[Dshield] Re: Re: [Larholm/PivX] Proxy attackers/hijackers
superc at visuallink.com
Tue Oct 21 23:53:59 GMT 2003
CD Soft packs and CD security patches would really be appreciated. I spent
most of today in the home of a senior citizen dealing with an XP standalone
someone gave them for free back when they were new. I got there at 9AM.
An old modem installed. NAV 01 software, long expired. Wasn't working
right all month he said. Wouldn't let him read his mail. Log on troubles,
and slow keyboard response. A dial up of course. First discovery was his
DNS numbers were obsolete. Changed them. Asked about Windows updates and
was asked in return what are those? Asked about Blaster and Swen and got a
blank look. Changed the DNS numbers. Established connection and went to
windows update. 45 Critical updates needed. An estimated 52 megs, at 28K.
I knew something was hokey when I realized the machine was sending 5
bytes out for everyone it received. Managed to get ZoneAlarm free
installed. Teetoy.exe or toytee.exe, some such, sending lots of things to
port :135 at every ISP # it could scroll through. 188.8.131.52:135,
184.108.40.206:135, etc. A thousand or so sends every few seconds.
Stopped process to kill it and the system auto rebooted because it had
unexpectedly lost RPC. Needless to say the downloaded MS patches wouldn't
download. Hung up on the Softpack for hours. 2.1 megs initial followed by
a supposed 4,800 minute download during the install process. Never got
there. Every few minutes we were told the Softpack update server wasn't
responding and did we want to try again, or cancel. Where is the 800 phone
# to call for a free CD? Finally went home, got my old Norton IS 03 and
gave it to him as a gift and installed it on his machine for him. Again
where are the updates on CD? About 10 megs of updates. Took hours at 24K.
All the while NIS asking me over and over if toytee.exe and gameghost (he
has no games) can go on line to play. Showed him how to do the NAV NIS
upgrades a few more times and extracted a promise to run a complete scan
before going to bed (leaving the results on screen for me) and left for the
day at 7PM. Will be back there tomorrow to see where he is. Sure would be
nice to have a softpack CD rather than spend the day pressing try again
over and over when trying to get softpack installed by 28K modem.
Subject: RE: [Dshield] Re: Re: [Larholm/PivX] Proxy attackers/hijackers
From: "Nels Bels" <nelsbels at cableone.net>
Date: Mon, 20 Oct 2003 12:00:11 -0500
To: "'General DShield Discussion List'" <list at dshield.org>
Make SP, Hotfix, etc CD's available for free at Best Buy, Wal-Mart, K-Mart,
Radio Shack for free. Bundle the discs with new computers, give them to ISPs
to distribute to customers, etc. (I think the the ISPs would be on this to
save money tracking down virus and Spam spewing home computers)
That would help at least a little bit. There has to be tons of people that
would patch but the time to download issue is prohibitive to most "general"
That wouldn't help all though. We still would have folks that wouldn't
update, but it would help eliminate most.
>>>>On 18 Oct 2003 at 12:39, Thor Larholm wrote:
>>>>>> >> Let's be serious for a second and take their first monthly patch
>>>>>> >> as an example, 10-20 MB.
>>>>Expecting a home user, who is already apathetic about security to download
>>>>10 - 20 MB of patches over a dial-up is foolish. Admittedly John's
>>>>"gigabytes" is an exaggeration, but 10 - 20 MB is still unacceptable.
More information about the list