Rob Murray Posted March 21, 2005 Share Posted March 21, 2005 Yesterday I went to CMMODS & Norton Antivirus alerted me to a threat. This the threat alert that I received "Default Block Netbus Trojan horse blocked". I was just there a few minutes ago & got the same warning. Has CMMODS been compromised? I asking because I'd like to know if anyone else has encountered this. I've got Norton Antivirus 2005 with all available updates & I'm using the Internet Worm Protection supplied with it as my firewall (apparently the built-in Windows XP Firewall & Norton's firewall don't "play together nicely" so I turned off the Windows firewall). [ March 21, 2005, 01:42 PM: Message edited by: Rob Murray ] 0 Quote Link to comment Share on other sites More sharing options...
Richie Posted March 21, 2005 Share Posted March 21, 2005 I wouldn't be turning off the XP firewall... that's scarey 0 Quote Link to comment Share on other sites More sharing options...
Larry Thorne Posted March 21, 2005 Share Posted March 21, 2005 XP firewall bugs out the distributed firewall and pings it again and again making the connection slower (atleast that happened to me and my 2mb cable connection). If the Norton firewall works fine definetly turn off the Windows firewall. Solved many of my problems and I have not had or got a single virus so far. But as I am no xpert abot the norton program you might wanna check things out before paying too much attention to what I am saying -LT EDIT to Add. Dowloaded fromcmmods. didn´t find anything corrupted from those files atleast [ March 21, 2005, 03:54 PM: Message edited by: Larry Thorne ] 0 Quote Link to comment Share on other sites More sharing options...
GreenAsJade Posted March 22, 2005 Share Posted March 22, 2005 Was this on arrival at CMMODs or when download a specific file? If the latter, which file? I have various PCs and laptops with different firewall configurations, and none have every complained about CMMODs GaJ. 0 Quote Link to comment Share on other sites More sharing options...
Malakovski Posted March 22, 2005 Share Posted March 22, 2005 Did your firewall give you an IP address for the threat? It's always possible that it was coincidental and not coming from CMMODS, especially if no one else is experiencing the problem. Comparing IPs might rule CMMODS out as the culprit entirely... 0 Quote Link to comment Share on other sites More sharing options...
Captain Pies Posted March 22, 2005 Share Posted March 22, 2005 IIRC on the Symantec support site for Norton Personal Firewall it specifically tells you to disable the XP firewall. 0 Quote Link to comment Share on other sites More sharing options...
Rob Murray Posted March 22, 2005 Author Share Posted March 22, 2005 This is what the alert report said, exactly: Details: Rule "Default Netbus Trojan horse" blocked (172.161.56.88,NetBus(12345) Inbound TCP connection. Local address, service is(172.161.56.88,NetBus(12345)) Remote address, service is (172.161.56.88,3110). Process name is "N/A". Norton alerted on both visits to CMMODS about 30 seconds to 1 minute after I'd logged in. I'm not complaining about CMMODS. It's just that this has never happened before in all of my visits there. 0 Quote Link to comment Share on other sites More sharing options...
GreenAsJade Posted March 22, 2005 Share Posted March 22, 2005 172.161.56.88 is not CMMODS. From here that host appears to have a host name of ACA13858.ipt.aol.com CMMODS is 64.233.222.42 A completely novice interpretation of this is that this other host is trying to attack you, maybe using your connection to CMMODs as the attack point. It's really great that you've alerted us to this: it could have been (still could be?) something that we are all vulnerable to. However in this case it seems to be something picking on just you GaJ. 0 Quote Link to comment Share on other sites More sharing options...
Rob Murray Posted March 22, 2005 Author Share Posted March 22, 2005 I just switched to Internet Explorer as my browser (from AOL) & went to CMMODS now, logged in & wasn't alerted. I "upgraded" to AOL 9.0a from 9.0 last week. I ended up having remove a bunch of "handy-dandy" useless crap that AOL had installed (ie. toolbar, music service downloader, etc.) You're not given the option of not installing what you don't want - everything on the disk is installed by default. Let's just say that I'm not too pleased with AOL :mad: ! 0 Quote Link to comment Share on other sites More sharing options...
Soddball Posted March 22, 2005 Share Posted March 22, 2005 Tee hee! Mozilla Firefox is your friend. You can feel it calling. Come to Firefox. 0 Quote Link to comment Share on other sites More sharing options...
Malakovski Posted March 22, 2005 Share Posted March 22, 2005 Originally posted by GreenAsJade: A completely novice interpretation of this is that this other host is trying to attack you, maybe using your connection to CMMODs as the attack point. Yes, and probably no. If it didn't come from CMMODS IP, it didn't come from CMMODS, and although something is trying to get into your computer and cause trouble (possibly), your firewall is doing its job and you don't need to wory about that particular form of attack. It is probably just coincidence that he went to CMMODS at the moment the message appeared. 0 Quote Link to comment Share on other sites More sharing options...
GreenAsJade Posted March 22, 2005 Share Posted March 22, 2005 It was only the fact that this occured on two visits to CMMODs (and presumably no other time) that made me think this connection might be somehow connected with the attack. OTOH, if CMMODs is the only place he goes (what else is there, apart from here?) then this is less of a strong connection 0 Quote Link to comment Share on other sites More sharing options...
tar Posted March 23, 2005 Share Posted March 23, 2005 Unless this is some sort of proxy feature or download accelerator that AOL is inserting into the pipeline. Since it seems you are an AOL subscriber and the origin of the connection attempt appears to be an AOL site, I would expect that it could be some sort of caching or proxy system. 0 Quote Link to comment Share on other sites More sharing options...
tar Posted March 23, 2005 Share Posted March 23, 2005 Or course, it could also be someone's compromised host with an AOL address that is trying to attack as well. One of the joys of Mac ownership is a much, much smaller market share of the Malware market. [Knock wood]] 0 Quote Link to comment Share on other sites More sharing options...
Rob Murray Posted March 24, 2005 Author Share Posted March 24, 2005 Well as long as Norton is keeping whomever/whatever(?) out that's all that I care about. It has to be something to do with AOL because it's tried to attack several times now right after I've signed on. Now it's something called a UDP packet that they're trying to install. Fortunately Norton won't let them. I know this isn't CM related but I thought I let people know what's going on (in case anyone else is using AOL as well). Ever since I "upgraded" to AOL 9.0a last week it's been nothing but trouble! :mad: I tried to contact their online "help" desk regarding this & got nowhere real fast. I don't think switching to Mozilla Firefox as a browser would do any good in my case as I have to use AOL to connect. Nice eh, being at war with an invisble enemy. I wish I could send something really nasty back! [ March 24, 2005, 11:54 AM: Message edited by: Rob Murray ] 0 Quote Link to comment Share on other sites More sharing options...
Sanok Posted March 24, 2005 Share Posted March 24, 2005 Originally posted by Rob Murray: so I turned off the Windows firewall). Rob, how does one turn off the Windows XP firewall? I prefer to use something different. Thanks. 0 Quote Link to comment Share on other sites More sharing options...
junk2drive Posted March 24, 2005 Share Posted March 24, 2005 Go to start, then control panel, then Windows Firewall icon. 0 Quote Link to comment Share on other sites More sharing options...
ColumbusOHGamer Posted April 1, 2005 Share Posted April 1, 2005 Originally posted by Rob Murray: Yesterday I went to CMMODS & Norton Antivirus alerted me to a threat. This the threat alert that I received "Default Block Netbus Trojan horse blocked". I was just there a few minutes ago & got the same warning. Has CMMODS been compromised? I asking because I'd like to know if anyone else has encountered this. I've got Norton Antivirus 2005 with all available updates & I'm using the Internet Worm Protection supplied with it as my firewall (apparently the built-in Windows XP Firewall & Norton's firewall don't "play together nicely" so I turned off the Windows firewall). It's not cmmods.com. If I were a betting man, which I am, I'd say you already have the virus and Norton stopped it from connecting to a pirate website. My second guess would be some weird combo of spyware and virii... but I can promise it's not cmmods. My website is a Lotus Domino server running Red Hat Linux. There are no virii on Red Hat or Domino. Thanks. COG 0 Quote Link to comment Share on other sites More sharing options...
Rob Murray Posted April 1, 2005 Author Share Posted April 1, 2005 I've scanned repeatedly with Norton ( using the highest Bloodhound settings & come up empty handed, ie. no threats detected ). I also use Stinger, Spybot S&D & Ad-Aware as well. I don't know what's going on. I wasn't trying to blame CMMODS. I just brought it up as it had never happened before. 0 Quote Link to comment Share on other sites More sharing options...
dieseltaylor Posted April 4, 2005 Share Posted April 4, 2005 I have steered clear of AOL since the nasties of there own system a decade ago. I tend to think of AOL as the " happy ground" for noobies and if I was of the mind to hack I would go after them. I find it hard to believe the way they [aol] market that it does not have a high percentage of the innocent.. 0 Quote Link to comment Share on other sites More sharing options...
Rob Murray Posted April 4, 2005 Author Share Posted April 4, 2005 The only reason that I've stayed with AOL this long (2 1/2 years) is the price ($18.50/month - unlimited). I'm well aware of how sh**ty their service is. I'd switch to cable but I'm saving my pennies for some more RAM (I have 512 now & I want to get another 256 stick). 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.