What’s Going On?
October 27th, 2004 - 10:51 am
No broadband access here at the sunglass store, so I’m borrowing my cousin’s AOL dialup connection. Needless to say, it sucks. What’s curious, however, is that Norton Internet Security has stopped three trojan horse attacks in the last hour.
Two from South Korea, one from Denver.
Now, with my AOL-assigned IP address, I know these are random attacks and not directly personally at me. But I don’t usually get three of them in a month, much less in an hour.
Are we seeing an uptick in net attacks because of the upcoming election, or just some hooligan scriptkiddies going after AOL?
Same here. I had virtually nothing before September – I had an un-updated version of Norton, and (though I didn’t realize it until later) I didn’t even have the Windows XP firewall up, and experienced absolutely no problems until September 6 – when I installed AdAware back in July, the most malicious thing it found was Alexa.
Then just in the past 7 weeks I’ve had places attempt to load adware, phishing trojans, dialers, etc. And then there’s the Randreco that won’t go away…
It’s really gotten nasty out there all of a sudden.
Isn’t a “trojan horse” an attack via software you run, thinking it’s something else, which then infects your machine?
Thus the analogy to the fabled attack on Troy involving the Horse.
Exploit attempts via random IP scanning ain’t trojans.
Anyone who uses AOL is asking for trouble.
Holligan Script-kiddies. These attacks are so easy to do these days. Hell, there are websites with programs that allow you to create a Point-N-Click Worm. Just pick your options, fill in some random or specific words, and boom. Insta-Worm, fresh for unleashing online. You don’t have to be smart to be a pain in the ass anymore it seems.
Try “system restore” if you have XP. It’s under: Programs/ Accessories/System Tools and restores the computor to a “snapshot” of the software taken by the computer on an almost daily basis. It leaves all docs and favorites intact. Essentially it removes any software or operating system changes, including any deliberate (by the operator) downloads or additions. It has never failed to remove even the most persistent adwares, changers etc. on my computer because it recreates the computer to an earlier, pre-problem date instead of trying to uninstall malicious code. No problems using it so far, but I read that if you have been using a lot of Spybot or adware removal programs, it is possible to reset to a date before they were used and reinstate old spyware. The solution is to reset/restore to the nearest previous date before the persistent problems began.
Call me paranoid but both blogspot and mu.nu are down today too.
blogspot down? My site is on blogspot, I’m not having any problems.
First off, Relax.
The amount of scanning you’re seeing is pretty much the same as it has been over the last few months.
Second, most of these attacks aren’t script kiddies themselves, rather it’s already infected systems that are looking to propagate further. The initial infection, and the systems infected by the malware (geek term for any virus/trojan/malicious software) are most likely controlled by (primarily) eastern block hackers. They turn around and sell these groups of infected systems (aka botnets) out to the highest bidder for use as spam relays or clients in a DDOS (Distributed Denial of Service) attacks (as the “stick” so to speak of their online racketeering/extortion).
If you’re looking for a current and daily update of the nasties currently on the net, hit the SANS groups’ internet storm center page at isc.sans.org.
Cheers,
-E2
Oh, the reason you saw more from Korea than the US? Broadband has a significantly higher penetration rate in SK than the US. Unfortunately, patching your $%$#-ing computer hasn’t caught on there as much as stateside. Ergo, more infected systems. A good example is the effect the sapphire/slammer worms had. The US took some damage (and many large corporation networks were taken down) but SK was effectively knocked off the internet for 3 days.
If anyone else has been having trouble with Randreco.exe, here is the fix:
http://forums.thetechguys.com/showthread.php?t=5857
I haven’t done the full fix, due to lazyness/lack of self-confidence, but checking the Temp and Prefetch folders regularly slows it down a bit.
(I should add that I’m NOT on AOHell.)
Mostly Script Kiddies and Hooligans… and other infected machines. The AOL IP space gets worked over pretty hard by just about anybody looking to cause some trouble since the impression (regardless of if it is true or not) is that you’re apt to find more clueless individuals not running any sort of virus protection or that have not patched their systems. Especially if you’re looking to make a botnet of 10,000 zombies to use in a DDoS.
I agree with Eric re SK and US and patching boxes. Of course, if microsoft would learn that bounds checking is your friend there wouldn’t be dozens of these buffer overflow exploits running around.
(Instead, there’d probably be an even more creative exploit.)
Personally, I prefer ZoneAlert. Equally effective, but it plays nicer with the rest of my computer. Their tech support is much nicer, too.
Well, AOL does suck, and scriptkiddies are rampant, but it’s also the election. There have been plans for this for a long time – that’s coming from various open sources. I think the first time I saw it was in the summer of 2002, and I know it was out there before.
*shrug* Threat assessments I can do, but computers? Not my thing. So thanks, mikem, for the tip.