god damn spyware
- Thread starter lancer
- Start date
Mastershakes
OSNN Veteran Addict
- Joined
- 6 Jul 2004
- Messages
- 1,721
LeeJend said:
You are correct sir. That's exactly what happened. Time to tighten ye old network security.
We had a bunch of spyware by Integrated Search Technologies (here in Montreal, anybody up for a fun firebombing?) troop in on some adware trojans and run rampant on one of our client's networks. Short term we closed ports, and had to vamp up workstation security (push a fix, force update of virus defs) then reopen the ports (we need them opened)
- Joined
- 7 Oct 2004
- Messages
- 3,093
you know muzikool not to cause an arguement, but they cannot be used interchangeably, they are two different things, your network is not the internet, it would be like calling a DVD player a VCR. No dobut others will side with you but its just not correct. Thanks anyway.
Mastershakes
OSNN Veteran Addict
- Joined
- 6 Jul 2004
- Messages
- 1,721
who whizzed in yer cornflakes.
"i just formatted and reinstall xp pro at work and within 5 mins my computer was ransacked by spyware, i updated it fully sp2"
you are on a frickin network g.
was it a slipstream install of XP SP2? better have been. and your network cable was unplugged during this time correct?
if you used windows update without going into IE - c'est bon/ das is good.
if you used it within IE, first thing, then msn.com would not hit you with spyware. (default home page if not tinkered with)
Hence: the network infected you before you patched up. some schmoe on the network is not patched up and will continue to use bandwidth and infect pcs that are vulnerable.
solutions - audit all pcs on network, make sure they are patched against the net exploits. also, use an image to reformat, reinstall pcs at work. that way you can have it all patched up from the get go, once completed just plug ze net cable back in.
Muzi - I prefer to call it 'ze puternet' hehehe
"i just formatted and reinstall xp pro at work and within 5 mins my computer was ransacked by spyware, i updated it fully sp2"
you are on a frickin network g.
was it a slipstream install of XP SP2? better have been. and your network cable was unplugged during this time correct?
if you used windows update without going into IE - c'est bon/ das is good.
if you used it within IE, first thing, then msn.com would not hit you with spyware. (default home page if not tinkered with)
Hence: the network infected you before you patched up. some schmoe on the network is not patched up and will continue to use bandwidth and infect pcs that are vulnerable.
solutions - audit all pcs on network, make sure they are patched against the net exploits. also, use an image to reformat, reinstall pcs at work. that way you can have it all patched up from the get go, once completed just plug ze net cable back in.
Muzi - I prefer to call it 'ze puternet'
heheheMastershakes
OSNN Veteran Addict
- Joined
- 6 Jul 2004
- Messages
- 1,721
Fair nuff, what's our conclusion then? It burns It burns !!
- Joined
- 13 Feb 2002
- Messages
- 854
Slipstream SP2 into XP. Reformat. Reinstall.
Chances are, while you're taking that time to download and install the Windows Updates, your IP address is sought out and they end up exploiting vulnerabilities to force you to download spyware.
Melon
Chances are, while you're taking that time to download and install the Windows Updates, your IP address is sought out and they end up exploiting vulnerabilities to force you to download spyware.
Melon
Mastershakes
OSNN Veteran Addict
- Joined
- 6 Jul 2004
- Messages
- 1,721
Exactly Melon, slipstream, c'est le way.
nothing? hehe. what a thread. muzi I agree... a good reference. cmon lance, see the logic...
here we go.
BTW if you have no firewall at work, I'm dead wrong.
hehe. it was your network.
as melon intoned - "your IP address is sought out and they end up exploiting vulnerabilities to force you to download spyware" - your network's firewall would have (or should have) stopped that unless you initiated the request, and your internal IP would not be viewable from outside. Some pc(s) running on your network used (since patched in '04 by MS) some port exploits to spread to your comp. Once in, they initiate the requests out to the vast puternet(work teehee) - voila - spyware. I know you didn't surf at all, just Windows Update. As melon said, in that short time, your own network betrayed you. The firewall, I trust, stayed intact.
last year Gaobot (look the f*&^er up) got loose on one of our client's networks. it exploited a vulnerability in the print spooler service - travelling along port 135 it looked for any open print shares. It would then initiate 1000 pages of garbage text, and fill up the queue. Printers printed until they ran outta paper. We closed port 135 (which cut all their network drive access) and isolated the culprits (infected PCs). Unsharing the printer on these PCs quieted down the barrage, then we pushed a definition fix from Norton. It took about a week, as we had to reopen 135 so they could have their net shares back..... some rogue PCs still had it a month later. We would just take away their IP, and send someone to see them. Once updated offline, we'd allow them back on.
bottom line, it started from within, a user infected their laptop, and brought it in to work. It was like dropping a pebble in a fast moving stream ---- the thing turned into a snowball in seconds and bogged down the network. Guess that's why they are called trojans. The beauty was it used a port that we cannot close permanently. grrrr. they get better and better. Gaobot wreaked havoc on the printers, and allowed several of the nastier coolwebsearch type spywares in.
nothing? hehe. what a thread. muzi I agree... a good reference. cmon lance, see the logic...
here we go.
BTW if you have no firewall at work, I'm dead wrong.
hehe. it was your network.
as melon intoned - "your IP address is sought out and they end up exploiting vulnerabilities to force you to download spyware" - your network's firewall would have (or should have) stopped that unless you initiated the request, and your internal IP would not be viewable from outside. Some pc(s) running on your network used (since patched in '04 by MS) some port exploits to spread to your comp. Once in, they initiate the requests out to the vast puternet(work teehee) - voila - spyware. I know you didn't surf at all, just Windows Update. As melon said, in that short time, your own network betrayed you. The firewall, I trust, stayed intact.
last year Gaobot (look the f*&^er up) got loose on one of our client's networks. it exploited a vulnerability in the print spooler service - travelling along port 135 it looked for any open print shares. It would then initiate 1000 pages of garbage text, and fill up the queue. Printers printed until they ran outta paper. We closed port 135 (which cut all their network drive access) and isolated the culprits (infected PCs). Unsharing the printer on these PCs quieted down the barrage, then we pushed a definition fix from Norton. It took about a week, as we had to reopen 135 so they could have their net shares back..... some rogue PCs still had it a month later. We would just take away their IP, and send someone to see them. Once updated offline, we'd allow them back on.
bottom line, it started from within, a user infected their laptop, and brought it in to work. It was like dropping a pebble in a fast moving stream ---- the thing turned into a snowball in seconds and bogged down the network. Guess that's why they are called trojans. The beauty was it used a port that we cannot close permanently. grrrr. they get better and better. Gaobot wreaked havoc on the printers, and allowed several of the nastier coolwebsearch type spywares in.
Mastershakes
OSNN Veteran Addict
- Joined
- 6 Jul 2004
- Messages
- 1,721
cool yo.
listen... there is a way we can get root cause.
repeat what you did. (install xp from cd, non-slipstreamed)
put your AV program (whatever you guys are using) on a CD, along with a firewall program, and ms anti-spyware.
install those proggies, again, we are not connected yet. standalone box.
now turn on the AV realtime protection
(make sure you include an updated definition pack for it on the CD)
turn on logging on the firewall program.
turn on ms antispyware's real time protection.
(again, try to get updated defs ... unsure on how to do this with ms anti-spy)
Plug her in, and watch the alarms go off, then we get to hunt the logs.... if you have time Lancer, it'd be fun and educational.
listen... there is a way we can get root cause.
repeat what you did. (install xp from cd, non-slipstreamed)
put your AV program (whatever you guys are using) on a CD, along with a firewall program, and ms anti-spyware.
install those proggies, again, we are not connected yet. standalone box.
now turn on the AV realtime protection
(make sure you include an updated definition pack for it on the CD)
turn on logging on the firewall program.
turn on ms antispyware's real time protection.
(again, try to get updated defs ... unsure on how to do this with ms anti-spy)
Plug her in, and watch the alarms go off, then we get to hunt the logs....
if you have time Lancer, it'd be fun and educational.Mastershakes
OSNN Veteran Addict
- Joined
- 6 Jul 2004
- Messages
- 1,721
Figured as much. I go out of my way to track down their slim shady methods.
Time is always short.
Time is always short.
Members online
No members online now.
Affiliates
Latest profile posts
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone.
Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.