FW: [Dshield] ad.uk.tangozebra

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Thu Aug 1 15:16:18 GMT 2002


Keith, et al.

Thank you for your prompt response. Before just receiving your separate
response (thru list at DShield.org) I posted this one (below) last night
(GMT+3) to the list, but have not myself seen any signs of delivery yet.
Have you? Any new comment in this view?

I will answer your separate response as soon as [other] commitments
permit.

- Peter
-------


| -----Original Message-----
| From: Peter Stendahl-Juvonen [mailto:peter.stendahl-juvonen at welho.com]
| Sent: Thursday, August 01, 2002 1:30 AM
| To: Dshield General DShield Discussion List (list at dshield.org)
| Subject: Re: [Dshield] ad.uk.tangozebra
| 
| Keith, Roger, et al.
| 
| Excellent addenda! The link provided by Roger puts all pieces in
place. Thanks Roger.
| 
| As you can see at
http://richmedia.doubleclick.net/banners/tangozebra.htm TangoZebra is a
java
| banner technology based in the United Kingdom, one of the Key
Limitations of which: Only
| actively working with UK clients right now. -In other words exotic for
the rest of us yet.
| 
| My previous response should, hence read:
| 
| Keith, et al.
| 
| Could you please check the following?
| 
| 1) On the page where your browser takes you when you launch it can you
spot spaces on that
| page with text "Requested Page cannot be displayed" or something alike
it, in places where
| banner ads would normally occur?
| 2) You might check this by
| 	a) Keeping "ad.uk.tangozebra" in your firewall's blocked zone or
| 	b) Possibly by the privacy settings of your firewall
| 3) By having "ad.uk.tangozebra" in the restricted or blocked zone your
firewall prevents IE from
| connecting to the point of control for the banner ad(s).
| 4) Perhaps the "ad.uk.tangozebra hit ZAPro numerous times with scans
which ZA rejected. In
| view of the number of scans I put the entire ISP space (Intellispace
Inc) into ZA blocked zone."
| in your original post may indeed have reflected to the control
mechanism of this unconventional
| banner ad technique. And the cause of the "attacks" logged on your
firewall. Nevertheless it
| sounds quite harmless to me. Besides you were, and are protected by
your firewall, otherwise
| you would not have seen the alerts or firewall log entries in the
first place.
| 5) Keeping "ad.uk.tangozebra" in your firewall's blocked zone or
possibly blocking the ads by
| the privacy settings of your firewall may give peace of mind, but are
not a necessity from a
| security viewpoint.
| 6) Would be happy to know your final judgement. Thanks in advance for
report and best of luck.
| 
| - Peter
| --------
| 
|        "Forewarned, forearmed; to be prepared is half the victory."
|   Miguel de Cervantes (1547 - 1616) Spanish novelist, dramatist, poet.
| 
| 
| | -----Original Message-----
| | From: list-admin at dshield.org [mailto:list-admin at dshield.org] On
Behalf Of Roger Shady
| | Sent: Wednesday, July 31, 2002 8:49 PM
| | To: list at dshield.org
| | Subject: Re: [Dshield] ad.uk.tangozebra
| |
| | Have you tried a Google search for Tangozebra?  As much as I dispise
DoubleClick, here is
| how
| | they describe
| | it:
| |
| | http://richmedia.doubleclick.net/banners/tangozebra.htm
| |
| | Good Luck
| |
| | Keith G wrote:
| |
| | > Hi All,
| | >
| | > Hope someone can help a home user with a problem. ad.uk.tangozebra
hit ZAPro
| | > numerous times with scans which ZA rejected. In view of the number
of scans
| | > I put the entire ISP space (Intellispace Inc) into ZA blocked
zone. However
| | > since then when I connect and fire up IE5.5sp2, I get an ACCESS
warning
| | > "Your computer was prevented from connecting to a restricted site
| | > (66.9.53.130:80)" Direction: Outgoing (connect).
| | > The program is shown as Internet Explorer.
| | >
| | > I therefore denied access to all programs except IE and Nav. On
reconnecting
| | > I still got the ACCESS warning message. I understand "tangozebra"
makes use
| | > of the doubleclick cookie, I have run Adaware with the lastest sig
file, but
| | > found nothing. I also use Cookiewall, which automatically deletes
| | > doubleclick if received when online. Nav virus check found
nothing, as did
| | > Swatit a trojan+bot finder.
| | >
| | > I have cleaned out the browser history file and temp internet
files. I have
| | > looked in the cookies folder but can`t find any references to
tangozebra or
| | > doubleclick. I am at a loss as to what to do next.
| | >
| | > Any help would be greatly appreciated.
| | >
| | > PS I am not too computer literate, so if I need to delve into the
mysteries
| | > of the Registry, I would need step by step instructions.
| | >
| | > Keith G
| | >
| | > _______________________________________________
| | > Dshield mailing list
| | > Dshield at dshield.org
| | > To change your subscription options (or unsubscribe), see:
| | http://www.dshield.org/mailman/listinfo/list
| |
| |
| | _______________________________________________
| | Dshield mailing list
| | Dshield at dshield.org
| | To change your subscription options (or unsubscribe), see:
| | http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list