Worms

Just an FYI. This may get pulled but I am going to state it anyway. This forum is open, very open, it leaves alot of things open for those that want to do harm. Your email address is openly accessible and your IP address is shown. This allows many people to do harm if you are not prepared.

I just had a bout with a worm...Worm_Sirc32 or Worm_Sircam32 also know as W32.Sircam.Worm...the removal tool for this can be found at the Norton/Symantec website:
http://www.symantec.com/avcenter/venc/data/[email protected]

I knew this wouldnt be interesting to most but if you have broadband access please be aware of what can happen. I normally have things secure but as a favor to the IT tech here (since I have cable at home), I was using his equipment to setup a home network with shared internet access. My system couldnt have been open an hour and I was hit with NOT 1 but 2 trojan/worms.

I have my desktop up and going again but my old faithful IBM laptop hasnt done so well. It never got net access but did get the worm/trojans. Its stuck in limbo right now, will run in safe mode but cant get a window screen to load. Eventually I will figure it out.

Just passing the info along because it can happen to anyone at anytime.

Ron,

Just the reason why I will not access this forum from my home machine, I will only use my works network PC to access forums. Had the same sort of problem before with my home machine while in a 'forum'. As the saying goes, once bitten twice shy!

Paul

I have often had hacking attempts while browsing these forums and I cannot be sure if it is someone on here or just coincidence. I suspect coincidence. It is usually people using IP scanners and trying to make a connection.
I use a program called protectX. It stops any unauthorised connections being made and warns you that a connection attempt is going on. It bars any connections and looks up the scanners IP address, often returning an e mail address to complain to.
So far, no one has ever got in my pc. I highly recommend this program.

Also, make sure you have all the latest windows upgrade patches, these are usually vunerability to hacking patches.

A program called zone alarm is very similar too.

Be protected.

PS:

and wouldnt you just know, I have had an attempted hack while writing this. here is the actual log from protectX

Connection Attempted On Port 1243
Monday, July 08, 2002 06:19:44 PM escription Of This Port: Subseven
Monday, July 08, 2002 06:19:44 PM :Malicious Users IP: 213.122.172.200
Monday, July 08, 2002 06:19:44 PM :Refusing Connection...
Monday, July 08, 2002 06:19:44 PM one
Monday, July 08, 2002 06:19:44 PM :Re-Initialising Socket
Monday, July 08, 2002 06:19:44 PM one
Monday, July 08, 2002 06:19:44 PM :
Resolve DNS Started
Monday, July 08, 2002 06:19:44 PM :213.122.172.200 Resolves to host213-122-172-200.in-addr.btopenworld.com
Monday, July 08, 2002 06:19:44 PM :Resolve DNS Complete
Monday, July 08, 2002 06:19:44 PM :
Ping Started
Monday, July 08, 2002 06:19:44 PM inging Host: 213.122.172.200 ...
Monday, July 08, 2002 06:19:45 PM ing Complete... Milliseconds: 339
Monday, July 08, 2002 06:19:45 PM ing Completed
Monday, July 08, 2002 06:19:45 PM :
Whois Results For 213.122.172.200 Started

Monday, July 08, 2002 06:19:45 PM :----Connected Attempt Ended----
Monday, July 08, 2002 06:19:46 PM :Whois results...:

How to use the APNIC Whois Database www.apnic.net/db/
Upgrade to Whois v3 on 20 August 2002 www.apnic.net/whois-v3
Whois data copyright terms www.apnic.net/db/dbcopyright.html

Monday, July 08, 2002 06:19:46 PM :Whois results...:

inetnum: 213.0.0.0 - 213.255.255.255
netname: IANA-NETBLOCK-213
descr: This network range is not allocated to APNIC.
descr:
descr: If your whois search has returned this message, then you have
descr: searched the APNIC whois database for an address that is
descr: allocated by another Regional Internet Registry (RIR).
descr:
descr: Please search the other RIRs at whois.arin.net or whois.ripe.net
descr: for more information about that range.
country: AU
admin-c: IANA1-AP
tech-c: IANA1-AP
remarks: For general info on spam complaints email [email protected].
remarks: For general info on hacking & abuse complaints email [email protected].
mnt-by: MAINT-APNIC-AP
mnt-lower: MAINT-APNIC-AP
changed: [email protected] 20020530
source: APNIC

role: Internet Assigned Numbers Authority
address: see http://www.iana.org.
e-mail: [email protected]
admin-c: IANA1-AP
tech-c: IANA1-AP
nic-hdl: IANA1-AP
remarks: For more information on IANA services
remarks: go to IANA web site at http://www.iana.org.
mnt-by: MAINT-APNIC-AP
changed: [email protected] 20020530
source: APNIC



Monday, July 08, 2002 06:19:47 PM :Whois results...:
This is the RIPE Whois server.
The objects are in RPSL format.
Please visit http://www.ripe.net/rpsl for more information.

Monday, July 08, 2002 06:19:47 PM :Whois results...:
Rights restricted by copyright.
See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum: 213.122.0.0 - 213.122.255.255
netname: BT-IMSNET
descr: BT-IMSNET
country: GB
admin-c: BS1474-RIPE
tech-c: BS1474-RIPE
status: ASSIGNED PA
remarks: Please send abuse notification to [email protected]
mnt-by: BTNET-MNT
changed: [email protected] 20000711
changed: [email protected] 20010523
changed: [email protected] 20010628
source: RIPE

route: 213.120.0.0/14
descr: BT Public Internet Service
origin: AS2856
remarks: Please send abuse notification to [email protected]
remarks: PLEASE DIRECT ALL QUERIES TO [email protected]
mnt-by: BTNET-MNT
changed: [email protected] 20000607
source: RIPE

role: BTnet Support
address: 154 St Albans Rd
address: Sandridge
address: St Albans
address: Hertfordshire
address: AL4 9NH
address: GB
phone: +44 1189 512313
e-mail: [email protected]
trouble: [email protected]
admin-c: FLS15-RIPE
tech-c: BS1474-RIPE
nic-hdl: BS1474-RIPE
remarks: For all queries contact [email protected]
mnt-by: BTNET-MNT
changed: [email protected] 20010613
changed: [email protected] 20011112
changed: [email protected] 20020430
source: RIPE



Monday, July 08, 2002 06:19:49 PM :Whois results...:
route: 213.120.0.0/14
descr: BT Public Internet Service
origin: AS2856
remarks: Please send abuse notification to [email protected]
remarks: PLEASE DIRECT ALL QUERIES TO [email protected]
mnt-by: BTNET-MNT
changed: [email protected] 20000607
source: RIPE

Monday, July 08, 2002 06:19:49 PM :Whois results...:
European Regional Internet Registry/RIPE NCC
Monday, July 08, 2002 06:19:50 PM :Whois results...:
(NETBLK-213-RIPE)
These addresses have been further assigned to European users.
Contact info can be found in the RIPE database, via the
WHOIS and TELNET servers at whois.ripe.net, and at
http://www.ripe.net/perl/whois/
NL

Netname: RIPE-213
Netblock: 213.0.0.0 - 213.255.255.255
Maintainer: RIPE

Coordinator:
Reseaux IP European Network Co-ordination Centre Singel 258 (RIPE-NCC-ARIN) [email protected]
+31 20 535 4444

Domain System inverse mapping provided by:

NS.RIPE.NET 193.0.0.193
AUTH00.NS.UU.NET 198.6.1.65
NS3.NIC.FR 192.134.0.49
SUNIC.SUNET.SE 192.36.125.2
MUNNARI.OZ.AU 128.250.1.21
NS.APNIC.NET 203.37.255.97
SVC00.APNIC.NET 202.12.28.131

Record last updated on 08-Apr-1999.
Database last updated on 7-Jul-2002 20:00:15 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.

Monday, July 08, 2002 06:19:50 PM :Whois Results For 213.122.172.200 Completed

Go to a website called http://www.grc.com
He has a service called chields up! that checks your machine's vulnerabilities. Also some really cool stories about DDOS attacks.

My NAT router at home seems to keep most of them out. I really like Zone Alarm as is alerts you to outgoing traffic. Good for spyware, not just trojans.