Author Topic: Do NOT install the new open source explorer "patch" !  (Read 21365 times)

0 Members and 1 Guest are viewing this topic.

Offline Waldo

  • Sr. Member
  • ****
  • Posts: 397
  • Avast does the ownage
Do NOT install the new open source explorer "patch" !
« on: December 19, 2003, 06:50:50 PM »
HI !

This so called "patch" from the opensource community is actualy a sort of undestructive trojan / spyware. And opens your browser to a lot of other exploits :(

http://www.openwares.org/index.php?option=com_remository&Itemid=&func=fileinfo&parent=folder&filecatid=17

Daniel (vendor of The Cleaner) says its malware with a backdoor. He pointed this out on his own support forum and provided this link :

http://lists.netsys.com/pipermail/full-disclosure/2003-December/014933.html

Since Windows & internet explorer aren't open source, i already didn't trust this patch beforehand. Without the source of a program (Windows) it's impossibel to create a good clean &working  patch for it.

Waldo
« Last Edit: December 19, 2003, 07:00:46 PM by Waldo »
**Guns are for show, knifes for a pro**

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5075
Re:Do NOT install the new open source explorer "patch" !
« Reply #1 on: December 19, 2003, 08:06:42 PM »
I dont apply any patch unless its from windowsupdate for my gateway anyway.
And same for the macs only patches from apple
"People who are really serious about software should make their own hardware." - Alan Kay

Offline Waldo

  • Sr. Member
  • ****
  • Posts: 397
  • Avast does the ownage
Re:Do NOT install the new open source explorer "patch" !
« Reply #2 on: December 19, 2003, 08:16:02 PM »
I dont apply any patch unless its from windowsupdate for my gateway anyway.
And same for the macs only patches from apple

Smart thinking Mac.  :)
**Guns are for show, knifes for a pro**

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re:Do NOT install the new open source explorer "patch" !
« Reply #3 on: December 19, 2003, 10:25:42 PM »
Thanks Waldo...
For all users which are reading this post, remember that Microsoft does not send emails alerting for the existence of patches and claiming for download. Remember either that there is no 'Windows Open Source'   ;)

Nowadays, we can only trust in avast!  ;D
The best things in life are free.

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5075
Re:Do NOT install the new open source explorer "patch" !
« Reply #4 on: December 19, 2003, 11:09:12 PM »
and i add the apple does NOT send emails about updates either
"People who are really serious about software should make their own hardware." - Alan Kay

Offline techie101returns

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1900
Re:Do NOT install the new open source explorer "patch" !
« Reply #5 on: December 20, 2003, 02:53:38 PM »
Waldo,

Nice to hear from you again.  It is not a surprise that malicious persons will use any product name to conduct their dastardly deeds.

No patch, fix, update, upgrade or file should be downloaded or used unless the source has been verified and we understand the ramifications of its' use (Terms of Use).  WE know not to do it, but other users do not, so I applaud you for bringing this to the forum in the hope that the word will be spread.

Other such patches have been named as coming from Microsoft, "IE update (in email) and such.

Technical and Mac agree fully as I do.

Sorry to come in on this late, but I still have lots to do for the holiday.

techie

Offline Waldo

  • Sr. Member
  • ****
  • Posts: 397
  • Avast does the ownage
Re:Do NOT install the new open source explorer "patch" !
« Reply #6 on: December 20, 2003, 03:03:12 PM »

The vendor of "The Cleaner" even included the malware on yesterdays sigantures updates (Database v3431 12-19-2003)

Means something, doesn't it ?

http://www.moosoft.com/products/cleaner/update/?action=notes&id=26

Btw Technie101 > nice to hear (read) you to !  ;D

Waldo
**Guns are for show, knifes for a pro**

CoJo

  • Guest
Re:Do NOT install the new open source explorer "patch" !
« Reply #7 on: December 20, 2003, 04:12:23 PM »
Waldo, thank you!

I surprised myself and didn't rush to "fix" anything <g>
I get updates from Windows only.

My ISP has apparently clamped down again...doing a good job. I received another notice they had deleted a message:
ciefoa.exe was infected with the malicious virus W32.FunLove.4099 and has been deleted because the file cannot be cleaned.

I just don't know where the ciefoa.exe came from as there was no information about the message itself.
hmmmm....

cojo

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5075
Re:Do NOT install the new open source explorer "patch" !
« Reply #8 on: December 20, 2003, 04:33:05 PM »
last night on the screen savers on tech tv they told that the patch is no longer avaliable as it had
1) memory leak
2) buffer overflow
3)had spyware

so you cant download it anymore
thank you leo
"People who are really serious about software should make their own hardware." - Alan Kay

Offline techie101returns

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1900
Re:Do NOT install the new open source explorer "patch" !
« Reply #9 on: December 20, 2003, 06:47:15 PM »
Quote

I just don't know where the ciefoa.exe came from as there was no information about the message itself.
hmmmm...

Cojo,
Viruses can be downloaded just by visiting a web page.  The malicious sender "piggybacks" the virus in with the html of the page.  That's why a good firewall and anti-virus are absolutely needed.
Viri are not only gotten through email!
Glad to see that you are not rushing to change things.  That shows me you have learned here on the forum about computers and what not to do.  I'm proud of you!

techie
« Last Edit: December 20, 2003, 06:47:42 PM by techie101 »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re:Do NOT install the new open source explorer "patch" !
« Reply #10 on: December 20, 2003, 07:11:21 PM »
I surprised myself and didn't rush to "fix" anything
cojo

Cojo, this kind of learning makes me happy...
Sometimes we must to wait, our force is our patience  8)
The best things in life are free.

Offline Waldo

  • Sr. Member
  • ****
  • Posts: 397
  • Avast does the ownage
Re:Do NOT install the new open source explorer "patch" !
« Reply #11 on: December 20, 2003, 09:57:36 PM »
[
Sometimes we must to wait, our force is our patience  8)

Use the Force Luke !.....heh  ???... Use the Force Technical !  ;D
« Last Edit: December 20, 2003, 09:58:09 PM by Waldo »
**Guns are for show, knifes for a pro**

CoJo

  • Guest
Re:Do NOT install the new open source explorer "patch" !
« Reply #12 on: December 21, 2003, 01:25:40 PM »
you experts are so good to me :)  what kind of cookies do you want for Christmas?

seriously, I do appreciate the willigness to share your knowledge with me!

Avast! is the best in more ways than one 8)
and I am using EZ Firewall...part of the free one year EZ Guard.

'Course I have another question...
part of the firewall has a section for email...which I have turned off...but it has a very long list of extensions that it will not allow to be executed...should I turn that on or would that interfere with Avast! doing it's job?

thank you, my friends...
cojo

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re:Do NOT install the new open source explorer "patch" !
« Reply #13 on: December 21, 2003, 02:54:08 PM »
Part of the firewall has a section for email...which I have turned off...but it has a very long list of extensions that it will not allow to be executed...should I turn that on or would that interfere with Avast! doing it's job?
thank you, my friends...
cojo

If you block the emails attachments into the firewall settings, probably you won't be able to receive email with this extensions, they would remain in the server and avast! won't scan them because you won't even download them  ;D

Probably, I'm not sure, you won't be able to send email with this extensions too.

For instance, when you turn on the option of Outlook Express to block emails with attachments, you could configure its behavior by the program Attachment Unblocker 1.0 (http://www.hofnet.com/software). What is it? Melissa, Love letter, etc. are worms that use the scripting capabilities within Outlook to spread rapidly over the internet. In Microsoft Outlook, Microsoft has tightened up security to limit the effects of this new generation of viruses. This has been done by limiting the possibility to access file attachments that is considered unsafe. While it usually is a good idea to not open .vbs files that arrive in mail, there is times where one might want to. The same goes for .exe files and many other types of files that has been blocked in Outlook. This would be a very good thing if they had remembered to include some way to change this setting. But they seem to have forgotten about that. This is where AU (Attachment Unblocker) comes to use. AU can be used to temporarily or permanently unblock certain file types in Outlook. If someone sends you an e-mail with a VBScript (.vbs) attached to it that you know is not a virus and you would like to save the file to disk or run it, just unblock .vbs files and use the file as you wish. When you're done you could re-block .vbs files again if you wish. Note! AU should be used with caution. To unblock all files permanently completely disables this security feature in Outlook.

So, you can use either the Script Defender to prevent infections from emails (http://www.analogx.com). You can block: .VBS,.VBE,.JS,.JSE,.HTA,.WSF,.WSH,.SHS,.SHB,.REG and any other extension that you want.
« Last Edit: December 21, 2003, 05:49:20 PM by Technical »
The best things in life are free.

CoJo

  • Guest
Re:Do NOT install the new open source explorer "patch" !
« Reply #14 on: December 21, 2003, 04:32:19 PM »
Technical...hello and Happy Holidays!

I just received another message from my isp:
edylg.exe was infected with the malicious virus W32.FunLove.4099 and has been deleted because the file cannot be cleaned

so apparently something is working?? I don't let any attachments to come through...several months ago I got a virus from an unknowing friend who sent me a picture. ever since then, I have blocked any attachments...I may miss an occasional pretty thing, but I'd rather this happen then to get infected again :'(

cojo