Computer Attack From ABZ - runoutradio

Scaramouche

Scaramouche

AzB Silver Member
Silver Member
When I logged in this morning Norton reported:

Severity: High

An intrusion attempt by DSNTW261was blocked

Risk Name: HTTP Zombie Exploit Toolkit Request

Destination Address: runoutradio.com (140.99.28.10.80)

Attacker URL is a great long string ending in = 1265491247
 
No doubt the most common form of "attack" is a probe to see if a machine is a candidate as a zombie. With the recent increase in activity relating to cablegate, I'm sure there will be a heightened frequency of these probes.
 
One of my other laptops caught the virus.. i was wondering where it came from.
 
I got the same warning message, and it keeps attacking while I am on AZ. Dont know much about this, but it seems that the virus / trojan is attacking all the time when I am here. At least Norton anitivirus keep blocking attacks now.

Logging out, hope Mike & Co can solve it
 
Norton is crap. I wouldn't be so quick to jump as to where it came from. Nortons detects plenty that isn't harmful. Save your money and get a free AV you are just as well off. There are a lot of ping viruses out there now. Could have been from anywhere. Thanks for the warning though.
 
pooladdict said:
I got the same warning message, and it keeps attacking while I am on AZ. Dont know much about this, but it seems that the virus / trojan is attacking all the time when I am here. At least Norton anitivirus keep blocking attacks now.

Logging out, hope Mike & Co can solve it
Click to expand...

Same here!
 
Same here...."Instrusion attempt by JM-PC was blocked".....IP address where attack was coming from was 192.168.1.2 which when I ran thru IP Address Locater website shows Brisbane, Australia....

Jackson
 
jackson said:
Same here...."Instrusion attempt by JM-PC was blocked".....IP address where attack was coming from was 192.168.1.2 which when I ran thru IP Address Locater website shows Brisbane, Australia....

Jackson
Click to expand...

192.168.x.x is a non-routable IP range, and default for 99% of home routers. It is most likely your IP address.
 
Scaramouche said:
When I logged in this morning Norton reported:

Severity: High

An intrusion attempt by DSNTW261was blocked

Risk Name: HTTP Zombie Exploit Toolkit Request

Destination Address: runoutradio.com (140.99.28.10.80)

Attacker URL is a great long string ending in = 1265491247
Click to expand...

The FIRST thing you should do is GOOGLE the virus name. Norton probably has something on it also.

Then you can find out what you are up against and possibly some ways to ward it off.

BTW, The poster who told you to get rid of Norton and go get some free anti-virus protection IS FULL OF CRAP! as you will need not just an anti-virus but a full blown product, especially with a firewall I like Norton 360 - be sure you have the latest version/engine - by that I mean that you don't want a Norton 2009 running your show.

Okay, it is time for DaveK to jump in here as he always has something negative to say about Norton :D.
 
whitewolf said:
The FIRST thing you should do is GOOGLE the virus name. Norton probably has something on it also.

Then you can find out what you are up against and possibly some ways to ward it off.

BTW, The poster who told you to get rid of Norton and go get some free anti-virus protection IS FULL OF CRAP! as you will need not just an anti-virus but a full blown product, especially with a firewall I like Norton 360 - be sure you have the latest version/engine - by that I mean that you don't want a Norton 2009 running your show.

Okay, it is time for DaveK to jump in here as he always has something negative to say about Norton :D.
Click to expand...

From the Symantic website:

HTTP Zombie Exploit Toolkit Request
Severity: HighThis attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.DescriptionThis signature detect attempts to download exploits from a malicious toolkit which may compromise a computer through various vendor vulnerabilities.Additional InformationThis signature detect attempts to download exploits from a malicious toolkit which may compromise a computer through various vendor vulnerabilities.AffectedVarious
ResponseThe following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan.
4. Delete any values added to the registry.
5. Extract and restore Windows files.
 
Also, if you are willing to wait, give Norton tech support a call and they can help you clean it off.
 
I am researching the problem now. I am seeing some reports today of this being a problem with Norton and not a real issue.

But the analyst I chatted with at Symantec (makers of Norton) says he doesn't know about any issues.

Still searching.

Can anyone shed any more light on this for me since I am on a Mac and don't see the issue.

Does it happen only on the forums? Every page or just certain pages?

Mike
 
I've logged in today on both a Mac and my PC.. For about 10 minutes this morning, the forum would not load but has been fine ever since.

Personally have had not any virus alerts but I'm running McAfee on the PC, nothing needed on the Mac..
 
Admin-

Me too re Norton message re zombie toolkit attack. My message says the attacking computer is my own laptop.?????

When I logged on-front page AZB pictures/stories(Daz-etc) wouldn't load but forums came up OK. Several refreshes= same including new attack notification from Norton. Then couple minutes ago-backed out-went back to AZB-front page loaded fine.???

I don't understand this stuff. That's why I have Norton.

Note: For weeks Azb has loaded and navigated within it sloooooooow for me despite constant refreshing and diagnosing my dsl/laptop.
 
As for the forums being down, we are looking into different hosting again.

I set up an account at norton websafe and they show no problems. There does appear to be an issue with Norton today though.

Still going to keep an eye on things.

Mike
 
The "attack from your own machine" is what people are reporting all across the net. That appears to be a Norton issue.

http://community.norton.com/t5/Norton-Internet-Security-Norton/HTTP-Zombie-Tool-Exploit/m-p/377680

Mike

3RAILKICK said:
Admin-

Me too re Norton message re zombie toolkit attack. My message says the attacking computer is my own laptop.?????

When I logged on-front page AZB pictures/stories(Daz-etc) wouldn't load but forums came up OK. Several refreshes= same including new attack notification from Norton. Then couple minutes ago-backed out-went back to AZB-front page loaded fine.???

I don't understand this stuff. That's why I have Norton.

Note: For weeks Azb has loaded and navigated within it sloooooooow for me despite constant refreshing and diagnosing my dsl/laptop.
Click to expand...
 
Me too, the Norton message...I've been staying away from the AZ home page.

Can somebody post when/if it's been cleaned up?
 
I work on computers, frequently cleaning up malware and virus files. Norton may not be crap, but I would agree that is isn't very good at doing what is intended. This "issue" is likely bogus. It's been my experience that Avira AntiVir and free AVG do just as well if combined with a bit of conservatism in one's browsing habits.

No anti-virus, anti-malware program can prevent you from opening the gate to stream of malware infesting your computer.

I strongly recommend using MalwareBytes Anti-Malware ( http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html ) and do routine full system scans. ALWAYS UPDATE the program before running scans, the database is updated several times daily.
 
Head in the sand concerning Macs and "lack of need" for antivirus/antimalware

MOJOE said:
I've logged in today on both a Mac and my PC.. For about 10 minutes this morning, the forum would not load but has been fine ever since.

Personally have had not any virus alerts but I'm running McAfee on the PC, nothing needed on the Mac..
Click to expand...

And that is one of the BIGGEST misconceptions that Apple's marketing department (in their "Mac versus PC" commercials) has foisted upon their poor user base. Just because it's a Mac does NOT mean it's "immune" to virii, Trojan Horses, bots, adware, spyware, and other forms of malware. Let's not forget the world's very first computer virus (one that actually spread in the wild, versus written in the lab but never went anywhere) was written for Apple personal computers, not IBM PCs. It was called "Elk Cloner" and was written for the Apple II. It was indeed the world's very first virus that actually spread in the wild.

Just because Apple switched from their spaghetti-code MacOS 9 to the UNIX-kernel-based MacOS X (the "X" means "10", btw, not "exx"), doesn't mean that it's "immune" to mal-intentioned code. A UNIX kernel does not shield it from mal-intentioned software; only from poorly-written software. (And just because something's a virus, doesn't mean it's poorly written -- yes, many of the PC virii are poorly written / kiddie-scripted, but there are also some wickedly genius ones written as well.)

Those that believe things like "nothing needed on the Mac" (antivirus-/antimalware-wise) will have a RUDE awakening very soon, when they do get infected. There are plenty of MacOS X virii out there, and they are quite nasty -- even more nasty than the hastily-written (and kiddie-scripted) PC virii. The fact that the Mac tends to shield its inner workings under a graphic user interface also tends to make hiding mal-written code much easier than on a PC.

So for those that think you don't need an antivirus/antimalware program on your Mac, you better wake up now and install one. Or your "wake up" process in the very near future will be a RUDE one!

Just a cordial FYI from your friendly neighborhood multi-platform information security specialist,
-Sean
 
You must log in or register to reply here.
Back
Top