|  | | 
07-22-2010, 09:23 AM
|  | Registered User | | | |  MALWARE--> results.google-analytics.com, videocop.com <--MALWARE
Sign in to disble this ad
For the past several hours I've been sporadically re-directed to what looks to be a phony Google start page when I click on an increasing number of links on TalkBass.
In the most recent occurrence I was redirected to a site which the Firefox Add-on WOT (Web Of Trust) identified as being dangerous and thus blocked. In the ULR box of the intercepted redirect was 'http://results.google-analytics.com/', so I Googled 'http://results.google-analytics.com/, malware' and found that quite a few Windows and Mac users (I'm using Ubuntu 10.04) have been experiencing the same problem in Firefox and in Safari. CAUTION. WOT tagged these links from the first page of the above Google search as being dangerous and there's likely more on other pages of the said search results: Remove Results.google-analytics.com With Simple Remover Software ... Results.google-analytics.com Removal Guide, Remove Search Hijacker ... Results.google-analytics.com Removal Guide
--------
EDIT:
If you're running Firefox then you may wish to use the following Add-ons if you aren't doing so already, since they seem to harden Firefox against security issues in general, and the hijacking issue in particular--for now...
An updated list:
- Ghostery
- Adblock Plus
- NoScript
- Flashblock
- Beef Taco
- WOT
- BetterPrivacy "Super-Cookie Safeguard"
- Redirect Cleaner
- Flagfox
(And optionally, this time saving bookmark and password synchronizer):
- Xmarks
Please Google each of the above Add-ons in turn to learn what they do before installing them.
Also please download Firefox Add-ons only from Mozilla. Once one has the Add-on WOT (Web Of Trust) running, one can see that there are attack sites which use offerings of legitimate software to lure in computer users.
For Ubuntu: After using Xmarks to back up your bookmarks and passwords, BleachBit can be used wipe clean Firefox's (and other apps. & utils.) cache files etc to get rid of unwanted, performance impairing crud. It can be installed from the Ubuntu Repositories: 
After backing up my bookmarks and passwords via Xmarks, I used BleachBit to clean out Firefox (all of the Add-ons I had installed were retained) and then restored said bookmarks & passwords from Xmarks' on-line server. The result was a slight but noticeable performance improvement in Firefox--and hopefully the elimination of anything nasty. 
I've also posted a link to this thread in TalkBass Forums > Customer Service > Forum Usage Issues.
Thank you.
--------
BROWSER, REDIRECT, HIJACK, HIJACKING, SUPER COOKIES
Last edited by MIJ-VI : 09-10-2010 at 07:43 PM.
Reason: More info.
|
08-01-2010, 02:44 PM
|  | I have a very tasty head. | | Join Date: Mar 2005 Location: NJ | | | Thank you, these are great tips! |
08-01-2010, 02:51 PM
| | Registered User | | | | Quote:
Originally Posted by Horny Toad  Thank you, these are great tips! | They are--- if they work. *crosses fingers*
We shall see... |
08-01-2010, 02:53 PM
| | I have a very tasty head. | | Join Date: Mar 2005 Location: NJ | | | That you're trying to raise awareness is definitely a good thing. I get lazy sometimes because I run Linux, and I assume my system is immune as long as I keep it updated. |
08-01-2010, 03:50 PM
| | Registered User | | | | Quote:
Originally Posted by Horny Toad That you're trying to raise awareness is definitely a good thing. I get lazy sometimes because I run Linux, and I assume my system is immune as long as I keep it updated. | I too use GNU/Linux (Ubuntu 10.04) and generally this is true.
However, cross-platform browser exploits throw a wrench in the works for all computer users.
--------
To those who are thinking about trying GNU/Linux:
The growing popularity of GNU/Linux (spearheaded by Ubuntu due to its ease-of-use) is largely taking the form of former Windows users who are accustomed to installing this & that from sites all over the Internet (when they really should be sourcing additional apps. & utilities from their distro's repositories until they better understand how their new OS works).
This innocent (and naive) stumbling about is bound to result in more GNU/Linux machines being compromised via 'dupe-ware' in which users are tricked into running malicious commands and/or mysterious scripts which damage software and/or imperil their PC's security.
Thus ALL GNU/Linux users should:
- never run their machines as root (or super user), and
- never run any command or script until after they completely understand what the results of doing so will be.
Google is one's friend in this, and so is the informed fellowship of the various GNU/Linux distros' discussion forums. Properly implemented and managed some flavours of GNU/Linux are reliable and secure enough for mission-critical use.
As always: be a friend to your tools, and your tools will be a friend to you.
--------
Though ostensibly about Ubuntu Studio 9.10 there's plenty of general Ubuntu hardware and software links in this thread. |
08-02-2010, 07:28 AM
| | I have a very tasty head. | | Join Date: Mar 2005 Location: NJ | | Looks like another good Firefox addon:
Beef Taco (Targeted Advertising Cookie Opt-Out)
"Sets permanent opt-out cookies to stop behavioral advertising by 102 different advertising networks, including Google, Yahoo, Microsoft, all members of the Network Advertising Initiative, and many other companies." https://addons.mozilla.org/en-US/firefox/addon/180650/ |
08-02-2010, 09:31 AM
| | Registered User | | | | Quote:
Originally Posted by Horny Toad Looks like another good Firefox addon:
Beef Taco (Targeted Advertising Cookie Opt-Out)
"Sets permanent opt-out cookies to stop behavioral advertising by 102 different advertising networks, including Google, Yahoo, Microsoft, all members of the Network Advertising Initiative, and many other companies." https://addons.mozilla.org/en-US/firefox/addon/180650/ | Hmm... Interesting...
I decided to Google ' Beef Taco (Targeted Advertising Cookie Opt-Out), malware' to see if I could dig up anything before installing Beef Taco (five pages of search results yielded no dirt on Beef Taco although some of the sites offering it were marked by WOT as being dangerous) and from this thread...
Reviews for Targeted Advertising Cookie Opt-Out (TACO) https://addons.mozilla.org/en-US/fir.../display/11073
...I found this eye-opening post by one Ty Evans from July 16, 2010:
"Sadly, there is no software currently available anywhere that will remove Flash Cookies. All any of these programs do at best is temporarily remove some of them. The developers of these flash cookies are very aware of all these deletion attempts, so they add a variety of codes that prevent any deletions. The programs move the cookies to several different files in the system which allows them to continuously repopulate immediately after they are removed from any of the locations. No developer of any of these deletion programs has come up with a way to find and delete these flash cookies all at the same time, and prevent them from being added again. One of the biggest culprits is Adobe with their Flash Player, along with other programs, which has always been a security risk and still is. Adobe is in cooperation with the advertising community and develops their products in cooperation with them, with features that allow advertisers to use the Adobe Flash Player to infiltrate any computer using the Flash Player and place flash cookies on any user’s system. The Adobe Flash Player therefore as a result is very vulnerable to hackers, etc. If advertisers can use it to place Flash Cookies on a user’s system, a hacker can easily place a Trojan program or any other type program on anyone’s system. The Adobe Flash Player is especially vulnerable when a user allows the Flash Player to take control of their webcam and microphone hardware. The Adobe Flash Player is FREE to the user. Adobe does not charge the user for the Flash Player; they get paid by the advertisers. That’s how Adobe makes their money for Flash Player. Even more insidious is they way Adobe provides the settings feature for Flash Player; it’s controlled by them on their site, and apparently the advertisers as well. Users who attempt to change the settings only think they are being changed. This is another way in which Adobe and the advertisers trick users. The settings will return to the original state the advertisers have programmed them for to ensure that they can continue to place Flash Cookies on a user’s system. A user can verify this by selecting the settings option, which accesses the Adobe site, then change the settings to their preferences, and then close the program. Then restart the program and access the settings again. The user will discover that the settings have been changed back to the way Adobe and the advertisers set them. There are numerous reliable sources that support these facts. Anyone who disputes them is likely a plant or part of the Adobe and advertiser ilk.
Here are a couple of sites where you can verify these facts (there are many more, just do your research): http://www.wired.com/epicenter/2009/...s-think-again/ http://lifehacker.com/5334984/web-si...-your-activity
It's sad that this is how unscrupulous these businesses are, but that's what greedy companies do everywhere. Ethics are not a part of any business like these.
Good luck!"
And a few Google search results pages later I found this must-read piece on a site named Slashdot:
Hackers Use Banner Ads on Major Sites to Hijack Your PC http://it.slashdot.org/it/07/11/19/1517209.shtml |
08-02-2010, 09:40 AM
|  | You don't want to do that. Trust me. Forum Administrator | | Join Date: Mar 2000 Location: atlanta ga | |
__________________ Talkbass Forum Administrator Ask me, I'm here to help. Lord Only on Myspace - 4 New Lord Only Tracks from our 2nd CD Lord Only - yes. we're back. sorta versatile residue -12 minute instrumental I find it elevating and exhilarating to discover that we live in a universe which permits the evolution of molecular machines as intricate and subtle as we. - Carl Sagan Rock 'n' Roll... It's got nothing to do with journalists, and it hasn't really even got anything to do with musicians, either. - Pete Townsend |
08-02-2010, 10:11 AM
| | Registered User | | | | Quote:
Originally Posted by john turner | Man, this just keeps getting thicker! |
08-02-2010, 10:20 AM
| | I have a very tasty head. | | Join Date: Mar 2005 Location: NJ | | | |
08-10-2010, 08:12 PM
|  | Registered User | | Join Date: Aug 2004 Location: St Louis Area | | | Mozilla Firefox - FlashBlock Add On
I use the Flashblock add-on for Firefox - doesn't allow flash content to load onto your computer. Not saying it's 100% effective against anything, but it sure works as described. https://addons.mozilla.org/en-US/firefox/addon/433/
__________________
SansAmp RBI|Avatar TB153|
Clubs:
Acoustic Amp Club #132
Black-n-Maple Club Member
Passive Club #83
SX Club Member In Good Standing
Schecter Club #302
|
08-11-2010, 12:22 AM
| | Registered User | | | | What began as a moment of mirth in this post...
...soon produced (perhaps by coincidence as this browser redirect problem has been dragging on for a while now) an intrusion attempt alert in Firestarter (a firewall commonly employed by Ubuntu users): Time: Aug 11 00:26:10 Source: 213.109.65.90 Destination:  In IF: wlan0 Out IF: Port: 53 Length: 88 ToS: 0x00 Protocol: ICMP Service: DNS
So I checked out the source of said attempt: 213.109.65.90 IP Whois / Whois IP 213.109.65.90
213.109.65.90 IP:
213.109.65.90 213.109.65.90 server location:
Russian Federation 213.109.65.90 ISP:
ProLite Ltd. 213.109.65.90 Whois Information % This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net[Who Is Domain][trace][Reverse DNS Search]/db/support/db-terms-conditions.pdf
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '213.109.64.0[Who Is IP][trace][Reverse IP Search] - 213.109.79.255[Who Is IP][trace][Reverse IP Search]'
inetnum: 213.109.64.0[Who Is IP][trace][Reverse IP Search] - 213.109.79.255[Who Is IP][trace][Reverse IP Search]
netname: PROLITE-NET
descr: ProLite Ltd.
country: RU
org: ORG-PL83-RIPE
admin-c: NF1275-RIPE
tech-c: NF1275-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: MNT-PROLITE
mnt-routes: MNT-PROLITE
mnt-domains: MNT-PROLITE
source: RIPE # Filtered
organisation: ORG-PL83-RIPE
org-name: ProLite Ltd.
org-type: OTHER
address: Russia, Nizhniy Novgorod, Pecherskiy syezd 22, off.12
e-mail: [Who Is Domain][trace][Reverse DNS Search]
mnt-ref: MNT-PROLITE
mnt-by: MNT-PROLITE
source: RIPE # Filtered
person: Nikolay N. Filimonov
address: Russia, Nizhniy Novgorod, Pecherskiy syezd 22, off.12
phone: +7 831 4284242
nic-hdl: NF1275-RIPE
source: RIPE # Filtered
mnt-by: MNT-PROLITE
% Information related to '213.109.64.0[Who Is IP][trace][Reverse IP Search]/20AS49727'
route: 213.109.64.0[Who Is IP][trace][Reverse IP Search]/20
descr: ProLite
origin: AS49727
mnt-by: MNT-PROLITE
mnt-routes: MNT-PROLITE
source: RIPE # Filtered
% Information related to '213.109.64.0[Who Is IP][trace][Reverse IP Search]/21AS49727'
route: 213.109.64.0[Who Is IP][trace][Reverse IP Search]/21
descr: ProLite
origin: AS49727
mnt-by: MNT-PROLITE
source: RIPE # Filtered
Can anyone shed light on this?
Thank you.
--------
UPDATE:
"Poisoned" Router DNS Settings http://www.technibble.com/forums/sho...d.php?p=146396
"FYI
Discovered a new one today (new to me!). A virus that changed the DNS settings in a Netgear WPN824 router. The router had the default password. A quick search on the Internet shows routers "poisoned" by viruses that can modify router settings when the user has NOT changed the default password. Y'all be sure to change your default passwords on customer routers (I usually do this).
Background:
Customer brings me an infected laptop that has a hijacked browser and I pulled the hard disk and slaved to my bench PC to clean it (SOP). It had several Java script viruses (AVG shows twitters.class, skypeqd.class, mailvue.class, AppleT.class all in jar_cache). Removed viruses with AVG.
So I gave the laptop a "clean up/tune up" afterward. Customer picks up laptop, goes back home, and calls me within hours: "it's still going to the wrong web sites". So I ask him to drop it back by the shop to check it out again. Pull the hard disk, scan with AVG & Malwarebytes and it's clean. The browser is NOT hijacked in my shop. Put it back into PC and scan with his AVG & Malwarebytes and it's clean. He calls while I have it and says: "now my wife's laptop is hijacked!". I pack up his machine and go over to his home and run an IPCONFIG /ALL in a CMD window and the DNS servers shown is 213.109.64.5 (which resolves to a Russian network!) Wow!
Go into his Netgear router and low and behold the DNS setting has been changed from "Get Automatically from ISP" to "use these DNS Servers" with the above numbers typed in. Bingo. Change it to "Get Automatically from ISP" and it's all good.
It is a good reason to always change the default password."
--------
EDIT:
If your PC's firewall reports an intrusion attempt then you can use one of these tools to run a trace on the would-be intruder: http://www.networksolutions.com/whois/index.jsp http://www.ip-adress.com/ http://whois.domaintools.com/
I expect that this is one tool being used by intruders to take control of unprotected routers: http://www.routeripaddress.com/routers/162...ns_wi1040n.html
And here's another: Default Password List
Last updated: 08.13.2010
Last edited by MIJ-VI : 08-18-2010 at 06:47 AM.
|
08-12-2010, 08:27 PM
| | Registered User | | | | | Firewall info & options for GNU/Linux, Windows, and Mac:
For everyone:
Comparison of firewalls FirewallBuilder: a cross-platform, feature-rich firewall available from the Ubuntu & other distros repos and as a commercial version for Windows and Mac. For Ubuntu: Easy... Firewall Ubuntu GUFW
Two other GUI-based firewalls for Ubuntu are * Firestarter, and Guarddog (whose functions offer helpful explanations).
And like GUFW, they're both in the **Ubuntu Repositories and can be downloaded via Ubuntu Software Center or Synaptic Package Manager.
* How-To: Firestarter on startup (better & safer way)
And if you are using **Samba (the standard Windows interoperability suite of programs for GNU/Linux and Unix i.e. file & print sharing): Firestarter firewall settings with Samba and Ubuntu Lucid 10.04 LTS  Harder... Firewall Ubuntu Desktops  Harder still...  Firewall Ubuntu Servers  Suck it up! We're goin' IN!  Iptables Primer
--------
An explanatory excerpt from Guarddog's on-line manual: What is a firewall and why do I need one?
"A firewall is a software and/or hardware tool for defending a computer or network of computers, from attacks via the network performed by malicious or curious computer users. It protects by restricting what hostile computers are permitted to do to the protected computers. It does this by filtering and blocking the network communication between the protected computers and the Internet at large.
With the arrival of fast, permanent, 24 hour/7 day, internet connections for home users, your computer is now exposed to constant attacks from anywhere in the world. You may ask yourself "why would anyone want to break into my computer? I don't have anything important". Actually you do, even a home computer stores usernames and passwords for connecting to the internet, personal email, possibly financial information and perhaps even credit card information. Even without these things, your computer can be used as a stepping stone by malicious users (often called 'crackers') to attack other computers. The worst part of this is that these further attacks will look like they are coming from you!..."
Last edited by MIJ-VI : 08-27-2010 at 05:07 AM.
|
08-12-2010, 10:00 PM
| | Registered User | | | | | For Ubuntu...
Are hackers pinging your firewall with the persistence of telemarketers at mealtimes?
If so... 
HOWTO: Graphical IP Blocker http://ubuntuforums.org/showthread.php?t=530183
EDIT: If you'd rather download and install the .deb file yourself, it is available in both i386 (32 bit) and amd64 (64 bit) versions via the download link found on the following web page: IPBlock - Graphical IP Blocker http://www.ubuntugeek.com/ipblock-gr...p-blocker.html
" iplist allows users with no or basic knowledge of iptables to filter (e.g. to block) network traffic based on (automatically updated) lists. These lists have various formats and are sorted by different categories (e.g. countries, adware, corporations).
IPBlock (iplist) Features
* to protect your privacy while sharing with others
* to ban unwanted clients from servers
* to block whole countries or networks
* to block spam- and ad-servers..."
--------
If anyone knows of an effective IP Blocker for Windows or Macintosh, then please post a link.
Thank you.
Last edited by MIJ-VI : 08-14-2010 at 06:56 AM.
|
08-13-2010, 01:23 AM
| | Registered User | | | | | |
08-14-2010, 04:49 AM
| | Registered User | | | | |
Last edited by MIJ-VI : 08-14-2010 at 04:56 AM.
|
08-14-2010, 05:49 AM
| | Registered User | | | | If your computer's firewall reports that someone is trying to probe your PC's ports  , then this will help you to learn what those ports are used for: List of TCP and UDP port numbers |
08-18-2010, 11:11 AM
| | Registered User | | | | My non-tech-savvy neighbour is sharing her Wi-Fi router with me (I pay half of her monthly bill) but it got hijacked by a hacker in Russia.
Here is a screen-shot and the details:  http://www.facebook.com/group.php?gi...&ref=fbx_album
And here's a thread post on a remedy for the router hijacking problem--caused by the same hacker http://www.technibble.com/forums/sho...18&postcount=1
I've posted this info here in case anyone else has been experiencing weird behaviour with their Internet connection. |
08-19-2010, 03:24 AM
| | Registered User | | | | | Internet anonymity
Last edited by MIJ-VI : 08-27-2010 at 05:14 AM.
| | Thread Tools | Search this Thread | | | | 
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts
HTML code is Off | | | |
