[Dshield] Re: Re: [Larholm/PivX] Proxy attackers/hijackers

Kenneth Coney superc at visuallink.com
Tue Oct 21 23:53:59 GMT 2003

CD Soft packs and CD security patches would really be appreciated.  I spent 
most of today in the home of a senior citizen dealing with an XP standalone 
someone gave them for free back when they were new.  I got there at 9AM. 
An old modem installed.  NAV 01 software, long expired.  Wasn't working 
right all month he said.  Wouldn't let him read his mail.  Log on troubles, 
and slow keyboard response.  A dial up of course.  First discovery was his 
DNS numbers were obsolete.  Changed them.  Asked about Windows updates and 
was asked in return what are those?  Asked about Blaster and Swen and got a 
blank look.  Changed the DNS numbers.  Established connection and went to 
windows update.  45 Critical updates needed.  An estimated 52 megs, at 28K. 
  I knew something was hokey when I realized the machine was sending 5 
bytes out for everyone it received.  Managed to get ZoneAlarm free 
installed.  Teetoy.exe or toytee.exe, some such, sending lots of things to 
port :135 at every ISP # it could scroll through.,, etc.  A thousand or so sends every few seconds. 
Stopped process to kill it and the system auto rebooted because it had 
unexpectedly lost RPC.  Needless to say the downloaded MS patches wouldn't 
download.  Hung up on the Softpack for hours.  2.1 megs initial followed by 
a supposed 4,800 minute download during the install process.  Never got 
there.  Every few minutes we were told the Softpack update server wasn't 
responding and did we want to try again, or cancel.  Where is the 800 phone 
# to call for a free CD?  Finally went home, got my old Norton IS 03 and 
gave it to him as a gift and installed it on his machine for him.  Again 
where are the updates on CD?  About 10 megs of updates.  Took hours at 24K. 
  All the while NIS asking me over and over if toytee.exe and gameghost (he 
has no games) can go on line to play.  Showed him how to do the NAV NIS 
upgrades a few more times and extracted a promise to run a complete scan 
before going to bed (leaving the results on screen for me) and left for the 
day at 7PM.  Will be back there tomorrow to see where he is.  Sure would be 
nice to have a softpack CD rather than spend the day pressing try again 
over and over when trying to get softpack installed by 28K modem.

Subject: RE: [Dshield] Re: Re: [Larholm/PivX] Proxy attackers/hijackers
From: "Nels Bels" <nelsbels at cableone.net>
Date: Mon, 20 Oct 2003 12:00:11 -0500
To: "'General DShield Discussion List'" <list at dshield.org>

Make SP, Hotfix, etc CD's available for free at Best Buy, Wal-Mart, K-Mart,
Radio Shack for free. Bundle the discs with new computers, give them to ISPs
to distribute to customers, etc. (I think the the ISPs would be on this to
save money tracking down virus and Spam spewing home computers)

That would help at least a little bit. There has to be tons of people that
would patch but the time to download issue is prohibitive to most "general"
That wouldn't help  all though.  We still would have folks that wouldn't
update, but it would help eliminate most.

 >>>>On 18 Oct 2003 at 12:39, Thor Larholm wrote:

 >>>>>> >> Let's be serious for a second and take their first monthly patch


 >>>>>> >> as an example, 10-20 MB.

 >>>>Expecting a home user, who is already apathetic about security to download
 >>>>10 - 20 MB of patches over a dial-up is foolish.  Admittedly John's
 >>>>"gigabytes" is an exaggeration, but 10 - 20 MB is still unacceptable.

 >>>>- -TL

More information about the list mailing list