

114012

March 26th, 2000 02:41 AM

BlackICE is a really great way to get paranoid fast.
Getting 10 (mostly useless) warnings a day is no exception.

ZoneAlarm just puts all your ports on STEALTH so they appear none-existant to the outside world.

I've tried both, but ZoneAlarm is waaay better.

Krusty

114013

March 26th, 2000 09:39 AM

I recommend EVERYBODY to close Port 139 (NetBios Port, I believe).

Go to that site I recommend above. Yes, it's a long read... but if you really want to feel safe (you never know if you may get a program crash)... then what is 30 minutes reading compared to 8 hours of getting rid of parasites!

Danziger :^)

114014

March 26th, 2000 09:50 AM

http://grc.com/su-rebinding9x.htm

Get right to the chase if you are using Windows9x. There's one for Windows NT... go to my link above about Network Bondage... scroll down the page... and click on WinNT.

I hope this helps everybody.

Oh yeah, make sure you do the ShieldsUp test!
And check your probes!

Danziger :^)

114015

March 26th, 2000 09:59 AM

Well, I did a test at Shields Up, here're my results (with Black ICE):
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

Port probe test:
Port
Service
Status Security Implications



21
FTP
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

23
Telnet
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

25
SMTP
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

79
Finger
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

80
HTTP
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

110
POP3
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

113
IDENT
Closed Your computer has responded that this port exists but is currently closed to connections.

139
Net
BIOS
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

143
IMAP
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

443
HTTPS
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!