Tue, Nov 26, 3:08 AM CST

Renderosity Forums / Bryce



Welcome to the Bryce Forum

Forum Moderators: TheBryster

Bryce F.A.Q (Last Updated: 2024 Nov 21 4:12 am)

[Gallery]     [Tutorials]


THE PLACE FOR ALL THINGS BRYCE - GOT A PROBLEM? YOU'VE COME TO THE RIGHT PLACE


Subject: ICQ uses be aware.


CrazyDawg ( ) posted Thu, 08 March 2007 at 12:29 AM · edited Fri, 22 November 2024 at 3:29 PM

After a friend had installed the latest version of icq on her computer i had thought about doing it myself but because of many warnings i had received way back when it was icq 99b i chose to stay away from it once again.

Now let me firstly inform you, the computer is new, not even 3 days old yet, been on the net two days and OS is windows vista. 
Due to advice from moi the young lady installed Spy Bot, ad-aware and AVG anti-virus. 
After getting a phone call from her asking me why is it she can not connect to the net(broadband connection) i couldn't figure the problem out from over the phone so off i went and sat at her computer checking settings, everything seemed fine there.

So it was a phone call to her ISP t find out if they had a problem only to be told her internet connection was suspended due to mass spam mail that was getting sent from her computer.
Ok, time for a quick scan we thoughts..low and behold we finds a little backdoor trojan we did.
Spabot was his name so with a quick phone call to my wife and getting her to search on the net i get a text message which read..Large Scale E-mailing: Infected hosts may be used as an email relay for distributing spam.
All cleaned an running again, on the net after explaining to her isp what had happened..funny enough the guy at her isp had asked what programs she had installed and when i mentioned icq he stated and i quote "someone used a backdoor in icq to access her computer".
How i wondered then i recalled my warnings from way back when icq was 99b...hackers use to use a backdoor in icq to gain access to someones system....

**So please if you use icq watch your backdoors.
**
PS: when i say spam mail was being sent from her computer..it wasn't a small number of emails  from what her isp informed us. Total mail size in 1 hour was 7MB/s

I have opinions of my own -- strong opinions -- but I don't always agree with them.


 



CrazyDawg ( ) posted Thu, 08 March 2007 at 12:32 AM

PS: this is what i have just located on symantec.com about the above mentioned trojan..

Discovered: July 3, 2004

Updated: February 13, 2007 12:25:02 PM

Type: Trojan Horse

Infection Length: 73728;98304

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

 

Trojan.Spabot is a Trojan horse that allows an infected computer to be used as a spam email relay.

Protection

  • Virus Definitions (LiveUpdate™ Weekly) July 5, 2004
  • Virus Definitions (Intelligent Updater) July 4, 2004

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low
  • Large Scale E-mailing: Infected hosts may be used as an email relay for distributing spam.
  • Degrades Performance: Relaying email may affect overall system and network performance.

Distribution

  • Distribution Level: Low

 

Writeup By: Kaoru Hayashi

I have opinions of my own -- strong opinions -- but I don't always agree with them.


 



Whimsical ( ) posted Thu, 08 March 2007 at 9:12 AM

Just out of curiosity, what (if any) software firewall is she using?

Also too with a virus discovered back in 2004, assuming av definitions have been promptly updated upon installing the av and files are being scanned correctly I'd be questioning why the AV program didnt pick it up and quarantine it.

Food for thought.


CrazyDawg ( ) posted Thu, 08 March 2007 at 9:53 AM

Whimsical the the firewall in use on her system at the moment is the windows vista one plus the firewall that her adsl router as with it(not software). AV definitions were updated at the time i installed the AV on her computer.

Now i'm unsure why the av didn't pick it up when the trojan got on her system but it seemed very strange that everything was fine up until the time she downloaded(no idea where from) icq and installed that....to be honest i actually think she had someone else download and install icq as she really isn't that clued in on computers and downloading/installing programs.

I have opinions of my own -- strong opinions -- but I don't always agree with them.


 



Rochr ( ) posted Thu, 08 March 2007 at 3:41 PM

That really sucks, but are you really sure it´s ICQ causing this?
I ask, because i know for a fact that MSN Messenger open up doors for all sorts of garbage, including a few nasties that will use your machine for sending out spam.
I´ve lost count on how much crap i´ve had to remove from my wifes machine, and all of it came through messenger. I personally don´t use it, so i don´t have that problem. :)
With ICQ on the other hand, i´ve never had any problems, and i´ve used it since 1997
.
Windows safety has never worked as intended and unfortunatly Vista is no exception, so it´s more or less pointless having it running other than for using resources. 
As for AVG, it´s free, but sadly you also get exactly what you pay for. A guy at work has a bad habit of installing that program(despite my warnings), and apart from never ending error messages,(boot errors, missing dll-files etc),  it slows down the machines.
If you have the chance, you should really try out Nod32 instead. You wont even notice when it´s working, and it blocks any file that has the characteristics of a virus.

Rudolf Herczog
Digital Artist
www.rochr.com


Gog ( ) posted Thu, 08 March 2007 at 4:28 PM

I would say go for zonealarm internet security (not just firewall), it's excellent.

----------

Toolset: Blender, GIMP, Indigo Render, LuxRender, TopMod, Knotplot, Ivy Gen, Plant Studio.


Death_at_Midnight ( ) posted Thu, 08 March 2007 at 4:36 PM

I agree with that. It's what I use in all my machines.


Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.