 sj |
||
|
||
Tech: Mudcat Spyware Warning
|
|
|
|||||||
|
Tech: Mudcat Spyware Warning |
Share Thread
|
||||||
|
Subject: Tech: Mudcat Spyware Warning From: Long Firm Freddie Date: 02 Jul 04 - 01:28 AM I just went into Mudcat and got a pop-up message saying that mudcat.org had detected spyware on my computer and advised me to click on a link to download some software to remove it. I just closed the browser down and went into Mudcat again, so I could post this thread and check with people whether they've experienced anything similar. I'm running Ad-aware as a precaution. Any thoughts as to what's going on? LFF |
|
Subject: RE: Tech: Mudcat Spyware Warning From: Long Firm Freddie Date: 02 Jul 04 - 01:30 AM And I just got another pop up asking me if I was tired of pop ups and inviting me to click on the link to download software again! LFF |
|
Subject: RE: Tech: Mudcat Spyware Warning From: The Fooles Troupe Date: 02 Jul 04 - 01:37 AM So now Mudcat detects Spyware! Cool Jeff! ...at least that's what I'd say if I didn't believe that something else was happening... |
|
Subject: RE: Tech: Mudcat Spyware Warning From: Joe Offer Date: 02 Jul 04 - 01:46 AM mudcat.org had detected spyware on my computer?? That doesn't doesn't sound like usual behavior for that sort of thing, but I guess it's possible. I'll alert Jeff and Max, and see if they can come up with an answer. I would think it's something you picked up somewhere else that may be spoofing that it comes from Mudcat, but you never know. Spyware has become very obnoxious lately. Thanks for letting us know. -Joe Offer- Here's a typical complaint about the same problem - but note that the popup usually says Windows has detected spyware. Looks like the culprit might be XoftSpy, but that's puzzling. Ziff-Davis, PC World, download.com and other reputable download sites, all offer XoftSpy for download.
I'd suggest a freeware program called Spybot Search and Destroy. Some adware programs masquerade as spyware removers, so you have to be careful what you download and where you get it. Spybot S&D is almost universally recommended.
|
|
Subject: RE: Tech: Mudcat Spyware Warning From: JohnInKansas Date: 02 Jul 04 - 02:01 AM So far as has been reported here, it is unlikely that the popups you are seeing are related to mudcat. The are numerous ways that you can "acquire" scripts that can initiate popups on your machine. Since they are generally NOT a virus, it requires something other than standard AV software to block them. Some of them, if they manage to get themselves on your machine, will "pop up" at random, often when you change web pages (apparently an attempt to make you think it came from the page you just opened?). You can run AdAware to remove some kinds of Adware/Spyware, but it does not normally block the download of such stuff on a "real-time" basis. When you visit a site that "offers" one of these pieces of crud, it may be downloaded to your machine, and AdAware cannot usually prevent that from happening. (There is an AdAware setting for "real-time guarding," if you have the "paid version;" but it's not terribly effective.) You MUST run AdAware periodically to remove any such crud you may have acquired, and if you want any real "protection" you need updates to the "signatures" that AdAware looks for about as often as you update your AV software and signatures. There are a few ads posted at mudcat (by Google) but these are just "inserted" on the page you're looking at - not popups in any real sense. While it's not impossible that an "infected" page might find its way to mudcat, there have been no reports of anything of that sort here. The most likely thing is that you "acquired" a script that is running on your machine, that just happens to pop-up when you change pages. Sometimes just clearing unwanted cookies and deleting your browser history will get rid of the less obnoxious of these. Running AdAware may remove more nasty ones. Occasionally you'll run into one that requires a different removal, so you might want to add Spybot to your tools. Others may recommend different cleanup tools. Of course, while you're cleaning up, you'll want to update your AV signatures and do a full scan there too. John |
|
Subject: RE: Tech: Mudcat Spyware Warning From: Amos Date: 02 Jul 04 - 08:59 AM Upgrade to OS X....you'll never regret it! A |
|
Subject: RE: Tech: Mudcat Spyware Warning From: GUEST,M'Grath of Altcar Date: 02 Jul 04 - 12:23 PM 9.2 rules ! |
|
Subject: RE: Tech: Mudcat Spyware Warning From: Max Date: 02 Jul 04 - 12:53 PM Mudcat has no spyware, spyware detection and no popups. Its in your browser or OS. It has nothing to do with mudcat.org. |
|
Subject: RE: Tech: Mudcat Spyware Warning From: Bill D Date: 02 Jul 04 - 01:00 PM the 'honest' Spyware detectors, like Spybot Search & Destroy don't 'pop-up' any messages...***ANYTIME*** a message pops up on your screen like that it is either an attempt to SELL you something, or an attempt to get you to click on a link that will instll REAL Spyware.... that's ANYTIME!!!....did I mention that? Oh, yes...I see I did. If I could make a message pop-up telling you not to click on the previous pop-up message, I would. |
|
Subject: RE: Tech: Mudcat Spyware Warning From: Stilly River Sage Date: 02 Jul 04 - 01:19 PM Bill is absolutely correct. And since it is spoofing mudcat in it's message, it's pretty certain you already have something not-so-good going on in your system. The IT folks at the university library where I work have us use a cocktail of free programs, Spybot Search & Destroy and Lavasoft's Ad-Aware to get rid of about 85-90% of the nasty stuff. They are best when used together. SRS |
|
Subject: RE: Tech: Mudcat Spyware Warning From: MudGuard Date: 02 Jul 04 - 01:28 PM Freddie, may I have a guess? You are using that security hole of a browser called Internet Explorer. After you have cleaned your system of whatever caused the popups, get yourself a decent browser like Mozilla or Firebird or Opera. And while you are at it, replace Outlook/Outlook Expreß by Thunderbird or any other non-Microsoft mail software. |
|
Subject: RE: Tech: Mudcat Spyware Warning From: Bill D Date: 02 Jul 04 - 04:24 PM MudGuard has it right!...Mozilla's Firefox (Firebird has been renamed) is fast becoming a VERY highly regarded browser...and it can be customized almost infinitely. (I still prefer Opera for many tasks..just because I love the interface and internal speed...but I have both, and only use IE for a very few things that wont work without it...(some things seem to *require* that da***ed 'ActiveX', like editing an email account setup I just setup) |
|
Subject: RE: Tech: Mudcat Spyware Warning From: treewind Date: 02 Jul 04 - 04:59 PM A safer OS is a good plan (whether its OSX or Linux) but for those who can't change that (including me at work) web browsers and email clients from anyone except MS are a good plan. I use Mozilla for a browser and it's not bad for email either. Haven't tried Firefox yet. I've read comment in the online news sites that AV vendors should be taking more interest in spyware and similar trojans, not just focusing on signature-matching of email borne viruses. I see that Sophos have branched out into spam filtering. Anyway... another time recently on Mudcat someone posted a link to a cure for a particularly pernicious piece of popup-ware. It involved editing the registry and deleting certain files. It's woth Googling for solutions like that, bound to come up on an online forum sooner or later. Anahata |
|
Subject: RE: Tech: Mudcat Spyware Warning From: Long Firm Freddie Date: 03 Jul 04 - 02:39 AM Thanks so much everyone for all your detailed, helpful suggestions. I shall get to work on this and report back. And yes, Mudguard, I have been using Internet Explorer. But not for much longer! LFF |
|
Subject: RE: Tech: Mudcat Spyware Warning From: MudGuard Date: 03 Jul 04 - 03:15 AM Bill, sorry for that FireBird slip - but with the constant renaming of that piece of software... |
|
Subject: RE: Tech: Mudcat Spyware Warning From: GUEST Date: 03 Jul 04 - 10:57 AM Well, I've run Spybot and Ad-Aware, and installed Firefox and Thunderbird, which are great. Everything seems hunky-dory, no more pop ups, so many thanks to everyone. I just looked at the thread title again and it struck me that it could have been taken as an attempt to warn people that Mudcat was responsible for what was happening. If I gave that impression, I'm sorry and I certainly didn't mean to. I happily acknowledge that Max & co wouldn't dream of doing anything like that. LFF |
|
Subject: RE: Tech: Mudcat Spyware Warning From: Bill D Date: 03 Jul 04 - 11:34 AM no problem, LFF...we're just glad it's working better. It's too bad we have to work so dang hard to feel safe! |
|
Subject: RE: Tech: Mudcat Spyware Warning From: JohnInKansas Date: 03 Jul 04 - 04:31 PM A new "web virus" was reported within the last couple of weeks that can download a small "bug" that once on your machine would connect to a site where spyware would be downloaded. The spyware was of the nasty "keystroke logger" variety that attempted to record things like credit card numbers etc. The significance(?) of this particular one was that the "infection" was on servers, in the form of corrupt JavaScript. To be successfully placed on a server, three separate "vulnerabilities" had to be present on the server. Fixes for two of the required vulnerabilities were published a year or more ago, so any server with either or both of the patches could not be infected - at least not with a "functional" bug. There is no "fix" as yet for the third "vulnerability," but users can prevent download of this particular spyware by setting browser security to "the highest levels" and by disabling JavaScript. A Microsoft "fix" for the third vulnerability is available, but it does not, at this time, actually repair the vulnerability. It just turns off one specific JavaScript function exploited by the virus. Since many server sites rely on heavy use of Java, disabling JavaScript may significantly affect your "browsing experience." Both of the sites that versions of this virus used to actually download the keystroke logger have been shut down. Since the virus relies on "piss poor maintenance" of server software, mudcat is NOT AFFECTED; but there are a few sites on the web that were. The infection was classed as "mild" as of yesterday. The observed (so far) infections do not attempt to spread themselves, so you must actually visit an infected site to pick this one up. Since the original JavaScript download looks like a "normal" Java transaction, it is NOT DETECTED by any current AV software. The script that runs on the user's machine functions as a "normal" program, so it is NOT DETECTED by any AV software, although some firewalls, hardware or software, may block the communication with the download site - or at least tell you that your machine is trying to communicate. Neither the script nor the downloaded keystroke logger is detected by ANY CURRENT ANTISPYWARE program, and NO CURRENT ANTISPYWARE PROGRAM can remove this p.o.s. Removal instructions are available from major AV suppliers, but it is rather difficult to know that you've been infected. Users can determine if this malware is present on their own machines by searching for the file "Kk32.dll" or "Surf.dat." (You should be sure to include hidden and system files in the search.) If either file is found (odds are very low) details of removal can be found at major AV sites under the virus name "Scob." There is little reason to believe that more than a very few persons might need to be concerned about this one; but being aware of the kinds of threats that appear on a daily basis is just part of "living with the web." There have been several other "server side" viruses (Qhost is best known) but the above is the first that has appeared that was apparently aimed at identity theft. A second concern, less than a month since first appearance, is the use of "Instant Messaging" connections to transmit viral crud. Since IM requires a continuous connection, such infections do not have to rely on "hit or miss" methods to attack. They can simply "send to all possible addresses. "Code Red," which appeared recently, infected all vulnerable machines in less than 14 hours, according to Symantec (Norton). A newer one, "Slammer," took less than 20 minutes. A Symantec spokesman suggests "An instant-messaging threat could spread to a half a million machines in 35 seconds." (Neither of these threats were reported as affecting machines with current OS updates.) It doesn't just come as email attachments any more. (Neither of the above threats uses an "attachment" or even email.) The above should NOT BE reason for anyone to be paranoid about infections; but you MUST keep your OS up to date with frequent (preferably automatic) updates, you MUST USE a good AV with CURRENT signatures, you should probably have AND USE REGULARLY at least one or two of the recommended "AntiSpyware" programs WITH CURRENT DATA FILES. Most importantly - you must be aware of "where you're at" on the web, and be alert on the web and after for any unusual "event" that might suggest that someone's trying to hurt you. John |
| Share Thread: |