1 |
Dale schreef: |
2 |
> Hi guys, and Holly, :D |
3 |
> |
4 |
> I'm on dial-up and try to watch my traffic and every once in a while |
5 |
> I see a little blip on gkrellm. I fired up ethreal and started to |
6 |
> sniff around. Parden the pun there. LOL This is what it says |
7 |
> though which is strange. It's really the last two lines that matter |
8 |
> but I am putting the whole thing here just in case. Sorry so long. |
9 |
> |
10 |
<snip> |
11 |
>> Microsoft Messenger Service, NetrSendMessage Operation: |
12 |
>> NetrSendMessage (0) Server Max Count: 10 Offset: 0 Actual Count: 10 |
13 |
>> Server: Microsoft Client Max Count: 35 Offset: 0 Actual Count: 35 |
14 |
>> Client: inform you about a virus detection Message Max Count: 497 |
15 |
>> Offset: 0 Actual Count: 497 Message [truncated]: Windows has |
16 |
>> detected a virus on your system. In order to remove it please |
17 |
>> follow this steps:\n\n1. Start Microsoft Internet Explorer or your |
18 |
>> default web browser.\n2. Type into the navigation bar: |
19 |
>> http://www.cleanmyreg. |
20 |
> |
21 |
> |
22 |
> |
23 |
> What is this? Is this some spam and it pops up a window if I were |
24 |
> using windoze? I went to the site and it looks like they want to |
25 |
> sell something, which I ain't buying by the way. ;-) |
26 |
|
27 |
Yes-- not that I know anything about this, but it looks like a "trick" |
28 |
popup. |
29 |
|
30 |
The site does not seem to be checking your browser ID (which would say |
31 |
Linux), but instead assumes that |
32 |
|
33 |
1) you are a Windows user (after all, isn't everybody?) |
34 |
|
35 |
2) you use IE (after all, doesn't everybody?) |
36 |
|
37 |
3) you do not have a competent admin on your system -- the message uses |
38 |
Microsoft Messenger Service, which is turned on by default under |
39 |
Windows, and enables these kind of popup messages across LAN and WAN, |
40 |
sort of like a mini MSN-- which I believe it connects to as well-- and |
41 |
is not only quite "useless" except to people like this, but also quite |
42 |
insecure because it lets unknown people like this send you "messages" |
43 |
without your active consent. |
44 |
|
45 |
Any Windows user I know with even a grain of competence turns it off |
46 |
first thing after installation. But of course Joe and Jane Average User |
47 |
don't know to do this because their OS is supposed to competently |
48 |
administer their system for them. Oh, well keeps my bf in barter trade |
49 |
goods for cleaning the PCs of Joe and Jane out again every 3 months or so. |
50 |
|
51 |
> How can I tell them to stop this? |
52 |
|
53 |
1) Don't go to the site. |
54 |
|
55 |
2) If you must go to the site, don't do so with IE (if you're using |
56 |
Windows for whatever reason) |
57 |
|
58 |
3) If you must go to the site using IE, for heaven's sake, don't click |
59 |
that link (though that may not protect you; some sites will also |
60 |
transfer their payload when you try to close the popup even if you don't |
61 |
click the link) |
62 |
|
63 |
4) If you must go to the site using Windows, then have a good a) |
64 |
firewall, 2) ad-blocker, 3) spyware blocker/cleaner, and 4) antivirus |
65 |
scanner present on the system. |
66 |
|
67 |
You could also complain to 1) the site 2) the hosting admin 3) the |
68 |
authorities, but it's clearly a "commercial deal" for somebody -- either |
69 |
the host or the admin has coded/allowed this pass-through to be present |
70 |
on their site, and /somebody/ has either been paid to do so or expects |
71 |
to get paid for doing so in terms of click-through revenues or |
72 |
advertising view revenues or, more unpleasantly, virus or trojan |
73 |
proliferation, and imo, "regular users" are unlikely to stop the flow of |
74 |
compensation except by not participating. |
75 |
|
76 |
But you don't have Windows or the Microsoft Messenger Service on a |
77 |
Gentoo box; this foolishness is not actively dangerous to you; |
78 |
especially since you don't have a Registry either, so there's no reason |
79 |
for you to follow the link to any supposed Registry-cleaning program. |
80 |
GKrellm is just reporting that somebody tried to send you a message |
81 |
through this non-existent service. |
82 |
|
83 |
> Oh, only my main rig does this. My three servers which have no GUI |
84 |
> stuff or browsers installed do not get this, that I can see anyway. |
85 |
> |
86 |
> Another thing a bit off topic. I noticed earlier that there was a |
87 |
> post in some foreign language, looked like Japaneese or Chinese and |
88 |
> looked like spam to me. Later I got one in my personal email. Can |
89 |
> someone get my email address from this list? I have got a few emails |
90 |
> from people, which is OK as long as it is not spam. Just curious. I |
91 |
> like the list but I didn't know my private email would become |
92 |
> public, if this is true. |
93 |
|
94 |
I never understand about how people think their email address is |
95 |
"private", when it's meant to allow communication between the public |
96 |
network (the Internet) and you. You can take your number out of the |
97 |
phone book too, which means that _most_ random people will be unlikely |
98 |
to call you, but anyone can simply punch a series of numbers--even |
99 |
accidentally-- and call you, because you are connected to the public |
100 |
telephone network by your phone number. In the early days of |
101 |
telemarkting, that used to happen a lot; even now, there are |
102 |
computer-generated phone calls that call and when you pick up the phone, |
103 |
you get a computer talking to you (often telling you to hold on for a |
104 |
live person who's going to try to sell you something). Such setups don't |
105 |
know your "private" telephone number; they're just guessing randomly, |
106 |
but managed to reach you anyway. |
107 |
|
108 |
Your phone number, address and email address are semi-public just by the |
109 |
fact of their existence. |
110 |
|
111 |
As for the list, I'm sure that the list's list of user addresses is not |
112 |
made public, but the list is publically archived on gmane and is |
113 |
available via newsgroups. It's certainly possible for a bot to troll the |
114 |
archives and attempt to extract email addresses, just as it is possible |
115 |
for a bot to put random strings in front of your ISP's domain name and |
116 |
send out spam to all generated addresses (which would be unrelated to |
117 |
your email address being visible on this list). And it has been known to |
118 |
happen that somebody on this or any list gets infected by a virus (we |
119 |
don't live in a pure Linux world after all, and some people run 1) Linux |
120 |
on Windows via VMWare or Win4Lin, 2) run mailservers connected to |
121 |
Windows machines that may become infected by a virus that propagates |
122 |
through the network; 3) dual-boot and possibly share their PC with a |
123 |
non-technical person who allowed the PC to become infected by a virus; |
124 |
4) are connecting to the list from a Windows machine that is not under |
125 |
their control (i.e., from a hotel or Internet cafe while travelling on |
126 |
business), and said infected machine trolls the individual user's |
127 |
address book for places to send their spam or proliferate the virus/trojan. |
128 |
|
129 |
Having sent mail with this email address, it is no longer "private" (the |
130 |
only way to keep a secret truly secret is to be the only one who knows |
131 |
it, after all); anybody who reads your mail now knows your address, and |
132 |
you have no way of knowing who is reading your mail-- who is "all the |
133 |
members of this list"? How many people is that? Do you know all of our |
134 |
email addresses, and have you signed a waiver saying "I want everybody |
135 |
on this list <list of each and every one of our email addresses> to know |
136 |
my email address"? No? Then you have already made your email address |
137 |
"public" by using it to send mail to people that you don't specifically |
138 |
know (the public, otherwise known as "us"). |
139 |
|
140 |
If you'd like an address to use for the list that would run some |
141 |
interference between your personal email address and any possible |
142 |
spammers, I (and probably 95% of everybody else on this list) can send |
143 |
you a GMail invite which you can use as your "public" email address, |
144 |
which would then "catch" such additional unwanted generated mail so it never |
145 |
reaches your personal ISP email. |
146 |
|
147 |
You might also consider re-evaluating your ISP-- I never saw the list |
148 |
mail you're referring to, and I also never got the original PayPal crap |
149 |
people talked about (though I got the replies, which was funny as I had |
150 |
no idea what people were talking about)-- they didn't even get filtered |
151 |
to my Trash. I really never got them, and I think that's because they |
152 |
were caught by my ISP's spam filter. Does your ISP filter spam? |
153 |
|
154 |
My boyfriend the Windows user, on the other hand, has a policy of |
155 |
checking his mail via our ISP's Webmail before downloading it. He just |
156 |
deletes what little spam gets through the filters off the servers before |
157 |
opening Mozilla Mail and downloading the rest. Which to me seems like a |
158 |
PITA, but it is an effective solution (in the usual Windows style of |
159 |
more work on the user's part because you can't trust your OS to protect |
160 |
you in any way whatsoever). |
161 |
|
162 |
Again, if your ISP does not provide webmail, you can use GMail, Hotmail, |
163 |
Yahoo!Mail or whatever web-based mail account to communicate with the |
164 |
list, insulating your ISP account from any spam that participating in a |
165 |
public list might cause to occur. |
166 |
|
167 |
HTH, |
168 |
Holly |
169 |
-- |
170 |
gentoo-user@g.o mailing list |