New Leak test-Oops!

Discussion in 'other firewalls' started by RL, Mar 6, 2003.

Thread Status:
Not open for further replies.
  1. RL

    RL Guest

    http://www.hackbusters.net/oops.html
     
  2. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Ample discussion in Look & Stop forums already.
    With patch already issued LNS stops this .
     
  3. minacross

    minacross Registered Member

    Joined:
    May 12, 2002
    Posts:
    657
    Kerio did not recognize it, and the same for ourpost :(
    ZAF 3.7.098 reconized it but faild to stop it from sending info to the site o_O o_O
     

    Attached Files:

  4. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    SSM prevent it to run with or without FW :cool:
     
  5. controler

    controler Guest

    Jack

    What is SSM ?
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi controler,

    SSM: http://kormushkin.narod.ru/help/ssme.html

    Regards,

    Pieter
     
  7. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    I understand that Jack, but since the number of SSM users is rather low compared to firewall users, all these leaktests and proof of content are forcing firewall vendors to produce better products.
    After all firewalls are considered the first line of defense by most and any improvements made to them can only help the net community at large.
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    :D I find it rather strange that when an item such as this is posted ppl rush out to try it - You download something that someone has pointed you towards & wonder why your PC / firewall is "compromised" OK in this case it is genuine but others may not be so honest. :D
    Still I suppose that is what a lot of folks do all the time, hence the rapid spread of Worms, Viri & Trojans & other malware. :eek:

    I'm ducking! ...
     
  9. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello Mickey ;)

    You are right and Frederic is really quick on the ball ;)

    I of course run also a FW, SSM is another layer of defence and prevent such tests or possible malwares not yet in AV, AT or Anti-spy databases to cheat before adequate mesure has been token by FW developpers.

    As Paul uses to say "don't put all your eggs in one basket ";)

    Rgds,
     
  10. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello Pilli ;)

    Sure but see MtM post, I second that and not only for FW developpers but for all security products'.

    There are not normal conditions of computer use of course

    I am not aware of any malware till now using the technics of such leaktests but could happen soon or later.

    Better defence is prevention.

    I also attach my belt in my car : one never knows what may occur even if a never had an accident :cool:

    Rgds,
     
  11. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Hi Philli,
    1. I would think that those that keep coming to BB's like this one are already tuned in to potential threaths. Is is not the reason why most come here in the first place ?
    2. These proof of concepts are just that. To prove that a real nasty could produce damage in same situation. They in turn allow software vendors to produce patches to ensure that the "real deal" is neutured before someone actuallly produces it.
    It's a never ending game..............................
     
  12. Cynder

    Cynder Guest

    Call me old fashion but I prefer “Application Filtering” Feature that has capabilities of detecting large % of the time, Applications accessing Client Environments. Using System Safety Monitor would be quite stressful Utility for people who all the time Downloads, Installs, and Updates. I’m all the time Downloading, Installing, Updating programs whether it’s for Exploring purposes or it’s just to assist one with problems. As it is I’m all the time responding to Application Filtering Alerts, I don’t believe I can stand using something like Application Control like that what SSM offers. How I see it I would prefer responding to Alerts of Applications accessing Client Environments then to be responding to Alerts upon file executions. But because System Safety Monitor wouldn’t be beneficial to me doesn’t mean it’s not to another, this product provide an Additional Layer to Software Firewalls and that’s all good…

    Most don’t know this yet but there is only so many ways of accessing Internet Resources and so far Software Firewalls with Application Filtering Feature like Look ‘n’ Stop pretty much has most of the methods used for accessing Internet Resources covered. And I personally feel it’s going to come the time where programs going to become more malicious and attempt to Terminate Software Firewalls functionality whether it’s by terminating its Processes or….
     
  13. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    ZA+ with current updates warns and stops the piggyback.
    :)
     
  14. Well, I'm running Norton Personal Firewall 2003 (NIS), and it didn't detect it...
    The site says, "patch available". Does anyone know how I can get that patch?

    Thanks
    Shooter...
     
  15. controler

    controler Guest

    Thank You Pieter_Arntz for the link.


    ,I knew about System Safety Monitor but didn't put the connection with the abbreviation.
    I run RegRun and was thinking SSM is very similar?
    I also have a couple other programs that monitor vital REG keys and program-Application file changes.
     
  16. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Did your message show up on the site? Not currently running 2003, but I seem to remember it not alerting, but the message would not go through.

    Regards,

    CrazyM
     
  17. Thanks for your reply! :)

    It did not kick the firewall to warn me and it did post the message on the site... Here is a screenshot...

    Thanks
     

    Attached Files:

  18. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Straight Shooter

    Thanks for the clarification :eek: :D .

    Regards,

    CrazyM
     
  19. qualserve

    qualserve Registered Member

    Joined:
    Mar 8, 2003
    Posts:
    5
    Location:
    New Hampshire - Live Free Or Die
    :DHello all. New to this forum, but not to computing. That said, I would like some input to a couple of my concerns. I upgraded my XBlock software, ran a spyware scan and, lo and behold, was informed that WinWhatWhere resided in my registry and dwshk36.ocx was in my system folder. HHmmmmmo_O I then checked the other 5 computers on my home net and found the same entries on 3 of them. Any ideas? Is it for real, or just a residual of some other program?
    My other query concerns the security provided by the firewall contained in my Netgear FVS318 with Prosafe VPN Firewall. Is it enough to rely on this for security? Thanks for your input! Great forum here!! o_O
     
  20. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Hmm. Sounds like it might be for real. The presence of dwshk36.ocx by itself isn't totally incriminating, however...

    Here's a link to some information on this keylogger and others:

    http://www.webspeakster.com/keylogger_info.htm

    This might help! Good luck! :D
     
  21. controler

    controler Guest

    Nice link JimIT

    Lots of good keylogging info ;)
    I am still using Anti-Kelogger and it seems to work very well.
    Any program with good heuristics will give some false alarms.
    It appears monitor spy from code-it's page will scan an NT system but you still need ADMIN rights to make any reg changes. It is still always nice to at least know the files are there even if we can
    t delete them. These keyloggers are used more and more by the corporate world. I am seeing more and more state government agencies loading these keylogges on their systems all the time.
    And once again I must remind you, many of these systems are still windows 95 o_O
     
  22. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Hi !
    This topic will probably be moved to the appropriate forum discussion, but if you are the original owner of your PC, you or somebody else has been "spied" upon ! :eek:

    regards,
    bill :)
     
  23. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Hi qualserve,

    Welcome to the forum.

    Just a word on your post here... Generally, posts that are about new subjects should be posted in a "new topic" and not as a "reply" to a thread that is about a different subject. This thread was about a specific firewall leaktest.

    Unfortunately, we can not detach the individual posts (yours and the 3 replies to it) and move them to another forum as eyespy notes. You appear to have the answer to your first question, it really looks like you have a real keylogger on your system. I suggest you use your spyware scanner to remove it from all systems.

    If you have any follow-up questions on the spyware / keylogger, please start a new thread in the "privacy problems" forum. As for your router / firewall question, a new topic here in the "other firewalls" forum would be best for that.

    Again, welcome to Wilders Security Forum!

    Best Wishes,
    LowWaterMark
     
  24. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Kerio 2.1.4 passed, its all in your rules.
     
  25. Cynder

    Cynder Guest

    Using Internet Filtering Layer you can Control Anything, purpose of these Leaktests are to test the Application Layer whether or not it’s capable of detecting these types of methods to gain Internet Access. ;)
     
Thread Status:
Not open for further replies.