Re: Spyware going thru firewall
From: Art Kopp (artnpeg@nowhere.com)Date: 06/29/02
- Next message: Tack: "Re: (NIS/NPF) Event log and other issues."
- Previous message: Rufio: "Re: Windows Explorer is trying to access the Internet"
- In reply to: qqqqqqqqqq: "Spyware going thru firewall"
- Next in thread: qqqqqqqqqq: "Re: Spyware going thru firewall"
- Reply: qqqqqqqqqq: "Re: Spyware going thru firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: artnpeg@nowhere.com (Art Kopp) Date: Sat, 29 Jun 2002 17:33:06 GMT
On Sat, 29 Jun 2002 10:08:03 -0700, "qqqqqqqqqq" <sfdASF@dfgagf>
wrote:
>I worked in a high tech company and network guys send me to my home address
>an email with link to trap web page which I opened (as was kind of naive, it
>said you have a postcard..). That thing installed something no my PC, it
>seems some kind of virus or spyware that was logging my internet profile
>(web sites + newsgroups visited) and emailing it to them. That was claimed
>to be done "for security reasons"....
So your first mistake is having _any_ active content enabled in IE
then it seems.
>I was regularly using antiviral (Norton corporate version) and had firewall
>(zone alarm). I thought that is sufficient, but it seems it was not.
Don't depend on software protection.
>>From conversations I figured out that they cooked something on their own,
>like ActiveX or VBS, but I do not know what exactly.
Not VBS. Browser scripting is different from WSH's Visual Basic
Script.
>I could not find it.
>What is puzzeling me is that that thing was going thru firewall - that
>suggests that thing was not independent process, but inside some other
>process (?).
You let yourself get infected so the malware can do anything it
"wants" such as disabling your firewall and any antivirus programs you
have installed.
>Could someone give me advice:
>
> 1.. where to look for virus?
May not be a virus but a Trojan. Try other av scanners and/or Trojan
specific scanners in case it is a known malware. If that approach
fails, try the startup axis viewer available at my web site (only for
Win 9x/ME though). You could post its startup.log file here and we may
be able to help you identify something unusual.
> 2.. how it works?
Remains to be seen.
> 3.. how is it going thru firewall?
Either through disabling it or by "riding on" a program you have
permitted to access the internet. See my web site for several firewall
leak test programs.
Art
http://www.epix.net/~artnpeg
Reply to address should work.
- Next message: Tack: "Re: (NIS/NPF) Event log and other issues."
- Previous message: Rufio: "Re: Windows Explorer is trying to access the Internet"
- In reply to: qqqqqqqqqq: "Spyware going thru firewall"
- Next in thread: qqqqqqqqqq: "Re: Spyware going thru firewall"
- Reply: qqqqqqqqqq: "Re: Spyware going thru firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
