http://www.hackbusters.net/oops.html

Ample discussion in Look & Stop forums already.
With patch already issued LNS stops this .

Kerio did not recognize it, and the same for ourpost :(
ZAF 3.7.098 reconized it but faild to stop it from sending info to the site ??? ???

Hello,

SSM prevent it to run with or without FW 8)

Jack

What is SSM ?

Hi controler,

SSM: http://kormushkin.narod.ru/help/ssme.html

Regards,

Pieter

-{ Quote: " quoting: JacK link=board=23;threadid=7809;start=0#51333 date=1047040645]
Hello,

SSM prevent it to run with or without FW 8)
" }-
I understand that Jack, but since the number of SSM users is rather low compared to firewall users, all these leaktests and proof of content are forcing firewall vendors to produce better products.
After all firewalls are considered the first line of defense by most and any improvements made to them can only help the net community at large.

;D I find it rather strange that when an item such as this is posted ppl rush out to try it - You download something that someone has pointed you towards & wonder why your PC / firewall is "compromised" OK in this case it is genuine but others may not be so honest. ;D
Still I suppose that is what a lot of folks do all the time, hence the rapid spread of Worms, Viri & Trojans & other malware. :o

I'm ducking! ...

-{ Quote: " quoting: MickeyTheMan link=board=23;threadid=7809;start=0#51343 date=1047045761]
I understand that Jack, but since the number of SSM users is rather low compared to firewall users, all these leaktests and proof of content are forcing firewall vendors to produce better products.
After all firewalls are considered the first line of defense by most and any improvements made to them can only help the net community at large.
" }-

Hello Mickey ;)

You are right and Frederic is really quick on the ball ;)

I of course run also a FW, SSM is another layer of defence and prevent such tests or possible malwares not yet in AV, AT or Anti-spy databases to cheat before adequate mesure has been token by FW developpers.

As Paul uses to say "don't put all your eggs in one basket ";)

Rgds,

-{ Quote: " quoting: Pilli link=board=23;threadid=7809;start=0#51353 date=1047051122]
;D I find it rather strange that when an item such as this is posted ppl rush out to try it - You download something that someone has pointed you towards & wonder why your PC / firewall is "compromised" OK in this case it is genuine but others may not be so honest. ;D
Still I suppose that is what a lot of folks do all the time, hence the rapid spread of Worms, Viri & Trojans & other malware. :o

I'm ducking! ...
" }-

Hello Pilli ;)

Sure but see MtM post, I second that and not only for FW developpers but for all security products'.

There are not normal conditions of computer use of course

I am not aware of any malware till now using the technics of such leaktests but could happen soon or later.

Better defence is prevention.

I also attach my belt in my car : one never knows what may occur even if a never had an accident 8)

Rgds,

-{ Quote: " quoting: Pilli link=board=23;threadid=7809;start=0#51353 date=1047051122]
;D I find it rather strange that when an item such as this is posted ppl rush out to try it - You download something that someone has pointed you towards & wonder why your PC / firewall is "compromised" OK in this case it is genuine but others may not be so honest. ;D
Still I suppose that is what a lot of folks do all the time, hence the rapid spread of Worms, Viri & Trojans & other malware. :o

I'm ducking! ...
" }-
Hi Philli,
1. I would think that those that keep coming to BB's like this one are already tuned in to potential threaths. Is is not the reason why most come here in the first place ?
2. These proof of concepts are just that. To prove that a real nasty could produce damage in same situation. They in turn allow software vendors to produce patches to ensure that the "real deal" is neutured before someone actuallly produces it.
It's a never ending game..............................

Call me old fashion but I prefer “Application Filtering” Feature that has capabilities of detecting large % of the time, Applications accessing Client Environments. Using System Safety Monitor would be quite stressful Utility for people who all the time Downloads, Installs, and Updates. I’m all the time Downloading, Installing, Updating programs whether it’s for Exploring purposes or it’s just to assist one with problems. As it is I’m all the time responding to Application Filtering Alerts, I don’t believe I can stand using something like Application Control like that what SSM offers. How I see it I would prefer responding to Alerts of Applications accessing Client Environments then to be responding to Alerts upon file executions. But because System Safety Monitor wouldn’t be beneficial to me doesn’t mean it’s not to another, this product provide an Additional Layer to Software Firewalls and that’s all good…

Most don’t know this yet but there is only so many ways of accessing Internet Resources and so far Software Firewalls with Application Filtering Feature like Look ‘n’ Stop pretty much has most of the methods used for accessing Internet Resources covered. And I personally feel it’s going to come the time where programs going to become more malicious and attempt to Terminate Software Firewalls functionality whether it’s by terminating its Processes or….

ZA+ with current updates warns and stops the piggyback.
:)

Well, I'm running Norton Personal Firewall 2003 (NIS), and it didn't detect it...
The site says, "patch available". Does anyone know how I can get that patch?

Thanks
Shooter...

Thank You Pieter_Arntz for the link.


,I knew about System Safety Monitor but didn't put the connection with the abbreviation.
I run RegRun and was thinking SSM is very similar?
I also have a couple other programs that monitor vital REG keys and program-Application file changes.

-{ Quote: " quoting: Straight Shooter link=board=23;threadid=7809;start=0#51459 date=1047094852]
Well, I'm running Norton Personal Firewall 2003 (NIS), and it didn't detect it...
The site says, "patch available". Does anyone know how I can get that patch?
" }-

Did your message show up on the site? Not currently running 2003, but I seem to remember it not alerting, but the message would not go through.

Regards,

CrazyM

Thanks for your reply! :)

It did not kick the firewall to warn me and it did post the message on the site... Here is a screenshot...

Thanks

Hi Straight Shooter

Thanks for the clarification :o ;D .

Regards,

CrazyM

;DHello all. New to this forum, but not to computing. That said, I would like some input to a couple of my concerns. I upgraded my XBlock software, ran a spyware scan and, lo and behold, was informed that WinWhatWhere resided in my registry and dwshk36.ocx was in my system folder. HHmmmmm??? I then checked the other 5 computers on my home net and found the same entries on 3 of them. Any ideas? Is it for real, or just a residual of some other program?
My other query concerns the security provided by the firewall contained in my Netgear FVS318 with Prosafe VPN Firewall. Is it enough to rely on this for security? Thanks for your input! Great forum here!! ???

-{ Quote: " quoting: qualserve link=board=23;threadid=7809;start=15#51504 date=1047134314]
;DHello all. New to this forum, but not to computing. That said, I would like some input to a couple of my concerns. I upgraded my XBlock software, ran a spyware scan and, lo and behold, was informed that WinWhatWhere resided in my registry and dwshk36.ocx was in my system folder. HHmmmmm??? I then checked the other 5 computers on my home net and found the same entries on 3 of them. Any ideas? Is it for real, or just a residual of some other program?" }-

Hmm. Sounds like it might be for real. The presence of dwshk36.ocx by itself isn't totally incriminating, however...

Here's a link to some information on this keylogger and others:

http://www.webspeakster.com/keylogger_info.htm

This might help! Good luck! ;D

Nice link JimIT

Lots of good keylogging info ;)
I am still using Anti-Kelogger and it seems to work very well.
Any program with good heuristics will give some false alarms.
It appears monitor spy from code-it's page will scan an NT system but you still need ADMIN rights to make any reg changes. It is still always nice to at least know the files are there even if we can
t delete them. These keyloggers are used more and more by the corporate world. I am seeing more and more state government agencies loading these keylogges on their systems all the time.
And once again I must remind you, many of these systems are still windows 95 ???

-{ Quote: " quoting: qualserve link=board=23;threadid=7809;start=15#51504 date=1047134314]
;DHello all. New to this forum, but not to computing. That said, I would like some input to a couple of my concerns. I upgraded my XBlock software, ran a spyware scan and, lo and behold, was informed that WinWhatWhere resided in my registry and dwshk36.ocx was in my system folder. HHmmmmm??? I then checked the other 5 computers on my home net and found the same entries on 3 of them. Any ideas? Is it for real, or just a residual of some other program?
My other query concerns the security provided by the firewall contained in my Netgear FVS318 with Prosafe VPN Firewall. Is it enough to rely on this for security? Thanks for your input! Great forum here!! ???
" }-

Hi !
This topic will probably be moved to the appropriate forum discussion, but if you are the original owner of your PC, you or somebody else has been "spied" upon ! :o

regards,
bill :)

-{ Quote: " quoting: qualserve link=board=23;threadid=7809;start=15#51504 date=1047134314] ;D Hello all. New to this forum, but not to computing. That said, I would like some input to a couple of my concerns. I upgraded my XBlock software, ran a spyware scan and, lo and behold, was informed that WinWhatWhere resided in my registry and dwshk36.ocx was in my system folder. HHmmmmm??? I then checked the other 5 computers on my home net and found the same entries on 3 of them. Any ideas? Is it for real, or just a residual of some other program?
My other query concerns the security provided by the firewall contained in my Netgear FVS318 with Prosafe VPN Firewall. Is it enough to rely on this for security? Thanks for your input! Great forum here!! ???
" }-

Hi qualserve,

Welcome to the forum.

Just a word on your post here... Generally, posts that are about new subjects should be posted in a "new topic" and not as a "reply" to a thread that is about a different subject. This thread was about a specific firewall leaktest.

Unfortunately, we can not detach the individual posts (yours and the 3 replies to it) and move them to another forum as eyespy notes. You appear to have the answer to your first question, it really looks like you have a real keylogger on your system. I suggest you use your spyware scanner to remove it from all systems.

If you have any follow-up questions on the spyware / keylogger, please start a new thread in the "privacy problems (http://www.wilderssecurity.com/index.php?board=21)" forum. As for your router / firewall question, a new topic (http://www.wilderssecurity.com/index.php?board=23;action=post;title=StartNewThread) here in the "other firewalls" forum would be best for that.

Again, welcome to Wilders Security Forum!

Best Wishes,
LowWaterMark

Kerio 2.1.4 passed, its all in your rules.

Using Internet Filtering Layer you can Control Anything, purpose of these Leaktests are to test the Application Layer whether or not it’s capable of detecting these types of methods to gain Internet Access. ;)

-{ Quote: " quoting: BlitzenZeus link=board=23;threadid=7809;start=15#51604 date=1047193160]
Kerio 2.1.4 passed, its all in your rules.
" }-

Hello,

No it does NOT ::)

Sometimes ther is outages and you must try later or wait a while after clicking on the green button before clicking on the yellow.

Rgds,

1,[09/Mar/2003 20:36:24] Rule 'DNS Alert (Log, Alert)': Blocked: Out UDP, localhost:1793->12.45.56.2:53, Owner: F:\DOWNLOADS\OOPS2.EXE
1,[09/Mar/2003 20:36:24] Rule 'DNS Alert (Log, Alert)': Blocked: Out UDP, localhost:1793->12.45.56.2:53, Owner: F:\DOWNLOADS\OOPS2.EXE

Don't roll your eyes at me, its all in your rules... 8)

Edit: BTW, unlike what the site says, I can block the application, but it wasn't necessary to make these logs.

-{ Quote: " quoting: BlitzenZeus link=board=23;threadid=7809;start=15#51804 date=1047271500]
Don't roll your eyes at me, its all in your rules... 8)

Edit: BTW, unlike what the site says, I can block the application, but it wasn't necessary to make these logs.
" }-
lol I don't use KPF for a while and did not verify by myself, thx.
I suppose you made a rule other DNS DENY ?

Rgds,

-{ Quote: " quoting: BlitzenZeus link=board=23;threadid=7809;start=15#51804 date=1047271500]
1,[09/Mar/2003 20:36:24] Rule 'DNS Alert (Log, Alert)': Blocked: Out UDP, localhost:1793->12.45.56.2:53, Owner: F:\DOWNLOADS\OOPS2.EXE
1,[09/Mar/2003 20:36:24] Rule 'DNS Alert (Log, Alert)': Blocked: Out UDP, localhost:1793->12.45.56.2:53, Owner: F:\DOWNLOADS\OOPS2.EXE
" }-

Hi BlitzenZeus,

Could you confirm you tested Oops under Win2000/XP ?
Under Win9x / Me it is normal that any PF detects Oops.

Thanks,

Frederic

Long live zone alarm..
i don't know about others..but my zone alarm 3.5..not only detected it..but also my msg was not delivered...even without the patch.

Again, see previous post from Frederic.
On what platform do you operate ?

-{ Quote: " quoting: Frederic link=board=23;threadid=7809;start=15#51966 date=1047332698]Hi BlitzenZeus,

Could you confirm you tested Oops under Win2000/XP ?
Under Win9x / Me it is normal that any PF detects Oops.

Thanks,

Frederic
" }-

Yes, I run XP Pro. I might give more details later if I have time, but right now I'm at 22 hours into a 36 hour day. I just checked the board for any more responses while I was still alive mentally. I'll try to check back with you guys in the next day, or two.

Edit: I'm so tired I missed a grammar error... I wish I could just snuggle my pillow for a few hours right now...

Oops been existing for lengthy amount of time before even being released to the public, throughout the time Tom Liston was making this holes presents to all the popular Software Firewalls. There had been a patch and/or newer release of ZoneAlarm which had fixed the security hole.

-{ Quote: " quoting: adiel link=board=23;threadid=7809;start=15#51997 date=1047341729]
Long live zone alarm..
i don't know about others..but my zone alarm 3.5..not only detected it..but also my msg was not delivered...even without the patch.

" }-