Avast WEBforum
Other => General Topics => Topic started by: Waldo on December 19, 2003, 06:50:50 PM
-
HI !
This so called "patch" from the opensource community is actualy a sort of undestructive trojan / spyware. And opens your browser to a lot of other exploits :(
http://www.openwares.org/index.php?option=com_remository&Itemid=&func=fileinfo&parent=folder&filecatid=17
Daniel (vendor of The Cleaner) says its malware with a backdoor. He pointed this out on his own support forum and provided this link :
http://lists.netsys.com/pipermail/full-disclosure/2003-December/014933.html
Since Windows & internet explorer aren't open source, i already didn't trust this patch beforehand. Without the source of a program (Windows) it's impossibel to create a good clean &working patch for it.
Waldo
-
I dont apply any patch unless its from windowsupdate for my gateway anyway.
And same for the macs only patches from apple
-
I dont apply any patch unless its from windowsupdate for my gateway anyway.
And same for the macs only patches from apple
Smart thinking Mac. :)
-
Thanks Waldo...
For all users which are reading this post, remember that Microsoft does not send emails alerting for the existence of patches and claiming for download. Remember either that there is no 'Windows Open Source' ;)
Nowadays, we can only trust in avast! ;D
-
and i add the apple does NOT send emails about updates either
-
Waldo,
Nice to hear from you again. It is not a surprise that malicious persons will use any product name to conduct their dastardly deeds.
No patch, fix, update, upgrade or file should be downloaded or used unless the source has been verified and we understand the ramifications of its' use (Terms of Use). WE know not to do it, but other users do not, so I applaud you for bringing this to the forum in the hope that the word will be spread.
Other such patches have been named as coming from Microsoft, "IE update (in email) and such.
Technical and Mac agree fully as I do.
Sorry to come in on this late, but I still have lots to do for the holiday.
techie
-
The vendor of "The Cleaner" even included the malware on yesterdays sigantures updates (Database v3431 12-19-2003)
Means something, doesn't it ?
http://www.moosoft.com/products/cleaner/update/?action=notes&id=26
Btw Technie101 > nice to hear (read) you to ! ;D
Waldo
-
Waldo, thank you!
I surprised myself and didn't rush to "fix" anything <g>
I get updates from Windows only.
My ISP has apparently clamped down again...doing a good job. I received another notice they had deleted a message:
ciefoa.exe was infected with the malicious virus W32.FunLove.4099 and has been deleted because the file cannot be cleaned.
I just don't know where the ciefoa.exe came from as there was no information about the message itself.
hmmmm....
cojo
-
last night on the screen savers on tech tv they told that the patch is no longer avaliable as it had
1) memory leak
2) buffer overflow
3)had spyware
so you cant download it anymore
thank you leo
-
I just don't know where the ciefoa.exe came from as there was no information about the message itself.
hmmmm...
Cojo,
Viruses can be downloaded just by visiting a web page. The malicious sender "piggybacks" the virus in with the html of the page. That's why a good firewall and anti-virus are absolutely needed.
Viri are not only gotten through email!
Glad to see that you are not rushing to change things. That shows me you have learned here on the forum about computers and what not to do. I'm proud of you!
techie
-
I surprised myself and didn't rush to "fix" anything
cojo
Cojo, this kind of learning makes me happy...
Sometimes we must to wait, our force is our patience 8)
-
[
Sometimes we must to wait, our force is our patience 8)
Use the Force Luke !.....heh ???... Use the Force Technical ! ;D
-
you experts are so good to me :) what kind of cookies do you want for Christmas?
seriously, I do appreciate the willigness to share your knowledge with me!
Avast! is the best in more ways than one 8)
and I am using EZ Firewall...part of the free one year EZ Guard.
'Course I have another question...
part of the firewall has a section for email...which I have turned off...but it has a very long list of extensions that it will not allow to be executed...should I turn that on or would that interfere with Avast! doing it's job?
thank you, my friends...
cojo
-
Part of the firewall has a section for email...which I have turned off...but it has a very long list of extensions that it will not allow to be executed...should I turn that on or would that interfere with Avast! doing it's job?
thank you, my friends...
cojo
If you block the emails attachments into the firewall settings, probably you won't be able to receive email with this extensions, they would remain in the server and avast! won't scan them because you won't even download them ;D
Probably, I'm not sure, you won't be able to send email with this extensions too.
For instance, when you turn on the option of Outlook Express to block emails with attachments, you could configure its behavior by the program Attachment Unblocker 1.0 (http://www.hofnet.com/software). What is it? Melissa, Love letter, etc. are worms that use the scripting capabilities within Outlook to spread rapidly over the internet. In Microsoft Outlook, Microsoft has tightened up security to limit the effects of this new generation of viruses. This has been done by limiting the possibility to access file attachments that is considered unsafe. While it usually is a good idea to not open .vbs files that arrive in mail, there is times where one might want to. The same goes for .exe files and many other types of files that has been blocked in Outlook. This would be a very good thing if they had remembered to include some way to change this setting. But they seem to have forgotten about that. This is where AU (Attachment Unblocker) comes to use. AU can be used to temporarily or permanently unblock certain file types in Outlook. If someone sends you an e-mail with a VBScript (.vbs) attached to it that you know is not a virus and you would like to save the file to disk or run it, just unblock .vbs files and use the file as you wish. When you're done you could re-block .vbs files again if you wish. Note! AU should be used with caution. To unblock all files permanently completely disables this security feature in Outlook.
So, you can use either the Script Defender to prevent infections from emails (http://www.analogx.com). You can block: .VBS,.VBE,.JS,.JSE,.HTA,.WSF,.WSH,.SHS,.SHB,.REG and any other extension that you want.
-
Technical...hello and Happy Holidays!
I just received another message from my isp:
edylg.exe was infected with the malicious virus W32.FunLove.4099 and has been deleted because the file cannot be cleaned
so apparently something is working?? I don't let any attachments to come through...several months ago I got a virus from an unknowing friend who sent me a picture. ever since then, I have blocked any attachments...I may miss an occasional pretty thing, but I'd rather this happen then to get infected again :'(
cojo
-
Technical...hello and Happy Holidays!
I just received another message from my isp:
edylg.exe was infected with the malicious virus W32.FunLove.4099 and has been deleted because the file cannot be cleaned
so apparently something is working?? I don't let any attachments to come through...several months ago I got a virus from an unknowing friend who sent me a picture. ever since then, I have blocked any attachments...I may miss an occasional pretty thing, but I'd rather this happen then to get infected again :'(
cojo
Have you already tried MailWasher application? You can 'see' the email without downloading it and decide if you want to receive or not. You can delete it before you receive it. (www.mailwasher.net). The free application allows only one email account. In the pro version, the number of email accounts is unlimited.
Merry Christmas for you too.
-
Seems they released a updated (without bugs) so called "patch"...my advice :
Don't be an idiot, and stay away from it !
It's the same crap as before.
http://www.openwares.org/index.php?option=com_remository&Itemid=&func=fileinfo&parent=folder&filecatid=17
Kind regards,
Waldo
-
Hi Technical!
no, I haven't tried MailWasher ??? and I don't remember why not...
but my isp has a spam guard folder that I can view what it caught and I can delete it...that way, I don't miss an occasional friendly one and I can delete all the rest...is that just as good?
by the way, I just tried to download a test and Avast! blasted me with a warning...so I deleted it and am going to run a scan in a few minutes.
cojo
-
Hi Technical!
no, I haven't tried MailWasher ??? and I don't remember why not...
but my isp has a spam guard folder that I can view what it caught and I can delete it...that way, I don't miss an occasional friendly one and I can delete all the rest...is that just as good?
I think so ;D
by the way, I just tried to download a test and Avast! blasted me with a warning... so I deleted it and am going to run a scan in a few minutes.
cojo
What test? What is the name and extension of the file?
-
Technical. I think my ignorance is showing again! :-[
it is an IRC worm killer tool...from clickteam.com
and I think Avast! did its usual great job and detected it as a worm when it was actually part of the test...
it installs as test.exe and a file that has the same ending but with test\$$A...
so I think I just panicked and deleted it...sigh
cojo
-
I guess I'm lucky here -- my ISP uses VirusGuard, which "quarantines" anything suspicious incoming. (I use avast's email provider too, just in case something slips through).
And it'll let me go to the site and view any plain-text contents (not HTML or attachments) without the message ever "seeing" my own system. At that point I have the options to:
- delete
- clean (if possible) and deliver
- deliver as-is
Interestingly, "clean" isn't capable of simply deleting an attachment (the most common problem area) and delivering the message itself.
-
Hi Gang,
A better option than Outlook Express/Outlook's attachment blocking feature, which many disable because it interferes with normal and sometimes frequent file transfers, is the Outpost firewall. It includes an Attachments Filter plug-in that renames attachments by appending a harmless extension to their filenames. This allows you to receive all the attachments but prevents you from running executables accidentally and becoming infected with new, rapidly spreading malware. The original extension remains part of the name so you don't have to be concerned about knowing what type of file is involved. You can use the files after saving them and restoring their original names. The default configuration includes all the usual suspects: executables, screensavers, scripts, and so on, along with a slew of file types that many are unaware can be dangerous. You can add more extensions to monitor if you want. In addition to making an entry in its log, the plug-in also can be configured to report any attachments that are renamed in a pop-up window.
Part of my safe hex regimen is to always include a moniker in any e-mail I send that has an attachment. A custom signature states that the presence of the moniker guarantees that I actually sent the message and deliberately inserted any attachments, and it specifies their number. (Of course the avast! status lines are included. :) ) It also includes a warning to never open an attachment in an e-mail from me if the moniker is missing. Using this technique results in a little extra work up front, but that is more than offset by eliminating the need for independent confirmations. If more people adopted a similar practice and encouraged others to do the same, the number of infections from malware that propagates through e-mail could be dramatically reduced.
Regards,
Hornus
-
Hornus, I challenge you to explain that to the simple mind of cojo ;D
what I think I understand is I can add somthing at the end of my attachments to make them safe for my friends...but I can also do something to check mine. I am using EZguard firewall...it also has--without scanning--an option to accept of deny certain extensions in an email. I can turn this on or off as needed...
am I even close ???
cojo
-
Hornus, I challenge you to explain that to the simple mind of cojo ;D
what I think I understand is I can add somthing at the end of my attachments to make them safe for my friends...but I can also do something to check mine. I am using EZguard firewall...it also has--without scanning--an option to accept of deny certain extensions in an email. I can turn this on or off as needed...
am I even close ???
cojo
cojo, you caugh my feelings. hornus, could you explain for us, not so technically, what is that 'moniker' you talked about? thank you.
-
Hornus, wellcome back from your vacations! We are curious about your 'security' system, can you post some links for download the application? ;D
-
Hi Guys,
Thanks for the interest. I'll try to clarify things. There's no application, it's a procedure.
A moniker is just a nickname or identifying mark. I use it as a crude form of authentication, like the wax impressed with a dignitary's unique symbol used to seal a document in Medieval times. I created a small graphic file with MS Paint containing a unique symbol that my family and friends can identify as being associated with me.
Whenever I send someone an e-mail with one or more attachments, I always include the moniker. If recipients display e-mail in HTML format, the moniker is prominently displayed in the body of the message; if they display it in text format, they can recognize the filename. In either case, if anyone receives an e-mail from me with only one attachment, they know immediately to be suspicious. In that event, the 3 most likely reasons are: the e-mail has a spoofed sender address, it was sent by someone infected with a worm that got my e-mail address from their address book, contact list, etc, or I myself have been infected :'(.
Because I realize that most people would just be confused by the presence of the extra attachment, I created a signature that explains why it is there and what its presence or absence means. The signature also specifies the total number of attachments, including the moniker. That way, if a worm manages to piggy-back on an otherwise legitimate e-mail, the recipients are alerted that something isn't kosher. I always insert this signature along with the moniker.
A worm propagating through e-mail or a stranger pretending to be me wouldn't be able do this.
The use of a graphic moniker is overkill, admittedly. A simple text string or even using the signature by itself would suffice. But, I use the graphic as an attention getter and the explanation in the signature in the hopes that it promotes the practice.
Regards,
Hornus
-
well, thanks, Hornus!! ;D
ya expect me to understand *how* to do that???
especially since I am sitting here drinking special hot chocolate and listening to Bocelli...if I were any more mellow, I couldn't stand up :-*
sorry...just being crazy for a moment...I'll reread it when I'm not so "mellow"...
cojo
-
CoJo,
You don't have to create a graphic. Download one from the Internet or use some clip art that you already have. Save a copy of it with a unique name, like CoJo'sMoniker.gif, so someone can recognize the filename and associate it with you.
Creating and using a signature in your e-mail client isn't hard. I expect that virtually all of them support this. If yours doesn't, dump it. ;D No, what I meant to say is use Notepad to create one in a text file. I'd be surprised, nay shocked, if your e-mail client doesn't allow you to insert text from a file into a message with just a few mouse click, in the right places of course. ;) If not, dump it. ;D Of course, you can use the clipboard to cut and paste it if necessary.
Regards,
Hornus