Important warning !

[plun]

http://netrn.net/spywareblog/archives/2005/08/05/massive-id-theft-ring-discovered/

This is not fun anymore ! >:|

 

[Bill Sanderson]

What these researchers have found is a repository for log files from
keyloggers.

I'm always surprised that I've never found such a file on any of the
machines I've worked on, but they are something I look for early on a given
new machine because of the disasterous consequences of having one in place
and the information contained in those logs getting out.

Keyloggers are something that Microsoft Antispyware detects.

It may be of interest to note that future firewall versions from
Microsoft--the one in OneCare, for example:

http://beta.windowsonecare.com/prodinfo/default.aspx

are now two-way, and would help in this situation, as well.

In the life of these forums, we've had perhaps half a dozen or more reports
of keyloggers. Some of those have been false positives--they need to be
researched very carefully--but there have been at least three, I believe,
which have been real.

The outbound stream of logfiles from the keylogger in place can move via a
number of means--it can be very difficult to prevent.

 

[plun]

Hi Bill

This was just a warning !

And I know that about Onecare but that don´t help todays users.

More important then WGA and p2p problems ! IMHO again.

 

[Andre Da Costa [Extended64]]

Why couldn't they have made Microsoft OneCare a world wide open beta like
Microsoft AntiSpyware.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

What these researchers have found is a repository for log files from
keyloggers.

I'm always surprised that I've never found such a file on any of the
machines I've worked on, but they are something I look for early on a
given new machine because of the disasterous consequences of having one in
place and the information contained in those logs getting out.

Keyloggers are something that Microsoft Antispyware detects.

It may be of interest to note that future firewall versions from
Microsoft--the one in OneCare, for example:

http://beta.windowsonecare.com/prodinfo/default.aspx

are now two-way, and would help in this situation, as well.

In the life of these forums, we've had perhaps half a dozen or more
reports of keyloggers. Some of those have been false positives--they need
to be researched very carefully--but there have been at least three, I
believe, which have been real.

The outbound stream of logfiles from the keylogger in place can move via a
number of means--it can be very difficult to prevent.

--

 

[Bill Sanderson]

There's a keylogger report in another group in this forum today.

--

 

[Bill Sanderson]

The subscription nature of the service makes that difficult.

--

Why couldn't they have made Microsoft OneCare a world wide open beta like
Microsoft AntiSpyware.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[plun]

Hi Andre

Maybe a really good idea, but you know , MONEY, MONEY, MONEY !

This is a swamp with 3rd party companies and a runner up MS. Curtain
down for all 3rd partys ;( but who knows ?

--
plun




After serious thinking Andre Da Costa [Extended64] wrote :

Why couldn't they have made Microsoft OneCare a world wide open beta like
Microsoft AntiSpyware.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[plun]

Hi Bill

I know that, is it something wrong with Spywarewarriors blog ?

This is just a warning !

--
plun



Bill Sanderson formulated the question :

 

[Bill Sanderson]

According to ZDNet, Windows Vista also contains a firewall which interdicts
outbound traffic, although that functionality is not enabled by default.

--

Hi Andre

Maybe a really good idea, but you know , MONEY, MONEY, MONEY !

This is a swamp with 3rd party companies and a runner up MS. Curtain down
for all 3rd partys ;( but who knows ?

--
plun




After serious thinking Andre Da Costa [Extended64] wrote :

Why couldn't they have made Microsoft OneCare a world wide open beta like
Microsoft AntiSpyware.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[Bill Sanderson]

I'm glad you posted the blog entry and the warning--just pointing out that
this is a real issue, and one that you can observe in these forums
regularly.

--

 

[plun]

?

Yes I can observe it but this one can be a little bit more then just
a keylogger and as written within Spywarewarrios blog links this
contains a CWS infection, nothing to just "ignore", IMHO again.

And when it is about personal information as bank accounts this is
really serious.

 

[Andre Da Costa]

Interesting, I can't wait for it to be public so I can try that out.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

According to ZDNet, Windows Vista also contains a firewall which
interdicts outbound traffic, although that functionality is not enabled by
default.

--

Hi Andre

Maybe a really good idea, but you know , MONEY, MONEY, MONEY !

This is a swamp with 3rd party companies and a runner up MS. Curtain down
for all 3rd partys ;( but who knows ?

--
plun




After serious thinking Andre Da Costa [Extended64] wrote :

Why couldn't they have made Microsoft OneCare a world wide open beta
like Microsoft AntiSpyware.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
What these researchers have found is a repository for log files from
keyloggers.

I'm always surprised that I've never found such a file on any of the
machines I've worked on, but they are something I look for early on a
given new machine because of the disasterous consequences of having one
in place and the information contained in those logs getting out.

Keyloggers are something that Microsoft Antispyware detects.

It may be of interest to note that future firewall versions from
Microsoft--the one in OneCare, for example:

http://beta.windowsonecare.com/prodinfo/default.aspx

are now two-way, and would help in this situation, as well.

In the life of these forums, we've had perhaps half a dozen or more
reports of keyloggers. Some of those have been false positives--they
need to be researched very carefully--but there have been at least
three, I believe, which have been real.

The outbound stream of logfiles from the keylogger in place can move
via a number of means--it can be very difficult to prevent.

--

http://netrn.net/spywareblog/archives/2005/08/05/massive-id-theft-ring-discovered/

This is not fun anymore ! >:|

 

[Andre Da Costa]

It makes the world go around.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

Hi Andre

Maybe a really good idea, but you know , MONEY, MONEY, MONEY !

This is a swamp with 3rd party companies and a runner up MS. Curtain down
for all 3rd partys ;( but who knows ?

--
plun




After serious thinking Andre Da Costa [Extended64] wrote :

Why couldn't they have made Microsoft OneCare a world wide open beta like
Microsoft AntiSpyware.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[plun]

Yup, maybe more important to protect users personal information
then to think about "business"

--
plun


Andre Da Costa used his keyboard to write :

It makes the world go around.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

Hi Andre

Maybe a really good idea, but you know , MONEY, MONEY, MONEY !

This is a swamp with 3rd party companies and a runner up MS. Curtain down
for all 3rd partys ;( but who knows ?

--
plun




After serious thinking Andre Da Costa [Extended64] wrote :

Why couldn't they have made Microsoft OneCare a world wide open beta like
Microsoft AntiSpyware.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
What these researchers have found is a repository for log files from
keyloggers.

I'm always surprised that I've never found such a file on any of the
machines I've worked on, but they are something I look for early on a
given new machine because of the disasterous consequences of having one
in place and the information contained in those logs getting out.

Keyloggers are something that Microsoft Antispyware detects.

It may be of interest to note that future firewall versions from
Microsoft--the one in OneCare, for example:

http://beta.windowsonecare.com/prodinfo/default.aspx

are now two-way, and would help in this situation, as well.

In the life of these forums, we've had perhaps half a dozen or more
reports of keyloggers. Some of those have been false positives--they
need to be researched very carefully--but there have been at least three,
I believe, which have been real.

The outbound stream of logfiles from the keylogger in place can move via
a number of means--it can be very difficult to prevent.

--

http://netrn.net/spywareblog/archives/2005/08/05/massive-id-theft-ring-discovered/

This is not fun anymore ! >:|

 

[Chris Smith]

I tried the beta of I.E. 7 with great success but my Zone Alarm version with
spyware capability kept flagging keylogger activity.

 

[Bill Sanderson]

I hope you don't think I was suggesting ignoring this warning--far from it.

I went back and re-read the article. One thing that I gleaned was the
information about the entries in the hosts file redirecting access to bank
domains to an IP in Russia.

This is another good example of why I believe it is best to keep the hosts
file to an absolute minimum of entries, so that it can easily be examined.

--

 

[Bill Sanderson]

Were you ever able to figure out what kind of activity they were flagging?
I wonder if some of the anti-phishing behaviors in IE7 would be new to Zone
Alarm and cause the flagging?

 

[Andre Da Costa [Extended64]]

Microsoft - its still a business, you will never change the central practice
behind every company which is to make money. Honestly, I think thats a good
thing, in the case of Microsoft it drives both competitiveness and
innovation to be the best in whatever industry they are competing.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

Yup, maybe more important to protect users personal information
then to think about "business"

--
plun


Andre Da Costa used his keyboard to write :

It makes the world go around.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

Hi Andre

Maybe a really good idea, but you know , MONEY, MONEY, MONEY !

This is a swamp with 3rd party companies and a runner up MS. Curtain
down for all 3rd partys ;( but who knows ?

--
plun




After serious thinking Andre Da Costa [Extended64] wrote :
Why couldn't they have made Microsoft OneCare a world wide open beta
like Microsoft AntiSpyware.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
What these researchers have found is a repository for log files from
keyloggers.

I'm always surprised that I've never found such a file on any of the
machines I've worked on, but they are something I look for early on a
given new machine because of the disasterous consequences of having
one in place and the information contained in those logs getting out.

Keyloggers are something that Microsoft Antispyware detects.

It may be of interest to note that future firewall versions from
Microsoft--the one in OneCare, for example:

http://beta.windowsonecare.com/prodinfo/default.aspx

are now two-way, and would help in this situation, as well.

In the life of these forums, we've had perhaps half a dozen or more
reports of keyloggers. Some of those have been false positives--they
need to be researched very carefully--but there have been at least
three, I believe, which have been real.

The outbound stream of logfiles from the keylogger in place can move
via a number of means--it can be very difficult to prevent.

--

http://netrn.net/spywareblog/archives/2005/08/05/massive-id-theft-ring-discovered/

This is not fun anymore ! >:|

 

[plun]

Andre, of course they are in business what I mean is that
it would maybe be a good idea to include all security programs
for Windows delievered from MS included in the license.
No need for 3rd party apps and this is a business challenge
But we then loose all competition so this is indeed difficult.

--
plun


It happens that Andre Da Costa [Extended64] formulated :

Microsoft - its still a business, you will never change the central practice
behind every company which is to make money. Honestly, I think thats a good
thing, in the case of Microsoft it drives both competitiveness and innovation
to be the best in whatever industry they are competing.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

Yup, maybe more important to protect users personal information
then to think about "business"

--
plun


Andre Da Costa used his keyboard to write :

It makes the world go around.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

Hi Andre

Maybe a really good idea, but you know , MONEY, MONEY, MONEY !

This is a swamp with 3rd party companies and a runner up MS. Curtain down
for all 3rd partys ;( but who knows ?

--
plun




After serious thinking Andre Da Costa [Extended64] wrote :
Why couldn't they have made Microsoft OneCare a world wide open beta
like Microsoft AntiSpyware.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
What these researchers have found is a repository for log files from
keyloggers.

I'm always surprised that I've never found such a file on any of the
machines I've worked on, but they are something I look for early on a
given new machine because of the disasterous consequences of having one
in place and the information contained in those logs getting out.

Keyloggers are something that Microsoft Antispyware detects.

It may be of interest to note that future firewall versions from
Microsoft--the one in OneCare, for example:

http://beta.windowsonecare.com/prodinfo/default.aspx

are now two-way, and would help in this situation, as well.

In the life of these forums, we've had perhaps half a dozen or more
reports of keyloggers. Some of those have been false positives--they
need to be researched very carefully--but there have been at least
three, I believe, which have been real.

The outbound stream of logfiles from the keylogger in place can move
via a number of means--it can be very difficult to prevent.

--

http://netrn.net/spywareblog/archives/2005/08/05/massive-id-theft-ring-discovered/

This is not fun anymore ! >:|

 

[Bill Sanderson]

If I'm reading you right, your thinking was that if Microsoft has managed to
create a firewall which handles outbound as well as inbound traffic, your
sense of this particular CoolWebSearch issue is that it is enough to make it
imperative that Microsoft provide that technology free to all Windows users.

They definitely have such technology, and in a consumer-friendly version, as
evidenced by the OneCare website descriptions.

They haven't announced pricing for OneCare.

It looks like similar firewall capabilities will be included in Vista, but
there's some question about that.

There are a number of vendors still providing free firewall software for
Windows and including outbound traffic blocking.

I guess I'm unconvinced about the real imperative here. I agree it would be
nice when new capabilities are developed that address security issues, for
them to be available to existing Windows users for free. But how do you
propose that Microsoft recover the cost of doing that development?


--

Andre, of course they are in business what I mean is that
it would maybe be a good idea to include all security programs
for Windows delievered from MS included in the license.
No need for 3rd party apps and this is a business challenge
But we then loose all competition so this is indeed difficult.

--
plun


It happens that Andre Da Costa [Extended64] formulated :

Microsoft - its still a business, you will never change the central
practice behind every company which is to make money. Honestly, I think
thats a good thing, in the case of Microsoft it drives both
competitiveness and innovation to be the best in whatever industry they
are competing.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

Yup, maybe more important to protect users personal information
then to think about "business"

--
plun


Andre Da Costa used his keyboard to write :
It makes the world go around.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

Hi Andre

Maybe a really good idea, but you know , MONEY, MONEY, MONEY !

This is a swamp with 3rd party companies and a runner up MS. Curtain
down for all 3rd partys ;( but who knows ?

--
plun




After serious thinking Andre Da Costa [Extended64] wrote :
Why couldn't they have made Microsoft OneCare a world wide open beta
like Microsoft AntiSpyware.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
What these researchers have found is a repository for log files from
keyloggers.

I'm always surprised that I've never found such a file on any of the
machines I've worked on, but they are something I look for early on
a given new machine because of the disasterous consequences of
having one in place and the information contained in those logs
getting out.

Keyloggers are something that Microsoft Antispyware detects.

It may be of interest to note that future firewall versions from
Microsoft--the one in OneCare, for example:

http://beta.windowsonecare.com/prodinfo/default.aspx

are now two-way, and would help in this situation, as well.

In the life of these forums, we've had perhaps half a dozen or more
reports of keyloggers. Some of those have been false
positives--they need to be researched very carefully--but there have
been at least three, I believe, which have been real.

The outbound stream of logfiles from the keylogger in place can move
via a number of means--it can be very difficult to prevent.

--

http://netrn.net/spywareblog/archives/2005/08/05/massive-id-theft-ring-discovered/

This is not fun anymore ! >:|