keith.gainford at btopenworld.com
Wed Jul 31 20:14:09 GMT 2002
Answers posted below your questions, many thanks for your thoughts they are
very much appreciated.
----- Original Message -----
From: "Peter Stendahl-Juvonen" <peter.stendahl-juvonen at welho.com>
To: "Dshield General DShield Discussion List" <list at dshield.org>
Sent: Wednesday, July 31, 2002 4:32 PM
Subject: FW: [Dshield] ad.uk.tangozebra
> Keith, et al.
> 1) Regarding your and my previous posts (below) please take notice to
> that you have to have "ad.uk.tangozebra" (and the respective IP address)
> changed to Internet zone (or at least removed from blocked zone) in your
> firewall first in order to be able to see the possible Web site cookies
> pointing at that DNS or IP address.
> 2) Please also block cookies (at least those pointing at
> "ad.uk.tangozebra") in your browser. That way IE will show you the
> existence of the cookies. (And you will see the details by double
> clicking the symbol for "Security Report" [or what ever it is called in
> the English language version of IE] at the bottom frame of IE window),
> there you should see reference to http://ad.uk.tangozebra/....
> Best Regards,
> | -----Original Message-----
> | From: Peter Stendahl-Juvonen [mailto:peter.stendahl-juvonen at welho.com]
> | Sent: Wednesday, July 31, 2002 6:16 PM
> | To: 'list at dshield.org'
> | Subject: RE: [Dshield] ad.uk.tangozebra
> | Keith, et al.
> | Could you please check if the following could be the cause or rather
> explanation to of the
> | phenomenon you're encountering.
> | 1) On the page where your browser takes you when you launch it are
> there Web site cookies
> | that point at "ad.uk.tangozebra"?
My home page is btopenworld.com, there doesn`t appear to be any banners
or adverts for "ad.uk.tangozebra". I have also checked all my cookies and
have nothing pointing at "tangozebra".
2) If so, then by having "ad.uk.tangozebra" in the restricted or
> blocked zone you ask your firewall
> | not to allow connections to that address. Hence your browser blocks IE
> from connecting to that
> | particular DNS or IP address.
In view of my reply above, this would not apply?.
> | 3) Because of the "ad.uk.tangozebra hit ZAPro numerous times with
> scans which ZA rejected. In
> | view of the number of scans I put the entire ISP space (Intellispace
> Inc) into ZA blocked zone."
> | in your original post "adware" might have been the number one suspect.
> Now I would say it was
> | coincidence or just indirectly related to the issue.
In view of the massive number of probes, I typed the DNS address into IE.
This returned a "Page could not be displayed" message. Is it possible that
some form of connection could have been made, resulting in a very quick
download of something nasty?.
| 4) With the information you gave in your latest post (below) I would
> suggest the explanation for
> | the phenomenon is as described in point (2) (above) providing your
> answer is "Yes" for point (1).
As you can see my answer to point (1) is negative.
5) If the deduction would prove to be true, then there is in my
> opinion nothing to worry about and
> | you can remove "ad.uk.tangozebra" from the blocked zone. Or change
> "ad.uk.tangozebra" to
> | Internet zone giving the same effect and having an option to block it
> quickly again if it would be
> | required for some reason (which is unlikely in my opinion).
Is it of any importance that all the outgoing attempts are only on port
6) Would be happy to know your final conclusion. Thanks in advance and
> good luck.
Thanks Peter, if I get to the bottom of it I will post.
| Best Wishes,
> | Peter
> | -----
> | "Everything must be taken seriously, nothing dramatically."
> | Louis Adolphe Thiers (1797-1877); French statesman, historian
> | | -----Original Message-----
> | | From: list-admin at dshield.org [mailto:list-admin at dshield.org] On
> Behalf Of Keith Gainford
> | | Sent: Wednesday, July 31, 2002 2:24 PM
> | | To: Dshield
> | | Subject: [Dshield] ad.uk.tangozebra
> | |
> | | Well I`ve tried all suggestions without success. Even spybotS&D
> | | find anything. A search of the Registry doesn`t show any obvious
> spyware so
> | | I`m stumped. Any more ideas?.
> | |
> | |
> | | Keith G
> | |
> | | _______________________________________________
> | | Dshield mailing list
> | | Dshield at dshield.org
> | | To change your subscription options (or unsubscribe), see:
> | | http://www.dshield.org/mailman/listinfo/list
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list