Amiga.org
Amiga computer related discussion => Amiga Software Issues and Discussion => Topic started by: whabang on September 12, 2004, 01:24:00 PM
-
Someone, who has me in the address book, has a computer infected with the Netsky-B worm. As most of my non-swedish contacts are on AO (Yes, I need a life! :-)), I believe that it's someone on this board.
If you recieve anything that comes from my address (ghu052l@tninet.se or connie@whabang.tk), and has an attatched executable, DELETE IT IMMEDIATELY!
The e-mail address is spoofed, from the infected computer's address book.
-
A good free Windows Anti-Virus package is AVI from Grisoft.
Just register an e-mail address and you have free virus checker. (For persional/home use only)
http://www.grisoft.com/us/us_dwnl_free.php (http://www.grisoft.com/us/us_dwnl_free.php)
-
I use AVG and it's excellent.
srg
-
This is also a good free one, AntiVir:
http://www.free-av.com/
:-D
EDIT:
Oh no! Why am I replying to this PC-thread ...
:shocked:
:lol:
-
Remember that virtually all email viruses spoof the from address. While there is a chance that Amiga.org users' computers have been infected with viruses, it is worth taking that into account as well.
On two occasions I've received viruses from my own email address. And no, my computer hasn't had a virus infection in years.
-
Netsky is the main one that does that email spoofing BTW
-
Also remember if you have a common first part of your email adress such as yourfirstname@myisp.xx there are viruses that use name-lists (of common firstnames and alike) and will sniff upp all domains found on an infected machine and send mails to all names in it's name-list + all domains found on the infected machine.
I know... got boomber with up to 500 virus mails a day on my brian@myisp.xx when MyDoom first started it's terror due to this "feature" (calculating around 100K a mail I had to empty my inbox several times a day over a 2 week period due to this or no legit mail would've had a chanse to reach me, damn my ISP for not offering antivirus on incomming mails!).
-
mikeymike wrote:
Remember that virtually all email viruses spoof the from address. While there is a chance that Amiga.org users' computers have been infected with viruses, it is worth taking that into account as well.
On two occasions I've received viruses from my own email address. And no, my computer hasn't had a virus infection in years.
Netsky takes the sender address from the infected computer's (Outlook's) address book, thus, if someone you know gets infected, you get viruses "from" everyone in his address book.
-
Viruses can also pick up email adresses from documents and alike on the infected machine so it's a big effort trying to pinpoint who is infected.
Instead of trying to find who is infected it's better to put your resources into keeping your own backyard safe.
-
Everyone who uses a pc that has windows installed should have a look at PrevX (http://www.prevx.com) its kinda like a firewall for your system files and registry, it will stop all viri, spyware etc etc dead in their tracks, this is a great bit of software, i would recommend you all install it.
-
Zone Alarm Plus and McAfee Anti-Virus Suite for 24/7 protection, with Adware and Spybot, free from Kim Kommando, for post surfing.
-
And another good set of tool's are,
Provixy get rid of those darn add's on web site. Also you can have some serious silly fun with this
http://sourceforge.net/projects/ijbswa/ (http://sourceforge.net/projects/ijbswa/)
And Google Toolbar for IE (to stop pop ups and for searching Google)
http://toolbar.google.com/ (http://toolbar.google.com/)
-
Here's my advice on avoiding viruses/spyware:
* Don't use IE/OE/Outlook
* Don't rely on a firewall to keep you safe
* Don't rely on your anti-virus scanner to keep you safe
* Don't open attachments with suspicious file extensions, and if you're not sure about an attachment, email the sender and ask them if they meant to sent it to you. Then try the file with the virus scanner.
No anti-virus software is foolproof or invulnerable. Windows-based firewalls are far more flawed than most AV software. Learning a few lessons which should be common knowledge will keep you far more safe.
-
Zone Alarm Plus and McAfee Anti-Virus Suite for 24/7 protection
I too used Zone Alarm but then i found out there is something wrong with it, i kept losing my connection about every 20 minutes shareaza would not login or it would login but lose the connection very quickly, all my browsers that i use would just say resolving host, i could not figure it out but then i went to the shareaza forum and someone said it was zone alarm something to do with its filters so i changed to Sygate firewall and noticed straight away that my problems had gone, Zone Alarm had caused it all. oh and it was also the cause of the high ping i would get on medal of honor.
-
I agree with MikeyMike; far to many people put to much trust in their SW, when they should keep their systems patched.
Another good thing is to shut down your computers when they are not used; there are no excuse for having them on-line withoug purpose.
Don't use a static IP unless you need to.
Don't use ZoneAlarm at all (it causes low-IDs in eMule anyway).
Regularily go through your computer, looking for anything suspicious.
-
whabang wrote:
Don't use a static IP unless you need to.
I disagree. The usefulness of having a static IP outweighs the fringe "security through obscurity" benefit of having a dynamically-assigned IP address. At the end of the day, if someone is looking for a machine to hack into, they'll just scan an entire IP range for machines with vulnerable services running. If your machine was successfully hacked into, typically a program is left running on your machine which will advertise your hacked machine's existence on the Internet, mostly in the form of connecting to an IRC server and waiting for instructions.
Don't use ZoneAlarm at all (it causes low-IDs in eMule anyway).
I totally agree with this, but most Windows-based firewalls are about as useful as a monkey with five asses.
I've written an article about software firewalls here:
http://www.mikeymike.org.uk/mikes/040829.html
Regularily go through your computer, looking for anything suspicious.
This requires a bit more knowledge, though it is worth knowing. Get acquainted with what processes are normally running on your computer, you can use Task Manager (right-click on the taskbar, there's an option for it there) to see the process list. You can search for executable names in google, and if they come up as spyware/viruses, you know you've got a problem. Otherwise, if you see a process you can't account for, investigate it more thoroughly.
When checking customers' machines, I generally run a scan with Ad-Aware on their machines, and for new customers, there hasn't been one yet whose machine didn't light up like a spyware christmas tree (admittedly Ad-Aware has one false-positive I'm aware of, but it also considers most cookies as spyware, which is a bit of an over-reaction).
I don't run a virus scanner for on-access scanning. I avoid dodgy attachments, it helps that my friends are competent computer users though. I otherwise run a spyware scan and virus scan probably about once or twice a month. On the rare occasion I need to install unknown new software, I manually virus/spy scan the installer, then virus/spy scan my system after the installation.
But if you use a decent browser and mail client, (eg. not one by MS), you cut down the amount of risk you're taking by at least half. The rest is down to what ought to be common sense then.
Otherwise, keeping software patched is a good idea. And don't forget, companies do not email software updates to customers!
-
I disagree. The usefulness of having a static IP outweighs the fringe "security through obscurity" benefit of having a dynamically-assigned IP address.
Well. If you find a Static IP useful, then do so. If you don't see any reason for having a static IP, other than "It's cool", then I suggest sticking to dynamic IPs.
I've enjoyed the benefits of dynamic IPs a few times when I've cheated too much on-line! :lol:
-
Here's what I use. First line of defence... a simple router... then ZAp and F-Secure (updated daily). For mails I use MailWasherPro to scan all mails and read them without HTML etc support before passing on the mails that are left to OE... attachments are evil and aren't blody likley to get in without me knowing exactly what it is first.
Safety is relative... to be compleatly safe the computer should be unplugged and in storage but that's no fun... I've done what I find resonalbe and I find myself resonable safe.
-
i'd reccomend webroot's spy sweeper, rather than spybot or adaware - it finds more, trust me, i've done it a thousand times in the last few weeks, - i've been working in a comp shop, and about 90% of the work is due to virus / spyware, and people not being internet safe, basically, i'd also recomend norton over mcafee, (this is personal taste).
i wouldnt use zonealarm - id also choose sygate, but i have a hardware firewall, which id reccomend to anyone anyway - over software firewalls anyway
also if you have a HOSTS file with blocking these are useful,
and for those who use msnmessenger block RAD.MSN.COM - it'll block the random ads at the bottom :)
and therefore no stupid adverts and silly spyware will attack you from there
also get firefox, its great