aprilkorova

I would work on your lappie for awhile if I was you, although it sounds like your proggie(s) have it under control. If it's one person trying to get at you, they may keep trying until they get around it though.

I've never tried to call my ISP about this kind of thing since I've had DSL. Don't know if they could help or not. Give it a shot or get some smarty pants over to your house to try and turn the tables on them.

I'm far from a smarty pants, but I've heard it is fairly easy to catch them if you catch them in the act.

Where is WizD0m when ya need him?

boneprone

200.49.128.0 - 200.49.159.255
Fibertel TCI
Amenabar 23 - Capital Federal
Republica Argentina
AR

--------------------------------------------------------------------------------

Latini, Patricio
[email protected]
+54 1147786655



This is what I am getting.. He seems to own lots of ip addresses??? What the fuck do I do with this info?

boneprone

South America?? Looks like the "Cartel" wants to fuck with the "Family"..

Snow, get those guns cleaned up and ready bro!

Taz

"Attempt to connect to local computer using "Backdoor/SubSeven Trojan Horse blocked"

Is this bad??
-----------

Yes, that's bad.

Sounds like you have Sub7 trying to phone home.

You've got to get the trojan off your system, which is easier said than done. Run anti-virus on your laptop to check it, put Zone Alarm on it, use this to check the security of it https://grc.com/x/ne.dll?bh0bkyd2 and use it for a while until you get the trojan off the other system. Use the laptop to change out your passwords to stuff you do online since chances are good that the trojan may have been on your system for a while and you just now noticed it.

boneprone

good idea.. Thanks bro.
But how the fuck do I get rid of the trojan?
My antivirus cant find it, and I guess they are hard to find.

Taz

Trojans are basically a two part program. One is on your system, one is on the hacker's system. The one on yours, phones home so to speak and awaits instructions from the hacker's program. Now these are usually used in two ways. One is to use the trojan on the users system to attack other sites with DOS packets. The other is to snoop the users system for info.

The anti-virus most likely can't find it due to the trojan using common windows names and extensions. What anit-virus are you using? I got hit with Sub7 months ago and my Inocculate-IT was able to locate and quarantine it. Luckily for me, I'm behind a physical firewall and it was harmless, so we got to play with it a bit. Sub7 is one nasty sonofabitch. It records keystrokes, instant message conversations, hell about the only thing it can't do is tell where you go when you get up from the desk, unless you have a cam hooked up. My peeps are in traffic right now, but I'll get you hooked up with my network engineer via e-mail tonight and we'll see if we can't get that system cleaned out for you. Just hang tight and stay off the infected system.

Peace,

jimmyf

boneprone, you can give me an IQC and I'll give you my phone number and help you set up ZoneAlarm.

TheFLY
I don't even use MSIE or that Outlook. I wonder if ICQ has any.
Yes you can be hacked thru ICQ, Tell ZoneAlarm when it ask if you want to let it be a server say NO.

I am accused of using NutScape and NetCrap
but I'll just keep on using it.

Xero
Zonealarm is not the professional way to go. I would strongly suggest
"BlackIce Defender" as it has won several awards, and I have used it
personally, and its great. Here is a direct link to the product.

BlackIce is A bunch of CRAP SHIT.
The only good thing is there site to look up DNS
Us below to look them up>
Most frequent attacker 200.49.154.28 http://advice.networkice.com/advice/...16/default.htm

You've got to get the trojan off your system,
which is easier said than done.

Am pretty sure InoculateIt will get the Trojan off you system.
You might have some bots on your system also.

I forgot I have and have used Norton firewall, BlackIce and ZoneAlarm and ZoneAlarm is by far and away the best..
I had my buddy put it on his comput the other day and HE HAS A DIAL-UP CONNECTION and right away he was getting hit, so your not safe with a dial up.
Jim



[This message has been edited by jimmyf (edited 07-16-2001).]

HQ

Xero,

i'm not too sure about black ice... i'm with jimmyf on this one. ...and steve gibson also seems to hate it:



...but read http://grc.com/dos/grcdos.htm to see why. and you'll understand.

[This message has been edited by HQ (edited 07-16-2001).]

Phil21

So much misinformation..

If all you run is plain jane windows, and never run executeables from untrusted sources, and have filesharing shut off windows is "secure" as hell. Why? There is absolutely nothing to hack. No listening ports.

Of course, ICQ potentially punches some holes as it does listen on ports, as does filesharing, or any other third party program out there. This is when you want some sort of firewall device.

I personally prefer just to NAT my machine behind a linux box turned into a router. The only problem with this is that I cannot play some games which use directplay, or peer/peer connections without some rather intensive firewall rulesets which gets complex FAST.

And no, having someone attempt to connect to a common subseven port is NOT bad. It's something that will happen constantly. These are just morons scanning for people that have it installed, not targetting you individually. I should show you guys server logs of all the "hacking attempts" that are made against our webservers. Reminds me of the time I got a frantic call from a customer because someone was *gasp* PINGING their firewall. Yeesh.

Now.. if you run windows to host sites, I pity you and wish you the best of luck. Securing a box which needs services open is considerably more challenging than a home PC that does nothing but make outgoing connections.

Still, firewalls for home PC's are a good idea. You never know what port some idiotic programmer will open on your box, with some off-the-wall software you install. But I could also put up a win98 box right now and give you the IP, and no one would be able to "hack" it. The firewall I have is more for my own laziness than anything. I don't want to have to even think about security on my home box, I just want to install shit and play.

-Phil

boneprone

I got a firewall up so the guy aint getting in anymore as far as i know.. I just want to hunt down the sub7 in my computer and get rid of it now.

I kust need to find out how to locate it?

aprilkorova

Phil, how does DSL figure in to all of this?

When I signed up, they never mentioned anything about constantly "open" connections. Just kinda realized that was the way it's going to go.

Is it really that big of a security breech? Or overblown? Is zonealarm enough? Don't have much biz on this computer so I'm not really into getting a physical firewall.

Any thoughts?

Oh yeah, I don't know if I've ever posting behind you before...so if I haven't welcomed you properly. Go Fuck Yourself!

boneprone

I guess it leaves an open port.

Juge

Boneprone, maybe I missed it from your firewall message (I can't rememeber what type of message my firewall states when there's a sub7 attack), but you should check to see what the firewall actually is blocking:

Either:

1. someone attempting to ask your computer if you have the sub7 (so he can use it to do just about anything on your machine)

or

2. sub7 calling home. (is this even possible? does sub7 call home?)

If it's #1, don't worry, it happens all the time. I used to gte 10 or 20 idiots/day doing this. Even if I didn't have my firewall, I don't have sub7 on my computer, so they couldn't do anything.

if it's #2 then you can resume your panic (because i have no idea how to remove it... I just have a hunch if your virus scan doesn't find it, then it doesn't exist, I sure as hell know that any recent virus scan should FIND and REMOVE it - I've personally witnessed this)

Hope this helps,


------------------
Juge - [email protected]
- Juge's Bikini and Thong Page
- Juge's Weekly Wallpaper
- Daily Bikini Babe

Need FREE CONTENT?

TheFLY

I just installed zonealarm -- I'm 99% sure I was hacked also... I'll post a topic on my findings.

TheFLY

Also I got an email from our friend from Argentina ;)

TheFLY

BTW Jimmy if you can give me any advice on setting up ZoneAlarm -- I'd appreciate it ;)

[email protected]

So you're saying ICQ can still work w/o acting as a server? Hmmm does that change the capabilities of the program?


------------------
...from the nectar of the Bone flows all that clicks...

Theo

Few things about trojans and your situation Boneprone. These trojan proggies are nice way to do a joke to someone but can be a very powerful spy tool if the webmaster knows how to deal with them. For example in your situation with sub7 trojan inside your system a user of this proggie can have any kind of information about your system. He can handle and do exactly the same things like you: run programs,do searches,view,read,print files,see your passwords,your history,cookies, take screenshots of what you see and guess what? he/she can even see you in case you have active your cam. I'm almost sure that you ended up with this program from someone you already know and sent you a file. Advanced webmasters or programmers can very easily encode it with their own algorithm so none antivirus can detect it. In your case I would check all received files from Icq. Be careful with firewalls because you might think you're secure and have some ports open that are used from sub7.

[This message has been edited by Soul_Rebel (edited 07-17-2001).]

X37375787

Hey Soul - you might wanna remove the trojan that I installed on your machine yesterday

------------------

CJUltra v1.2

Corpsie

If you have a broadband connection, put yourself behing a router's firewall.

If you can afford 2 computers, have 1 as your internet computer and another as your business computer. Only connect the 2 when you are transferring files from your business computer to your internet computer. Never transfer files from your internet computer to your business computer.

If you don't need to leave your computer on, do not do it.

Restoring a hard drive = $600
Buying an internet computer = ~$600
It is worth the investment. (I'm trying not to sound like a broken record here)

TheFLY

Well never mind -- I was hacked, but I'd rather not share my findings. I don't want to be a part of someone's game. I had a very wierd dream about all this last night -- which I'd rather not go into.

Anyway I strongly recommend that everyone get this ZoneAlarm program -- there's a very good possibility that your machine may have remote access/monitoring software installed on it *by the manufacturer*!!!

Especially if you have a COMPAQ!

In any case -- if my watchers/hacker/hackers are reading this... thanks for not cleaning out my HD... I've been getting multiple emails all of a sudden -- people trying to send me trojans...

Anyway now I'm paranoid -- phone calls where people hang up -- it's all too fucked up.

boneprone

So an insider from the boneprone family may have set this up.

I may have to organize an Internal Affairs team to investigate the family.

Gemini

Hey lemme lead the squad! I have a great rubber hose...

Everybody line up! Time for the confessional

Theo

i can't say that for boneprone family, but I think I just did it hehe. Usually the case is the following: you receive a file, you run it and this affects your system. The trojan is password protected and the guy that sent it to you is the only one that can connect to your machine. Some of the trojans have backdoors for their programmers which means that is possible more than one to finally have access in your system. If this is the case, and the number increases all the time and your system becomes a BBS and you should start charging fee or having a dialer for them in order to cover expenses ;-)

[This message has been edited by Soul_Rebel (edited 07-17-2001).]