The Trackers First Review Response

From: removevalid (_at_yahoo.com)
Date: 09/21/03 

Date: Sun, 21 Sep 2003 17:16:28 +0400

The following is from a reviewer with the nick name of "Jack"

> THE BEST KEPT SECRETS OF THE COMPUTER UNDERGROUND:
>
> Remember, you heard this from me first. Installing a backdoor for
> future and continued access to your computer system is simple once a
> computer system is compromised. Here are the "Malicious Hackers Best
> Kept Secrets"!

True statement. Once a hacker has compromised your system the typical
goal is to keep the system available for future use. However, this
information is available on the Internet and has been a common practice
for over 20 years.

ME: As a person who was unaware of this, it was a shock. I thought of
the many people as myself who this was happening to. Looked at all the
hacker books written and noticed none approached it from a "basic
computer user" skill level. All books are written by security experts
and written so sophisticated that unless your knowledge was on their
level a person was left out in left field wondering what are these
people talking about. I’ve approached this in a way, simple, tested,
results that anyone can understand. The basic computer user with no
knowledge of these things, a first for them, but something to be
addressed. Learning what the Internet has to offer a basic user isn’t
an easy task to discover. Look at all the basic and simple questions
people ask in Usenet alone.
Well, why haven’t experts written a book and included them with new
computers warning people about hackers and what to do to make your
computer secure. A product is made and sold for money, never telling
people there could be problems, how to approach it and how to prevent
forth coming issues. Money with no thought of people is taken into
consideration; that’s wrong. My concern is the people and how to
prevent these problems. I experienced the shock and pain and decided to
see if I could stop this from happening to others. Anger, frustration
and curiosity helped me write my book.

> They install a Trojan Horse which disables your anti-virus and
> firewall protection; also, they install a second set of their own
> hidden firewall application(s) to protect their Virtual Private
> Network(s). The point that I am trying to make is this, you can check
> your system for a Backdoor, Trojan Horse, Virus, or Worm until your
> blue in the face, you wouldn’t find any. The hackers own firewall
> application(s) can be installed on your hard drive in a hidden folder
> and the only way you would know it’s there is by going to your Control

> Panel, Folder Options, View, Show All Files and Folders (Windows ME
> and earlier).

Typically once a system is compromised, there is little need to install
another backdoor or a trojan that could be detected by AV software. All
AV software will detect known trojans.

ME: If all AV applications can detect known trojans, then how did the
Backdoor Redwood Broker along with six or seven Trojan Horses appear on
my computers while running PC-Cillian and Nortons? My perspective is
this - most Windows users don’t disable a number of services, including
file and print sharing. A hacker comes along and installs a Backdoor
and Trojan Horse, including a Virtual Private Network(s), but the basic
user hasn’t even installed any anti-virus application at this point and
their computer is already hacked/owned. You can’t install anti-virus
applications on a hacked or owned computer and expect them to function
properly and alert you to virus attacks. There was not even a handful
of virus alerts from either PC-Cillian or Nortons which showed any
alerts in 2.5 years. See the firewall log below which derived from the
hackers firewall application. While my systems were running two Virtual
Private Networks, Steve Gibsons site and Securityspace was used to test
for open ports. Securityspace on "one" occasion only revealed port 5000
open while testing for over a six month period. Steve Gibsons site
revealed port 110 opened during the same testing period. The only
application open at the time was Netscape 4.7. This told me that a
hacker was using an e-mail application which was on my computer at
"the time the port scanning was being performed". Out of the "two
years" of port scanning my computer, God decided to pick only these two
moments to help me along the path to discover what
 "No One Else In This World Has Discovered".

You don’t go on to explain why this happens, the cause and effect to
users, only that it happens. This is what I’m talking about. The extra
minute it would take to go into a little more detail and testing you’ve
done and what these tests show you. Why can’t a man express a little
more information when responding? It’s got my curiosity going, when
looking at questions posted on the Internet and viewing the male and
female responses.
Proper configuration and operation of a firewall, awareness of the
services running on your computer and other simple best practices for
computer security will eliminate the ability of anyone to compromise
your system to begin with.

ME: My book was written mainly for the basic computer user, not high
tech specialists. My first firewall installed was a free copy of Zone
Alarm. Basic computer users have no reason to be aware of which Window
services are running or to know basic practices for security. In my
possession is a listing of 80,000+ computer victims running a million
different Open Ports, Backdoors and Trojans. Yes, 80,000+! Them words
should speak for themselves. Hell, "France Telecom" had two Networks or
Servers with Backdoors or Trojans on them. I contacted CERT and then
the FBI about this so this company could be notified and hopefully have
them removed. The malicious hackers sure were pissed at me for
discovering this. Their IP addresses are listed in my book. By using
the free Zone Alarm, it was noticed that you had to leave the "Security"
setting to medium. So what good is a firewall when your computer is
already hacked or owned. Many of the firewall logs from victims are
published in my book.

MOM: I showed my mother your answer and she has only the skills to
operate a basic computers on/off button, icons and she plays a few
games. Jack, I like my computer for my games and your words about
configuration and operation of a firewall are all greek to me. And may
be to thousands of other computer users as well. We like explanations
of what a configuration is, how it works and it’s purpose; the same with
firewalls. People assume too much today, not all of us work on the same
plato. If you do something in a simple way that everyone can
understand, you have accomplished something. Thanks for listening to an
older person who typed on a manual typewriter instead of a keyboard.

Hackers have no need to add additional firewalls to your system. A
firewall is designed to block traffic. Adding another layer that could
prevent access to an already compromised system will only hinder future
use of the system. Running multiple firewalls makes no sense whatsoever.

ME: The additional Blackice firewall proved to me that it was probably
connected to the Virtual Private Network(s). Granted, your answer
should have been correct, but the Blackice firewall on my computer
proved that one firewall was mine and another belonged to a hacker; so
your statement that a firewall blocks traffic and could prevent access
is wrong. It didn’t hinder future use of the system (my book shows
resources used) and they continued to utilize this avenue. I have
actual logs showing this and sorry you have problems understanding my
findings. A few of the logs had other computer IP addresses which
weren’t owned by me. I also ran a copy of Blackice Defender while Zone
Alarm was present on a system. Here is an excerpt from the weirdest
firewall log I’ve ever seen in my life. The date and time changes will
"finally explain to computer users why it’s important for hackers to
continually change these to make tracking hacker activity hard to
accomplish".

## 2001-11-16 04:08:40 8 Filter failed 0.0.0.0 0.0.0.0
39 2001-10-29 05:11:24 2003016 RPC TCP port probe 12.31.46.80
65.12.236.49 port=111&reason=Firewalled
39 2001-08-02 00:48:34 2003001 HTTP port probe 128.130.180.4
ESRPC18 63.231.61.20 port=80&reason=Firewalled
59 2001-10-29 09:19:18 2003105 SubSeven port probe 128.193.138.14
138-14.RCN.ORST.EDU 65.12.236.49
port=1243|27374&name=Sub_7_2|Sub_7&reason=RSTsent
39 2001-11-19 08:43:02 2003102 TCP port probe 128.6.18.142
albite.rutgers.edu 65.12.236.49 port=10008&reason=Firewalled
39 2001-11-26 10:26:22 2003102 TCP port probe 130.127.4.234
65.12.236.49 port=515&reason=Firewalled
39 2001-08-04 13:32:18 2003001 HTTP port probe 131.216.23.103
magic.CS.UNLV.EDU 63.231.60.229 port=80&reason=Firewalled
19 2001-10-25 20:18:15 2000101 Trace route 131.252.82.151
host-82-151.dhcp.pdx.edu 65.12.236.49 count=2
39 2001-10-23 12:22:52 2003010 NNTP port probe 132.64.10.90
di8-90.dialin.huji.ac.il 63.231.60.4 port=119&reason=Firewalled
39 2001-10-12 07:32:52 2003102 TCP port probe 137.45.72.91
dhcp-72-91.radford.edu 63.231.59.54 port=1214&reason=RSTsent
39 2001-10-12 12:41:35 2003102 TCP port probe 137.45.72.91
dhcp-72-91.radford.edu 63.231.59.54 port=1214&reason=RSTsent
39 2001-10-23 09:28:48 2003010 NNTP port probe 144.134.75.207
prem-p-144-134-75-207.mega.tmns.net.au 63.231.60.4
port=119&reason=Firewalled
39 2001-10-26 02:04:10 2003016 RPC TCP port probe 144.16.70.193
mgmt.iisc.ernet.in 65.12.236.49 port=111&reason=Firewalled
39 2001-09-21 05:55:29 2003102 TCP port probe 148.244.77.64
ANTONIO 63.231.59.177 port=6346&reason=RSTsent
39 2001-10-23 16:05:18 2003010 NNTP port probe 149.156.87.167 POK
A004 63.231.60.4 port=119&reason=Firewalled
39 2001-11-29 03:51:21 2003006 Telnet port probe 150.244.21.86
orfeo.mat.uam.es 65.12.236.49 port=23&reason=Firewalled
39 2001-10-27 09:06:31 2003102 TCP port probe 151.21.206.59
ppp-59-206.21-151.libero.it 65.12.236.49 port=515&reason=Firewalled
39 2001-08-04 10:59:35 2003001 HTTP port probe 162.33.158.54
BECKS 63.231.60.229 port=80&reason=Firewalled
39 2001-11-29 01:26:22 2003011 DNS TCP port probe 164.125.170.152
65.12.236.49 port=53&reason=Firewalled
39 2001-11-23 23:05:25 2003102 TCP port probe 164.77.208.251
65.12.236.49 port=515&reason=Firewalled
59 2001-11-28 02:10:22 2000103 Possible Smurf attack initiated
169.254.187.17 236.1.0.0
59 2001-11-29 05:39:24 2000103 Possible Smurf attack initiated
169.254.187.17 238.129.0.0
39 2001-09-21 05:58:46 2003102 TCP port probe 172.134.32.150
AC862096.ipt.aol.com 63.231.59.177 port=6346&reason=RSTsent
59 2001-11-09 07:27:35 2003105 SubSeven port probe 172.139.102.53
AC8B6635.ipt.aol.com 65.12.236.49
port=27374&name=Sub_7_2&reason=RSTsent
39 2001-10-31 08:24:25 2003004 FTP port probe 193.251.16.105
ANantes-101-1-5-105.abo.wanadoo.fr 65.12.236.49
port=21&reason=Firewalled
39 2001-10-07 22:35:26 2003004 FTP port probe 193.252.178.71 NEO
63.231.60.130 port=21&reason=Firewalled
39 2001-10-26 03:52:30 2003004 FTP port probe 193.252.186.170
ALyon-101-1-3-170.abo.wanadoo.fr 65.12.236.49
port=21&reason=Firewalled
39 2001-11-28 07:23:06 2003004 FTP port probe 193.253.50.93
AStrasbourg-202-1-1-93.abo.wanadoo.fr 65.12.236.49
port=21&reason=Firewalled
39 2001-08-17 12:59:57 2003016 RPC TCP port probe 194.167.149.172
SERVLINMURET 63.231.61.108 port=111&reason=Firewalled
39 2001-11-22 22:10:29 2003011 DNS TCP port probe 195.12.96.180
mail.akta.kz 65.12.236.49 port=53&reason=Firewalled
39 2001-09-21 05:57:17 2003102 TCP port probe 195.167.106.98
athe530-k098.otenet.gr 63.231.59.177 port=6346&reason=RSTsent
39 2001-09-21 05:58:40 2003502 UDP port probe 195.167.106.98
athe530-k098.otenet.gr 63.231.59.177 port=2786&reason=Firewalled
39 2001-10-29 02:09:19 2003102 TCP port probe 202.102.3.30
65.12.236.49 port=515&reason=Firewalled
39 2001-10-06 11:58:22 2003102 TCP port probe 202.109.246.18
63.231.60.4 port=515&reason=Firewalled
39 2001-10-29 00:26:05 2003011 DNS TCP port probe 202.123.200.236
65.12.236.49 port=53&reason=Firewalled
39 2001-11-24 00:24:50 2003006 Telnet port probe 202.163.226.101
65.12.236.49 port=23&reason=Firewalled
39 2001-11-17 00:08:44 2003102 TCP port probe 202.224.237.147
qsobank.ucom.co.jp 65.12.236.49 port=515&reason=Firewalled
39 2001-10-25 20:38:21 2003016 RPC TCP port probe 202.56.239.194
65.12.236.49 port=111&reason=Firewalled
39 2001-11-11 06:03:43 2003102 TCP port probe 203.168.131.126
ip131126.hkicable.com 65.12.236.49 port=515&reason=Firewalled
39 2001-10-17 09:34:22 2003001 HTTP port probe 203.171.253.65
63.231.61.172 port=80&reason=Firewalled

The method to display hidden files is not limited to ME and below. The
option is also available in Windows 2000, XP and 2003.

ME: All I can say is to give this method a try and anyone with basic
skills will open their eyes to what hackers have installed on their
computer if it’s hacked or owned. You don’t actually think hackers are
going to reveal all their actions out there in the open on your hard
drive, do you? Checking for running processes isn’t going to show you
all the pornography, remailer information and e-mails others are abusing
on your system; to name a few.

> Windows keeps files and folders hidden by default so you don’t make
> changes to their important files. You need to View all Files and
> Folders on your computer to reveal what malicious hackers have
> installed without your knowledge. This will open your eyes and show
> you all the files and software applications now sitting on your hard
> drive. If you want to learn more about computer security, if you’re a
> beginner, one avenue is to read-up on configuring your mail and
> browsing applications. Google and Yahoo also have Newsgroups and
> message boards pertaining to the aforementioned. If utilizing a
> Windows platform, do some reading on configuring your Windows Internet

> Options both Internet and Local Settings. Also, spend time learning
> what applications in Windows are running and on what port they run on.

Displaying all files in a tedious method to determine what processes are
running on your computer. Checking the running processes and identifying
those that are running would prove more beneficial than

ME: See above remarks

The following is from a reviewer with the nick name of "Jack"

The Trackers