Beethoven.com

[analog]

Out of the blue a popup window appeared offering free antivirus program, of course I clicked close but it started scrolling through filenames as if running a scan. Oh nuts looks like a virus... I turned off power, restarted and ran my ISP's antivirus scan (Computer Associates EZtrust). Of course it reported no infections found, as it always does.

I remembered the name - antivirusXP and a google turned up scary stuff, apparently it's some rogue spyware program .. so my neurotic worry kicks in - what is going on? How'd it get by popup blocker, realtime antivirus software, etc etc? Is it still there?


Anyone else had trouble with that one?

[Shapley]

I had one pop-up last week, but I don't recall the name. Apparently it was too new a version for my anti-virus software to recognize it.

It didn't offer a 'close' icon, so I used the Ctrl-Alt-Del combo to access the task manager and end the task before It could activite. I've become leary of clicking anywhere on the rogue pop-ups, so I always use end task to clear them.

[analog]

good thought - thanks.

ctl-alt-delete (three finger Microsoft salute) used to be a reflex - i guess windows xp has spoiled me because it bombs so much less often...

some day somebody will invent a way to identify these hackers and spammers and make their addresses public info.... i won't shed tears over whatever violence is visited upon them.....

[Selma in Sandy Eggo]

I usually right-click on the little square in the taskbar at the screen bottom, and then select "close". I, too, don't trust the red X on the popup. Booby traps lurk there...

I do ritually curse the people who hack, send spyware ads, and otherwise annoy me. Such a formal curse can go on for several minutes and wish ill unto several generations. It's an art form.

[OperaTenor]

I got a Mac....

Just sayin'....

[jamiebk]

I usually right-click on the little square in the taskbar at the screen bottom, and then select "close". I, too, don't trust the red X on the popup. Booby traps lurk there...

I do ritually curse the people who hack, send spyware ads, and otherwise annoy me. Such a formal curse can go on for several minutes and wish ill unto several generations. It's an art form.

What she said.....

[Shapley]

I got a Mac....

Then you must be mourning the loss of Steve Jobs....


...Oh! Wait! He isn't actually dead.

[analog]

stumbled across this page while researching a virus my scanner found...

http://www.hackers.nl/2008/how-to-intru ... etworks-2/

while it's over my head i gather it is a 'how to sneak in' with Flash.

Anyone know if they're speaking of Flash Player? Perhaps i'll uninstall that?

You can compile this code by doing:
thex00@hdnl:/secret/GordonProject$ mtasc -swf myWorm.swf -main backdoor.as

Add that code to another flash movie:
thex00@hdnl:/secret/GordonProject$ swfcombine -o demo.swf -T myWorm.swf myBanner.swf

Now how about some local network scanning to ice the cake? The socket handling in ActionScript 3, allows you to scan TCP ports (Flash is not designed for usage with UDP), through the SecurityErrorEvent object. This special object in flash is an exception, like you have in Java,
that is ‘thrown’. The flaw in this design however that it is thrown immediately when a connection failed (closed ported), so if the Movie isn’t allowed AND doesn’t get a SecurityErrorEvent within seconds the port is likely to be open.

Here is an example of how such a scanner would look like:

/* (* ScannerSkeleton.as *) ActionScript 3 */

protected var host:String;
protected var port:Number;
protected var sock:Socket;

public class Main
{
public function Main():void
{
conn = new LocalConnection();
conn.allowDomain(’*');
sock = new Socket();
sock.addEventListener(SecurityErrorEvent.SECURITY_ERROR, onSecurityError);
sock.connect(host, port)
}
}

Not so great is the spawning of child processes inside the flashmovie, which can cause the movie to hang the browser or even worse, the Operating System. Because Flash allows you to scan inside the network, you should try to find the router, which by default uses the Telnet protocol but these days comes with a web interface. As I’ve mentioned
before, it is perfectly possible to reconfigure the router from within Flash, or even worse… Enable UPnP!

Finally, some of the conditions that you need to meet when hacking with Flash. The advantage is that Flash data is stored locally, the challenge is that you got by default only 100Kb per host to work with (a lot less than that actually, its more like 4-5Kb that you can really use for your abusive motivations)… but it rarely gets deleted
and doesn’t have an expiration date, so not like cookies.

Why hack with Flash? Because you can! Hope you enjoyed it.

a.

[jamiebk]

I usually right-click on the little square in the taskbar at the screen bottom, and then select "close". I, too, don't trust the red X on the popup. Booby traps lurk there...

This is what our IT people at my work have instructed us to do.

[analog]

I usually right-click on the little square in the taskbar at the screen bottom, and then select "close". I, too, don't trust the red X on the popup. Booby traps lurk there...

This is what our IT people at my work have instructed us to do.

yes, thanks to both you and selma for that tip i find it works a good bit of the time.

As to the Flash virus a recent update from Adobe claims to have fixed it.....

adblock seems able to detect those popups and i've learned to make a filter for the entire advertiser's domain. i'm plodding along...

you know - i think a suitable payback for 'spam and popper-up advertisers' would be...
... place them in irons, and a virtual reality headset blaring an endless loop of Billy Mays singing "Jingle Bells Rock".

a.

[jamiebk]

How about some Perry Como to go with that?

[alkalinelife421]

fyi - antivirus programs only do so much. you also *if you have a pc* want to download an anti-spyware program - i liked ad-aware by lavasoft when i had a pc. it's free and finds a lot of spyware junk and deletes it for you! hope this helps.

[Giant Communist Robot]

Spybot has a free version also.