Wed, Nov 6, 6:32 PM CST

Renderosity Forums / Poser - OFFICIAL



Welcome to the Poser - OFFICIAL Forum

Forum Coordinators: RedPhantom

Poser - OFFICIAL F.A.Q (Last Updated: 2024 Nov 05 9:36 pm)



Subject: worm


Marque ( ) posted Mon, 03 July 2006 at 7:13 AM · edited Sun, 03 November 2024 at 2:56 PM

Anyone else get hit with this earlier????

Intrusion: NMap Null Scan
Intruder: www.renderosity.com(66.18.106.204).
Risk Level: Medium

My norton picked it up and stopped it, tried to hit me when I came into the poser forum. If anyone knows what it is I would appreciate the info.


Marque ( ) posted Mon, 03 July 2006 at 7:13 AM

And yes....norton listed it as a worm.


Miss Nancy ( ) posted Mon, 03 July 2006 at 11:41 AM

did it try to load with one of the banners?



TrekkieGrrrl ( ) posted Mon, 03 July 2006 at 1:09 PM

O.o

I hane't seen that one, and my current AV (eTrust) didn't catch anything...

But ever since I was hit by the polip.a I get nervous twitches when I hear the word "worm"

FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
  Using Poser since 2002. Currently at Version 11.1 - Win 10.



bevans84 ( ) posted Mon, 03 July 2006 at 3:08 PM

It's not a worm.
http://www.symantec.com/avcenter/attack_sigs/o93.html 

Nmap is a network utility (standard on most *nix boxes) that can be used to identify open ports on a machine, and is often used by hackers to identify vulnerable ports.
It can also be used for the less sinister purpose of identifying the operating system of a connecting computer, although Windows operating systems don't respond to the scan in the standard manner. Probably not the wisest choice in this age of excessive paranoia.



Acadia ( ) posted Mon, 03 July 2006 at 4:15 PM

Why is renderosity scanning our ports?!!!

"It is good to see ourselves as others see us. Try as we may, we are never
able to know ourselves fully as we are, especially the evil side of us.
This we can do only if we are not angry with our critics but will take in good
heart whatever they might have to say." - Ghandi



Marque ( ) posted Mon, 03 July 2006 at 4:33 PM

I don't know what it tried to load with and don't care. If I don't get a good explanation for this from rendo they can kiss me and my money goodbye. They have NO business trying to scan ANYTHING on my system.


bevans84 ( ) posted Mon, 03 July 2006 at 5:30 PM

IDK why they would be scanning ports, I keep all unused ports closed on my systems.
The scan is probably benign. I mean, everyone is trusting them with their credit card info, or trusting that their paypal link isn't harvesting their password, so I wouldn't worry about it.
Every deal I've done with Rendo has ended well, and I've found them more than helpful with any problem, so I pretty much trust them.

You can worry about it, I guess, but I'm not. Anyway, it's been my experience that Norton usually causes more problems and confusion than it ever cures.

FWIW



Acadia ( ) posted Mon, 03 July 2006 at 7:07 PM

Quote - I wouldn't worry about it.

I'm not worried about it.  I have no sensitive, classified information on my computer.  I'd just like to know what reason they have for attempting to scan our ports.

I sit behind a router and software firewall most of the time and I've done those port scans to look for open ports and my computer always shows as "stealth". 

"It is good to see ourselves as others see us. Try as we may, we are never
able to know ourselves fully as we are, especially the evil side of us.
This we can do only if we are not angry with our critics but will take in good
heart whatever they might have to say." - Ghandi



infinity10 ( ) posted Mon, 03 July 2006 at 7:35 PM

If I'm behind a router and firewall, does the scan even reach my individual pc ?  I ain't been alerted by my antivirus software, and my machines have Norton, McAfee and AVG respectively  ( ! )

Eternal Hobbyist

 


Marque ( ) posted Mon, 03 July 2006 at 7:39 PM

I'm also behind a router and firewall and norton picked it up which surprised me.


bevans84 ( ) posted Mon, 03 July 2006 at 8:50 PM

Network Address Translation (NAT) will allow the scan to pass through open ports. The fact that the firewall blocked the scan means that it did it's job, and you were in no danger.

A few years back, while bringing up a fresh NT 4 Server install, the server was compromised through a well known NT vulnerability before I could locate the Service Pack CD and install it. Less than two minutes. :-)    Had to format and start all over again.
This kind of stuff just happens, and will keep happening. About all anyone can do is to protect yourself as well as you can. There are freeware programs like SpyWareBlaster that harden your system quite well. Spybot S&D and SpyWareBlaster makes a pretty good one/two punch.

As far as why, I could only guess. They honestly might not be aware of it. Could be something that is integrated in Bondware.



Darboshanski ( ) posted Mon, 03 July 2006 at 9:11 PM

I was fourtunate  and picked up nothing. However, given the state of this site and it's server issues nothing would suprise me.

My Facebook Page


Miss Nancy ( ) posted Mon, 03 July 2006 at 10:07 PM

the client's browser sends an http request to the server, to port 80 or 8080 or something. the server isn't supposed to do anything similar, is it? I just get the feeling that the loading and functioning of any requests for certain ports on the client's machine was (or is) associated with one of their commercial banners, which may access some code from a remote server. AFAIK they have disabled the inclusion of any scripts in any of the forum messages or subject lines, which was a big problem that some hacker tried to exploit in a previous bondware version IIRC.



KarenJ ( ) posted Tue, 04 July 2006 at 1:08 AM

Hmmm. I'll alert the programming team to this thread. I've never seen anything like this and I tend to run with a fairly paranoid setup.

Has anyone else apart from Marque experienced this anywhere on site? (Nil returns not required)
Marque - I don't suppose you can remember what ad banner was on screen?


"you are terrifying
and strange and beautiful
something not everyone knows how to love." - Warsan Shire


jww1960 ( ) posted Tue, 04 July 2006 at 1:23 AM

Norton Internet Security actually blocked the same thing coming from RDNA at 12:38 am PDT on my system.

Jeff


Marque ( ) posted Tue, 04 July 2006 at 5:53 AM

To be honest I rarely look at the banners.


mickmca ( ) posted Tue, 04 July 2006 at 6:11 AM

What banners? Oh, those.


elisandra ( ) posted Tue, 04 July 2006 at 6:56 AM

Seems strange that there are still net users who don't have full stealth. Steakthing your system is a good way to stop these stupid backdoor attacks.


PJF ( ) posted Tue, 04 July 2006 at 7:09 AM

This computer (not my regular) got "hit" with this 4 times. Norton Antivirus 2006.

 

3rd July 12:04:36 BST

TCP Destination Port: 2433.

TCP Header Flags: 0x00000e3d. These TCP Flags are invalid and the packet is characteristic of an NMap Xmas Scan.

 

3rd July 15:01:00 BST

TCP Destination Port: 2618.

TCP Header Flags: 0x00000eff. These TCP Flags are invalid and the packet is characteristic of an NMap Xmas Scan.

 

3rd July 16:16:00 BST

TCP Destination Port: 1712.

TCP Header Flags: 0x00000fff. These TCP Flags are invalid and the packet is characteristic of an NMap Xmas Scan.

 

3rd July 16:54:49 BST

TCP Destination Port: 1855.

TCP Header Flags: 0x00000cf9. These TCP Flags are invalid and the packet is characteristic of an NMap Xmas Scan.

 

(BST = British Summer Time = GMT +1)

 

 

 

Happy Independence Day to US members!

 

I’m off for a cup of tea (downfall of the British Empire! ;-)).

 

 


Posermatic ( ) posted Tue, 04 July 2006 at 9:27 AM

It has happened to me also 3 or 4 times yesterday. All in the Poser forum.

Norton security suite also.


Acadia ( ) posted Tue, 04 July 2006 at 11:50 AM

Attached Link: http://market.renderosity.com/mod/forumpro/showthread.php?thread_id=2655153

I made a post about this in the Community forum yesterday after readin this thread.

There is an answer posted there.

"It is good to see ourselves as others see us. Try as we may, we are never
able to know ourselves fully as we are, especially the evil side of us.
This we can do only if we are not angry with our critics but will take in good
heart whatever they might have to say." - Ghandi



KarenJ ( ) posted Tue, 04 July 2006 at 2:38 PM

If anyone else gets this, please check what banner is on screen and if possible right-click and copy the link it's giving. The programmers have advised that there shouldn't be any port-scanning going on.


"you are terrifying
and strange and beautiful
something not everyone knows how to love." - Warsan Shire


themomster0 ( ) posted Tue, 04 July 2006 at 7:23 PM

I haven't had any alerts from here (yet).  I did get one from another Poser site, but it wasn't a real worm, just adware from a banner.  I run Nod32 and it stopped it cold even though it wasn't anything too serious.


Fredy ( ) posted Thu, 06 July 2006 at 1:09 PM

got one 15 minutes ago... took some time to find this thread... I was browsing the galleries...


Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.