| 1 |
Dale schreef: |
| 2 |
> Hi guys, and Holly, :D |
| 3 |
> |
| 4 |
> I'm on dial-up and try to watch my traffic and every once in a while |
| 5 |
> I see a little blip on gkrellm. I fired up ethreal and started to |
| 6 |
> sniff around. Parden the pun there. LOL This is what it says |
| 7 |
> though which is strange. It's really the last two lines that matter |
| 8 |
> but I am putting the whole thing here just in case. Sorry so long. |
| 9 |
> |
| 10 |
<snip> |
| 11 |
>> Microsoft Messenger Service, NetrSendMessage Operation: |
| 12 |
>> NetrSendMessage (0) Server Max Count: 10 Offset: 0 Actual Count: 10 |
| 13 |
>> Server: Microsoft Client Max Count: 35 Offset: 0 Actual Count: 35 |
| 14 |
>> Client: inform you about a virus detection Message Max Count: 497 |
| 15 |
>> Offset: 0 Actual Count: 497 Message [truncated]: Windows has |
| 16 |
>> detected a virus on your system. In order to remove it please |
| 17 |
>> follow this steps:\n\n1. Start Microsoft Internet Explorer or your |
| 18 |
>> default web browser.\n2. Type into the navigation bar: |
| 19 |
>> http://www.cleanmyreg. |
| 20 |
> |
| 21 |
> |
| 22 |
> |
| 23 |
> What is this? Is this some spam and it pops up a window if I were |
| 24 |
> using windoze? I went to the site and it looks like they want to |
| 25 |
> sell something, which I ain't buying by the way. ;-) |
| 26 |
|
| 27 |
Yes-- not that I know anything about this, but it looks like a "trick" |
| 28 |
popup. |
| 29 |
|
| 30 |
The site does not seem to be checking your browser ID (which would say |
| 31 |
Linux), but instead assumes that |
| 32 |
|
| 33 |
1) you are a Windows user (after all, isn't everybody?) |
| 34 |
|
| 35 |
2) you use IE (after all, doesn't everybody?) |
| 36 |
|
| 37 |
3) you do not have a competent admin on your system -- the message uses |
| 38 |
Microsoft Messenger Service, which is turned on by default under |
| 39 |
Windows, and enables these kind of popup messages across LAN and WAN, |
| 40 |
sort of like a mini MSN-- which I believe it connects to as well-- and |
| 41 |
is not only quite "useless" except to people like this, but also quite |
| 42 |
insecure because it lets unknown people like this send you "messages" |
| 43 |
without your active consent. |
| 44 |
|
| 45 |
Any Windows user I know with even a grain of competence turns it off |
| 46 |
first thing after installation. But of course Joe and Jane Average User |
| 47 |
don't know to do this because their OS is supposed to competently |
| 48 |
administer their system for them. Oh, well keeps my bf in barter trade |
| 49 |
goods for cleaning the PCs of Joe and Jane out again every 3 months or so. |
| 50 |
|
| 51 |
> How can I tell them to stop this? |
| 52 |
|
| 53 |
1) Don't go to the site. |
| 54 |
|
| 55 |
2) If you must go to the site, don't do so with IE (if you're using |
| 56 |
Windows for whatever reason) |
| 57 |
|
| 58 |
3) If you must go to the site using IE, for heaven's sake, don't click |
| 59 |
that link (though that may not protect you; some sites will also |
| 60 |
transfer their payload when you try to close the popup even if you don't |
| 61 |
click the link) |
| 62 |
|
| 63 |
4) If you must go to the site using Windows, then have a good a) |
| 64 |
firewall, 2) ad-blocker, 3) spyware blocker/cleaner, and 4) antivirus |
| 65 |
scanner present on the system. |
| 66 |
|
| 67 |
You could also complain to 1) the site 2) the hosting admin 3) the |
| 68 |
authorities, but it's clearly a "commercial deal" for somebody -- either |
| 69 |
the host or the admin has coded/allowed this pass-through to be present |
| 70 |
on their site, and /somebody/ has either been paid to do so or expects |
| 71 |
to get paid for doing so in terms of click-through revenues or |
| 72 |
advertising view revenues or, more unpleasantly, virus or trojan |
| 73 |
proliferation, and imo, "regular users" are unlikely to stop the flow of |
| 74 |
compensation except by not participating. |
| 75 |
|
| 76 |
But you don't have Windows or the Microsoft Messenger Service on a |
| 77 |
Gentoo box; this foolishness is not actively dangerous to you; |
| 78 |
especially since you don't have a Registry either, so there's no reason |
| 79 |
for you to follow the link to any supposed Registry-cleaning program. |
| 80 |
GKrellm is just reporting that somebody tried to send you a message |
| 81 |
through this non-existent service. |
| 82 |
|
| 83 |
> Oh, only my main rig does this. My three servers which have no GUI |
| 84 |
> stuff or browsers installed do not get this, that I can see anyway. |
| 85 |
> |
| 86 |
> Another thing a bit off topic. I noticed earlier that there was a |
| 87 |
> post in some foreign language, looked like Japaneese or Chinese and |
| 88 |
> looked like spam to me. Later I got one in my personal email. Can |
| 89 |
> someone get my email address from this list? I have got a few emails |
| 90 |
> from people, which is OK as long as it is not spam. Just curious. I |
| 91 |
> like the list but I didn't know my private email would become |
| 92 |
> public, if this is true. |
| 93 |
|
| 94 |
I never understand about how people think their email address is |
| 95 |
"private", when it's meant to allow communication between the public |
| 96 |
network (the Internet) and you. You can take your number out of the |
| 97 |
phone book too, which means that _most_ random people will be unlikely |
| 98 |
to call you, but anyone can simply punch a series of numbers--even |
| 99 |
accidentally-- and call you, because you are connected to the public |
| 100 |
telephone network by your phone number. In the early days of |
| 101 |
telemarkting, that used to happen a lot; even now, there are |
| 102 |
computer-generated phone calls that call and when you pick up the phone, |
| 103 |
you get a computer talking to you (often telling you to hold on for a |
| 104 |
live person who's going to try to sell you something). Such setups don't |
| 105 |
know your "private" telephone number; they're just guessing randomly, |
| 106 |
but managed to reach you anyway. |
| 107 |
|
| 108 |
Your phone number, address and email address are semi-public just by the |
| 109 |
fact of their existence. |
| 110 |
|
| 111 |
As for the list, I'm sure that the list's list of user addresses is not |
| 112 |
made public, but the list is publically archived on gmane and is |
| 113 |
available via newsgroups. It's certainly possible for a bot to troll the |
| 114 |
archives and attempt to extract email addresses, just as it is possible |
| 115 |
for a bot to put random strings in front of your ISP's domain name and |
| 116 |
send out spam to all generated addresses (which would be unrelated to |
| 117 |
your email address being visible on this list). And it has been known to |
| 118 |
happen that somebody on this or any list gets infected by a virus (we |
| 119 |
don't live in a pure Linux world after all, and some people run 1) Linux |
| 120 |
on Windows via VMWare or Win4Lin, 2) run mailservers connected to |
| 121 |
Windows machines that may become infected by a virus that propagates |
| 122 |
through the network; 3) dual-boot and possibly share their PC with a |
| 123 |
non-technical person who allowed the PC to become infected by a virus; |
| 124 |
4) are connecting to the list from a Windows machine that is not under |
| 125 |
their control (i.e., from a hotel or Internet cafe while travelling on |
| 126 |
business), and said infected machine trolls the individual user's |
| 127 |
address book for places to send their spam or proliferate the virus/trojan. |
| 128 |
|
| 129 |
Having sent mail with this email address, it is no longer "private" (the |
| 130 |
only way to keep a secret truly secret is to be the only one who knows |
| 131 |
it, after all); anybody who reads your mail now knows your address, and |
| 132 |
you have no way of knowing who is reading your mail-- who is "all the |
| 133 |
members of this list"? How many people is that? Do you know all of our |
| 134 |
email addresses, and have you signed a waiver saying "I want everybody |
| 135 |
on this list <list of each and every one of our email addresses> to know |
| 136 |
my email address"? No? Then you have already made your email address |
| 137 |
"public" by using it to send mail to people that you don't specifically |
| 138 |
know (the public, otherwise known as "us"). |
| 139 |
|
| 140 |
If you'd like an address to use for the list that would run some |
| 141 |
interference between your personal email address and any possible |
| 142 |
spammers, I (and probably 95% of everybody else on this list) can send |
| 143 |
you a GMail invite which you can use as your "public" email address, |
| 144 |
which would then "catch" such additional unwanted generated mail so it never |
| 145 |
reaches your personal ISP email. |
| 146 |
|
| 147 |
You might also consider re-evaluating your ISP-- I never saw the list |
| 148 |
mail you're referring to, and I also never got the original PayPal crap |
| 149 |
people talked about (though I got the replies, which was funny as I had |
| 150 |
no idea what people were talking about)-- they didn't even get filtered |
| 151 |
to my Trash. I really never got them, and I think that's because they |
| 152 |
were caught by my ISP's spam filter. Does your ISP filter spam? |
| 153 |
|
| 154 |
My boyfriend the Windows user, on the other hand, has a policy of |
| 155 |
checking his mail via our ISP's Webmail before downloading it. He just |
| 156 |
deletes what little spam gets through the filters off the servers before |
| 157 |
opening Mozilla Mail and downloading the rest. Which to me seems like a |
| 158 |
PITA, but it is an effective solution (in the usual Windows style of |
| 159 |
more work on the user's part because you can't trust your OS to protect |
| 160 |
you in any way whatsoever). |
| 161 |
|
| 162 |
Again, if your ISP does not provide webmail, you can use GMail, Hotmail, |
| 163 |
Yahoo!Mail or whatever web-based mail account to communicate with the |
| 164 |
list, insulating your ISP account from any spam that participating in a |
| 165 |
public list might cause to occur. |
| 166 |
|
| 167 |
HTH, |
| 168 |
Holly |
| 169 |
-- |
| 170 |
gentoo-user@g.o mailing list |
Archives