[ale] OT: Infected Winbloze machines

cfowler cfowler at outpostsentinel.com
Thu Jun 20 15:09:25 EDT 2002 

My winbloze boxes are in a MASQ environment.  So incoming is impossible
unless the ad crap is making an initial connection.  Problem is that
most make their connection out to port 80 the same as a web browser.  If
I cut that off, I'm screwed in IE.

Chris

On Thu, 2002-06-20 at 14:54, Zyman, Andy wrote:
> everything that u don't want to see. All income ftp/udp/tcp connections
> which are not related to what u need.
> Basically - smby asking to go to Your computer - does he need to connect?
> plus, monitor Your out coming connections. Before a ran ad-aware it was pain
> in the back to figure out who is trying to open connection and why....
> 
> > -----Original Message-----
> > From: cfowler [mailto:cfowler at outpostsentinel.com]
> > Sent: Thursday, June 20, 2002 3:01 PM
> > To: Zyman, Andy
> > Subject: RE: [ale] OT: Infected Winbloze machines
> > 
> > 
> > I have a firewall.  What should I block?
> > 
> > 
> > On Thu, 2002-06-20 at 14:51, Zyman, Andy wrote:
> > > run ad-aware.... You will find lots of interesting things 
> > on your machine.
> > > Plus get rid from _ALL_ p2p - Morpheuos, Kazaa etc. Install 
> > Kazaa lite. And
> > > sleep well.
> > > Plus i would also recommend to put firewall on Your win comp.
> > > AZ
> > > 
> > > > -----Original Message-----
> > > > From: cfowler [mailto:cfowler at outpostsentinel.com]
> > > > Sent: Thursday, June 20, 2002 2:57 PM
> > > > To: ale at ale.org
> > > > Subject: [ale] OT: Infected Winbloze machines
> > > > 
> > > > 
> > > > Well.  I;m starting to suspect Kazaa.  I went to luch 
> > today and cam
> > > > back. On my work machine was 2 porn pop-ups.  I had just logged in
> > > > before leaving and nothing was running.
> > > > 
> > > > I found 3 programs.
> > > > 
> > > > 1) EzSearch Bar
> > > > 2) n-CASE
> > > > 3) n-CASE
> > > > 
> > > > Now I do not know whow these progras go installed without my prior
> > > > approaval but I think Kazaa did it.  Is there a way to 
> > > > protect from this
> > > > infection?
> > > > 
> > > > Chris
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > ---
> > > > This message has been sent through the ALE general 
> > discussion list.
> > > > See http://www.ale.org/mailing-lists.shtml for more info. 
> > > > Problems should be 
> > > > sent to listmaster at ale dot org.
> > > > 
> > > 
> > > 
> > 
> > 
> 
> 



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list