[Dshield] ad.uk.tangozebra

Keith Gainford keith.gainford at btopenworld.com
Sat Aug 3 14:56:35 GMT 2002


Peter,

Responses in line below;



----- Original Message -----
From: "Peter Stendahl-Juvonen" <peter.stendahl-juvonen at welho.com>
To: "Dshield General DShield Discussion List" <list at dshield.org>
Sent: Wednesday, July 31, 2002 11:29 PM
Subject: Re: [Dshield] ad.uk.tangozebra


> Keith, Roger, et al.
>
> Excellent addenda! The link provided by Roger puts all pieces in place.
> Thanks Roger.
>
> As you can see at
> http://richmedia.doubleclick.net/banners/tangozebra.htm TangoZebra is a
> java banner technology based in the United Kingdom, one of the Key
> Limitations of which: Only actively working with UK clients right now.
> -In other words exotic for the rest of us yet.
>
> My previous response should, hence read:
>
> Keith, et al.
>
> Could you please check the following?
>
> 1) On the page where your browser takes you when you launch it can you
> spot spaces on that page with text "Requested Page cannot be displayed"
> or something alike it, in places where banner ads would normally occur?
>
   Homepage always loads fully, with no spaces.


 2) You might check this by
> a) Keeping "ad.uk.tangozebra" in your firewall's blocked zone or
> > b) Possibly by the privacy settings of your firewall
>
     I have set security settings in IE to disable all cookies stored on my
computer, and to disable session cookies. In ZAPro I have selected "Block
session cookies", "Block persistent cookies", and "Block third party
cookies".


 3) By having "ad.uk.tangozebra" in the restricted or blocked zone your
> firewall prevents IE from connecting to the point of control for the
> banner ad(s).
> 4) Perhaps the "ad.uk.tangozebra hit ZAPro numerous times with scans
> which ZA rejected. In view of the number of scans I put the entire ISP
> space (Intellispace Inc) into ZA blocked zone." in your original post
> may indeed have reflected to the control mechanism of this
> unconventional banner ad technique. And the cause of the "attacks"
> logged on your firewall. Nevertheless it sounds quite harmless to me.
> Besides you were, and are protected by your firewall, otherwise you
> would not have seen the alerts or firewall log entries in the first
> place.

   Agreed


 5) Keeping "ad.uk.tangozebra" in your firewall's blocked zone or
> possibly blocking the ads by the privacy settings of your firewall may
> give peace of mind, but are not a necessity from a security viewpoint.


   Despite all my security settings as outlined above, cookies are still
getting to my Temporary Internet Files, folder would this have any bearing
whilst online?.



6) Would be happy to know your final judgement. Thanks in advance for
> report and best of luck.

   I`ve managed to pin the problem down to Bt Openworlds homepage, only when
I visit this page does ZA log an outgoing attempt. The page actually
contains one of the current advertisers as listed in the link Roger
provided. Can I take this opportunity to thank you, and all the other
members who responded, you interest and suggestions were greatly appreciated
by someone who has very limited technical knowledge. I think I can safely
put this thread to bed. Perhaps when Tangozebra decides to emigrate from the
U.K. and become more widely known???



> - Peter
> --------
>
>        "Forewarned, forearmed; to be prepared is half the victory."
>   Miguel de Cervantes (1547 - 1616) Spanish novelist, dramatist, poet.
>
>
> | -----Original Message-----
> | From: list-admin at dshield.org [mailto:list-admin at dshield.org] On Behalf
> Of Roger Shady
> | Sent: Wednesday, July 31, 2002 8:49 PM
> | To: list at dshield.org
> | Subject: Re: [Dshield] ad.uk.tangozebra
> |
> | Have you tried a Google search for Tangozebra?  As much as I dispise
> DoubleClick, here is how
> | they describe
> | it:
> |
> | http://richmedia.doubleclick.net/banners/tangozebra.htm
> |
> | Good Luck
> |
> | Keith G wrote:
> |
> | > Hi All,
> | >
> | > Hope someone can help a home user with a problem. ad.uk.tangozebra
> hit ZAPro
> | > numerous times with scans which ZA rejected. In view of the number
> of scans
> | > I put the entire ISP space (Intellispace Inc) into ZA blocked zone.
> However
> | > since then when I connect and fire up IE5.5sp2, I get an ACCESS
> warning
> | > "Your computer was prevented from connecting to a restricted site
> | > (66.9.53.130:80)" Direction: Outgoing (connect).
> | > The program is shown as Internet Explorer.
> | >
> | > I therefore denied access to all programs except IE and Nav. On
> reconnecting
> | > I still got the ACCESS warning message. I understand "tangozebra"
> makes use
> | > of the doubleclick cookie, I have run Adaware with the lastest sig
> file, but
> | > found nothing. I also use Cookiewall, which automatically deletes
> | > doubleclick if received when online. Nav virus check found nothing,
> as did
> | > Swatit a trojan+bot finder.
> | >
> | > I have cleaned out the browser history file and temp internet files.
> I have
> | > looked in the cookies folder but can`t find any references to
> tangozebra or
> | > doubleclick. I am at a loss as to what to do next.
> | >
> | > Any help would be greatly appreciated.
> | >
> | > PS I am not too computer literate, so if I need to delve into the
> mysteries
> | > of the Registry, I would need step by step instructions.
> | >
> | > Keith G
> | >
> | > _______________________________________________
> | > Dshield mailing list
> | > Dshield at dshield.org
> | > To change your subscription options (or unsubscribe), see:
> | http://www.dshield.org/mailman/listinfo/list
> |
> |
> | _______________________________________________
> | Dshield mailing list
> | Dshield at dshield.org
> | To change your subscription options (or unsubscribe), see:
> | http://www.dshield.org/mailman/listinfo/list
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list