Has anyone seen these popups??
Discussion
new ones to me... exactly what sort of sites (smut?) have you been looking at? I'll do that now, but Kazaa wasn't running, so although their hosts file might deflect the 'attack', what is launching them?
plotloss said: Download the latest hosts file from kazaalite.com that seems to stop them.
Is everyone who's had them running KazaaLite or something? What about MSN Messenger?
I tried to find out but couldnt work out what was throwing them. There is an update from September for the signature in ad-aware so if you havent got that perhaps that will expose the little blighter.
Interesting though they look like proper dialogue messages rather than the usual HTML popup arse that this sort of 'attack' manifests itself as.
Matt.
Interesting though they look like proper dialogue messages rather than the usual HTML popup arse that this sort of 'attack' manifests itself as.
Matt.
Chaps you are running personal firewall software aren't you? 
I guess not.
These use the standard messaging service built into every version of windows from 3.11 onwards, and if you can receive these, then your PC is not secure enough to be on the internet for more than a few minutes at a time.
Get yourself a copy of ZoneAlarm.
Putting something in your hosts file to stop these is like putting a bar on particular phone numbers to try and stop junk mail, sorry, direct marketing....
I guess not. These use the standard messaging service built into every version of windows from 3.11 onwards, and if you can receive these, then your PC is not secure enough to be on the internet for more than a few minutes at a time.
Get yourself a copy of ZoneAlarm.
Putting something in your hosts file to stop these is like putting a bar on particular phone numbers to try and stop junk mail, sorry, direct marketing....
Simular thing on the telly yesterday
http://news.bbc.co.uk/1/hi/technology/2446363.stm
All a scam in its various forms apparantly
http://news.bbc.co.uk/1/hi/technology/2446363.stm
All a scam in its various forms apparantly
nubbin said: I've never had these pop-ups - but the university one is constantly appearing in my e-mail as a text message (as well as several unsolicited porno websites) - any tips on getting rid of these?
I can have a look at them for you if you want. One of the things I do at work is investigate spam.
CarZee said: hmm.. messenger service duly disabled.. forever.. never really use it anyway..
I'm not convinced about it coming via port 135 though - I'm behind a firewall at home & I only open ports on an 'as necessary' basis.. 135 isn't one of them.
Without a network trace I couldn't tell you how it got through, but there are ways of getting past the basic firewalls that tend to get included in SOHO router type things.
I can put a sniffer on it myself & find that out - if I can be arsed.. the problem is the sheer volume of traffic that'd be captured before you got a bite..
I get these things a couple every four or five days at
the moment..
Anyway I don't have a SOHO firewall router - I have IPChains on Linux and MS ISA server..
I get these things a couple every four or five days at
the moment..
Anyway I don't have a SOHO firewall router - I have IPChains on Linux and MS ISA server..
That's why I have both - even on a stateful conection though, I've no rules that would allow the opening of a back-channel on any of the MS services ports.. the more I think about it the more curious it seems, the more inclined I am to just sit a sniffer on the line for a few days..
or maybe I'm just imagining that I've had it at home..
Well, I've turned messenger off at work now so I'll know if I see it again - it'll be at home inside my so--called protected network.
or maybe I'm just imagining that I've had it at home..
Well, I've turned messenger off at work now so I'll know if I see it again - it'll be at home inside my so--called protected network
. If you're using a recent Linux kernel, get iptables and fwbuilder. IPtables is the stateful firewall down in the kernel, fwbuilder is a (Gnome, I think) GUI to generate configs for it.
The fwbuilder interface is similar to firewall-1, but not quite as slick, although as it lets you set up input/forward/output firewalls independantly the policies can get quite complex.
Still, pretty good for free.
I've seen "popups" like this now and again that are, in fact, generated by Javascrpt within the browser. They look like a real window, but aren't in fact a real window - the borders & controls are just part of an image displayed in a borderless window. That might explain people seeing similar things to the two above, even with NetBIOS ports closed as they should be.
The fwbuilder interface is similar to firewall-1, but not quite as slick, although as it lets you set up input/forward/output firewalls independantly the policies can get quite complex.
Still, pretty good for free.
I've seen "popups" like this now and again that are, in fact, generated by Javascrpt within the browser. They look like a real window, but aren't in fact a real window - the borders & controls are just part of an image displayed in a borderless window. That might explain people seeing similar things to the two above, even with NetBIOS ports closed as they should be.
Gassing Station | General Gassing [Archive] | Top of Page | What's New | My Stuff