Malware Attacking Your Router?

[~BD~]

"Peter Foldes" <okf22@hotmail.com> wrote in message
news:u2lI$o90IHA.800@TK2MSFTNGP02.phx.gbl...
See if this will help you understand Dave
http://www.blakjak.demon.co.uk/mul_crss.htm
--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.



Hello Peter Foldes!

Thank you for trying to help. I'm afraid, though, that when I copy and paste
the link you provided into either IE7 or my AOL browser, the page cannot be
found.

I'd be interested to know whether or not the link (when copied/pasted) works
for anyone else. Please advise. TIA.

Should I simply click on the link ............ and go wherever it may take
me? Hmmmm (stroking chin!)

Dave

 

[~BD~]

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:6EB2935C-B3C7-42F9-A914-ABF91E226C67@microsoft.com...
> "~BD~" <~BD~@nospam.invalid> wrote in message
> news:%23FFMn280IHA.5832@TK2MSFTNGP02.phx.gbl...
>>
>> "jen" <jen@example.com> wrote in message
>> news:OCkOkF80IHA.5944@TK2MSFTNGP04.phx.gbl...
>>> "Leythos" <void@nowhere.lan> wrote in message
>>> news:1213995318_86351@news.usenet.com...
>>>> In article <eTtSYAw0IHA.4004@TK2MSFTNGP03.phx.gbl>, ~BD~@nospam.invalid
>>>> says...[clueless snip restored]:
>>>
>>> "Instead of installing malware that continues to run like a key logger
>>> or
>>> trojan, malicious programs are increasingly attacking the network router
>>> which is common with any internet connected home and/or office. An
>>> unwanted
>>> program can quickly make a change to your router settings that will
>>> immediately open all your computers to the world. The bad guys won't
>>> have to
>>> install a key logger, they'll be able to record every byte that goes
>>> across
>>> your network. It's happening now to thousands of routers which are still
>>> using their default name and password."
>>>
>>> So begins a recent item by Bill Pytlovany. Full detail here:-
>>> http://billpstudios.blogspot.com/2008/06/malware-attacking-your-router.html
>>>
>>> Comments invited here!
>>>
>>> Dave
>>>
>>>> Try posting to usenet for a few years before spamming Usenet.
>>>
>>> LOL! If you are so Usenet savvy, how come you don't know this is
>>> "Boater Dave", is *not* spam(look up the definition) and don't seem to
>>> even know who the author of the Blog is? I've *very rarely* seen you
>>> post *anything* helpful or relevant, preferring instead to post your
>>> "rebuttals" (pun intended) to PCButts1's posts ad nauseum...
>>> Get a clue!
>>>
>>> HTH,
>>> -jen
>>
>> Thank you for responding in this maner 'jen'. Everything I've ever seen
>> *you* post has been helpful and relevant ....... and I hope, by now, you
>> know that BoaterDave (yes, me!) wants nothing more than the bad guys hung
>> out to dry. I'd be grateful if you would take a look at the response to
>> my post (identical) placed in 'microsoft.public.security.homeusers' - the
>> reply is from Kerry Brown (aka TechB) who *doesn't* seem to think this a
>> serious threat. Perhaps you could respond in each group thereafter.
>>
>> TIA
>>
>> Dave
>>
>
>
> If you wish to reply to me please do so in person. Read my post again. I
> do take this threat seriously. What the threat can do has been exaggerated
> in the blog you posted a link to. The seriousness of the threat is not in
> question. I've been warning people about this for quite a while.
>
> --
> Kerry Brown
> MS-MVP - Windows Desktop Experience: Systems Administration
> http://www.vistahelp.ca/phpBB2/
>
>

Hello Kerry Brown/TechB!

You mentioned "They could redirect you to sites ....... "

Indeed - it appears that might well happen! You mention spyware, but I
suspect that one might be sent to URL's which will download *malware*
surrepticiously onto one's computer without the knowledge of the user. I
fully appreciate that the appropriation of a router does not itself load
malware onto a computer, but there is only one more step required to ensnare
the associated machines!

I'm pleased that you dropped by here. I was just about to reply to you in
the 'homeusers' group to tell you that I was involved in discussion here. I
am delighted to learn that you agree that the threat is real ........ and
very dangerous!

What is needed is some simple indication that a router *has* actually been
compromised - so that a user may take steps to format/reinstall their
operating system(s) and start afresh!

Any ideas on how one might be able to tell if a router has been 'got at'?

I suspect there is no such indicator!

Dave

 

[Kerry Brown]

"~BD~" <~BD~@nospam.invalid> wrote in message
news:ukg00d%230IHA.3920@TK2MSFTNGP02.phx.gbl...
>
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:6EB2935C-B3C7-42F9-A914-ABF91E226C67@microsoft.com...
>> "~BD~" <~BD~@nospam.invalid> wrote in message
>> news:%23FFMn280IHA.5832@TK2MSFTNGP02.phx.gbl...
>>>
>>> "jen" <jen@example.com> wrote in message
>>> news:OCkOkF80IHA.5944@TK2MSFTNGP04.phx.gbl...
>>>> "Leythos" <void@nowhere.lan> wrote in message
>>>> news:1213995318_86351@news.usenet.com...
>>>>> In article <eTtSYAw0IHA.4004@TK2MSFTNGP03.phx.gbl>,
>>>>> ~BD~@nospam.invalid
>>>>> says...[clueless snip restored]:
>>>>
>>>> "Instead of installing malware that continues to run like a key logger
>>>> or
>>>> trojan, malicious programs are increasingly attacking the network
>>>> router
>>>> which is common with any internet connected home and/or office. An
>>>> unwanted
>>>> program can quickly make a change to your router settings that will
>>>> immediately open all your computers to the world. The bad guys won't
>>>> have to
>>>> install a key logger, they'll be able to record every byte that goes
>>>> across
>>>> your network. It's happening now to thousands of routers which are
>>>> still
>>>> using their default name and password."
>>>>
>>>> So begins a recent item by Bill Pytlovany. Full detail here:-
>>>> http://billpstudios.blogspot.com/2008/06/malware-attacking-your-router.html
>>>>
>>>> Comments invited here!
>>>>
>>>> Dave
>>>>
>>>>> Try posting to usenet for a few years before spamming Usenet.
>>>>
>>>> LOL! If you are so Usenet savvy, how come you don't know this is
>>>> "Boater Dave", is *not* spam(look up the definition) and don't seem to
>>>> even know who the author of the Blog is? I've *very rarely* seen you
>>>> post *anything* helpful or relevant, preferring instead to post your
>>>> "rebuttals" (pun intended) to PCButts1's posts ad nauseum...
>>>> Get a clue!
>>>>
>>>> HTH,
>>>> -jen
>>>
>>> Thank you for responding in this maner 'jen'. Everything I've ever seen
>>> *you* post has been helpful and relevant ....... and I hope, by now, you
>>> know that BoaterDave (yes, me!) wants nothing more than the bad guys
>>> hung out to dry. I'd be grateful if you would take a look at the
>>> response to my post (identical) placed in
>>> 'microsoft.public.security.homeusers' - the reply is from Kerry Brown
>>> (aka TechB) who *doesn't* seem to think this a serious threat. Perhaps
>>> you could respond in each group thereafter.
>>>
>>> TIA
>>>
>>> Dave
>>>
>>
>>
>> If you wish to reply to me please do so in person. Read my post again. I
>> do take this threat seriously. What the threat can do has been
>> exaggerated in the blog you posted a link to. The seriousness of the
>> threat is not in question. I've been warning people about this for quite
>> a while.
>>
>> --
>> Kerry Brown
>> MS-MVP - Windows Desktop Experience: Systems Administration
>> http://www.vistahelp.ca/phpBB2/
>>
>>
>
> Hello Kerry Brown/TechB!
>
> You mentioned "They could redirect you to sites ....... "
>
> Indeed - it appears that might well happen! You mention spyware, but I
> suspect that one might be sent to URL's which will download *malware*
> surrepticiously onto one's computer without the knowledge of the user. I
> fully appreciate that the appropriation of a router does not itself load
> malware onto a computer, but there is only one more step required to
> ensnare the associated machines!
>

When they have enough control to compromise your router they could just as
easily have installed malware on your computer if they wanted to. Changing
the DNS settings on your router indicates they probably have other things in
mind. They could redirect you to a fake bank site for instance.

> I'm pleased that you dropped by here. I was just about to reply to you in
> the 'homeusers' group to tell you that I was involved in discussion here.
> I am delighted to learn that you agree that the threat is real ........
> and very dangerous!
>
> What is needed is some simple indication that a router *has* actually been
> compromised - so that a user may take steps to format/reinstall their
> operating system(s) and start afresh!
>
> Any ideas on how one might be able to tell if a router has been 'got at'?
>
> I suspect there is no such indicator!
>

It's quite easy to tell if a router has been compromised. Check which DNS
servers the router is using. If they aren't from your ISP the router has
been compromised. Formatting or reinstalling your OS would have no affect at
all on this. The wrong DNS settings would still exist in your router.
Flashing the router's firmware then setting a strong password and disabling
uPnP are the steps to take to correct the problem. If you think they
redirected you to a bad site that installed malware then yes, to fix that
you may need to format and reinstall the OS.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/

 

[xoactivity@gmail.com]

On Jun 21, 7:01�pm, "Kerry Brown" <ke...@kdbNOSPAMsys-tems.c*a*m>
wrote:
> "~BD~" <~...@nospam.invalid> wrote in message
>
> news:ukg00d%230IHA.3920@TK2MSFTNGP02.phx.gbl...
>
>
>
>
>
>
>
> > "Kerry Brown" <ke...@kdbNOSPAMsys-tems.c*a*m> wrote in message
> >news:6EB2935C-B3C7-42F9-A914-ABF91E226C67@microsoft.com...
> >> "~BD~" <~...@nospam.invalid> wrote in message
> >>news:%23FFMn280IHA.5832@TK2MSFTNGP02.phx.gbl...
>
> >>> "jen" <j...@example.com> wrote in message
> >>>news:OCkOkF80IHA.5944@TK2MSFTNGP04.phx.gbl...
> >>>> "Leythos" <v...@nowhere.lan> wrote in message
> >>>>news:1213995318_86351@news.usenet.com...
> >>>>> In article <eTtSYAw0IHA.4...@TK2MSFTNGP03.phx.gbl>,
> >>>>> ~...@nospam.invalid
> >>>>> says...[clueless snip restored]:
>
> >>>> "Instead of installing malware that continues to run like a key logger
> >>>> or
> >>>> trojan, malicious programs are increasingly attacking the network
> >>>> router
> >>>> which is common with any internet connected home and/or office. An
> >>>> unwanted
> >>>> program can quickly make a change to your router settings that will
> >>>> immediately open all your computers to the world. The bad guys won't
> >>>> have to
> >>>> install a key logger, they'll be able to record every byte that goes
> >>>> across
> >>>> your network. It's happening now to thousands of routers which are
> >>>> still
> >>>> using their default name and password."
>
> >>>> So begins a recent item by Bill Pytlovany. Full detail here:-
> >>>>http://billpstudios.blogspot.com/2008/06/malware-attacking-your-route....
>
> >>>> Comments invited here!
>
> >>>> Dave
>
> >>>>> Try posting to usenet for a few years before spamming Usenet.
>
> >>>> LOL! �If you are so Usenet savvy, how come you don't know this is
> >>>> "Boater Dave", is *not* spam(look up the definition) and don't seem to
> >>>> even know who the author of the Blog is? �I've *very rarely* seen you
> >>>> post *anything* helpful or relevant, preferring instead to post your
> >>>> "rebuttals" (pun intended) to PCButts1's posts ad nauseum...
> >>>> Get a clue!
>
> >>>> HTH,
> >>>> -jen
>
> >>> Thank you for responding in this maner 'jen'. Everything I've ever seen
> >>> *you* post has been helpful and relevant ....... and I hope, by now, you
> >>> know that BoaterDave (yes, me!) wants nothing more than the bad guys
> >>> hung out to dry. I'd be grateful if you would take a look at the
> >>> response to my post (identical) placed in
> >>> 'microsoft.public.security.homeusers' - the reply is from Kerry Brown
> >>> (aka TechB) who *doesn't* seem to think this a serious threat. Perhaps
> >>> you could respond in each group thereafter.
>
> >>> TIA
>
> >>> Dave
>
> >> If you wish to reply to me please do so in person. Read my post again. I
> >> do take this threat seriously. What the threat can do has been
> >> exaggerated in the blog you posted a link to. The seriousness of the
> >> threat is not in question. I've been warning people about this for quite
> >> a while.
>
> >> --
> >> Kerry Brown
> >> MS-MVP - Windows Desktop Experience: Systems Administration
> >>http://www.vistahelp.ca/phpBB2/
>
> > Hello Kerry Brown/TechB!
>
> > You mentioned "They could redirect you to sites ....... "
>
> > Indeed - it appears that might well happen! You mention spyware, but I
> > suspect that one might be sent to URL's which will download *malware*
> > surrepticiously onto one's computer without the knowledge of the user. I
> > fully appreciate that the appropriation of a router does not itself load
> > malware onto a computer, but there is only one more step required to
> > ensnare the associated machines!
>
> When they have enough control to compromise your router they could just as
> easily have installed malware on your computer if they wanted to. Changing
> the DNS settings on your router indicates they probably have other things in
> mind. They could redirect you to a fake bank site for instance.
>
> > I'm pleased that you dropped by here. I was just about to reply to you in
> > the 'homeusers' group to tell you that I was involved in discussion here.
> > I am delighted to learn that you agree that the threat is real ........
> > and very dangerous!
>
> > What is needed is some simple indication that a router *has* actually been
> > compromised - so that a user may take steps to format/reinstall their
> > operating system(s) and start afresh!
>
> > Any ideas on how one might be able to tell if a router has been 'got at'?
>
> > I suspect there is no such indicator!
>
> It's quite easy to tell if a router has been compromised. Check which DNS
> servers the router is using. If they aren't from your ISP the router has
> been compromised. Formatting or reinstalling your OS would have no affect at
> all on this. The wrong DNS settings would still exist in your router.
> Flashing the router's firmware then setting a strong password and disabling
> uPnP are the steps to take to correct the problem. If you think they
> redirected you to a bad site that installed malware then yes, to fix that
> you may need to format and reinstall the OS.
>
> --
> Kerry Brown
> MS-MVP - Windows Desktop Experience: Systems Administrationhttp://www.vistahelp.ca/phpBB2/- Hide quoted text -
>
> - Show quoted text -


While I fear that commenting may cause more suspicious views I wanted
to confirm a few things.

I don't think I know Dave but I certainly didn't ask him to post a
link to my blog.
I do appreciate that Dave thought my topic earlier this week was worth
discussing. Thanks Dave
I certainly understand how messages could be viewed as spam which is I
why if you search you won't find any posts promoting my blog or
WinPatrol which might appear to be spam.

I think anyone who knows me will confirm I'm one of the most reputable
people you'll meet online. Perhaps not the most modest.
The only reason I found this post is because I have Google Alerts set
up to Email me any mentions of WinPatrol.
I appreciate Kerry's adding the discussion with valuable tip. The only
real tip in my blog post was that people need to change their d*mn
default password.

Lastly, my BitsfromBill blog is non-commercial with the exception of
news about WinPatrol. WinPatrol is free and essentially supported by
the 1% of our users who do upgrade to the paid version.

Thanks,
Bill Pytlovany
BillP Studios

 

[Kerry Brown]

>
> While I fear that commenting may cause more suspicious views I wanted to
> confirm a few things.
>
> I don't think I know Dave but I certainly didn't ask him to post a link
> to my blog.
> I do appreciate that Dave thought my topic earlier this week was worth
> discussing. Thanks Dave
> I certainly understand how messages could be viewed as spam which is I
> why if you search you won't find any posts promoting my blog or
> WinPatrol which might appear to be spam.
>
> I think anyone who knows me will confirm I'm one of the most reputable
> people you'll meet online. Perhaps not the most modest. The only reason
> I found this post is because I have Google Alerts set up to Email me any
> mentions of WinPatrol. I appreciate Kerry's adding the discussion with
> valuable tip. The only real tip in my blog post was that people need to
> change their d*mn default password.
>
> Lastly, my BitsfromBill blog is non-commercial with the exception of
> news about WinPatrol. WinPatrol is free and essentially supported by
> the 1% of our users who do upgrade to the paid version.
>

I occasionally read your blog. I have a lot of respect for it and you.
While some may have thought Dave was spamming, I am not one of them. Dave
is overly focused on conspiracies. He has been known to post links to
blogs or forum posts then extrapolate things I'm sure the author never
intended.

I am of the belief that compromising routers is a very serious issue,
possibly one of the most serious we face when surfing the Internet.
Changing DNS settings allows criminals to do some very sophisticated
things that most users would have a very hard time detecting. It also is
OS agnostic as there is no infection of the computer. Fortunately the
current attacks are easily defeated but the user has to take action to do
this. Blogs like yours help to get the word out so people will take the
needed steps to protect themselves.

I still think the blog post overstated what they can do, but the fact
that the blog brings attention to this issue can only result in good.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/

 

[~BD~]

<xoactivity@gmail.com> wrote in message
news:6be0f893-a7c6-4bdc-ad5a-b45f172c51c0@j22g2000hsf.googlegroups.com...
On Jun 21, 7:01?pm, "Kerry Brown" <ke...@kdbNOSPAMsys-tems.c*a*m>
wrote:

"I don't think I know Dave but I certainly didn't ask him to post a link to
my blog.
I do appreciate that Dave thought my topic earlier this week was worth
discussing. Thanks Dave"


You're welcome, Bill.

I can confirm here that I do not know Bill personally (nor, in fact, on
line) although I *have* used Win Patrol in the distant past. Perhaps I will
again now!

I first became aware of such matters when I read this item in The Register:-
http://www.theregister.co.uk/2008/04/09/dns_rebinding_attack/

There are a great many 'help' sites on the net - many purporting to 'clean'
a users PC - yet cybercrime continues to flourish. Most people I know would
expect that a format and reinstallation of an operating system would
*really* give then a fresh start. It seems to me, though, that if one's
router has a mind of its own, so to speak, a computer could be back as part
of a Botnet in the blink of an eye!

Dave

 

[~BD~]

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:A6B2884B-1422-447D-99EB-29ABA5FF99B1@microsoft.com...
> "~BD~" <~BD~@nospam.invalid> wrote in message
> news:ukg00d%230IHA.3920@TK2MSFTNGP02.phx.gbl...
>>
>> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
>> news:6EB2935C-B3C7-42F9-A914-ABF91E226C67@microsoft.com...
>>> "~BD~" <~BD~@nospam.invalid> wrote in message
>>> news:%23FFMn280IHA.5832@TK2MSFTNGP02.phx.gbl...
>>>>
>>>> "jen" <jen@example.com> wrote in message
>>>> news:OCkOkF80IHA.5944@TK2MSFTNGP04.phx.gbl...
>>>>> "Leythos" <void@nowhere.lan> wrote in message
>>>>> news:1213995318_86351@news.usenet.com...
>>>>>> In article <eTtSYAw0IHA.4004@TK2MSFTNGP03.phx.gbl>,
>>>>>> ~BD~@nospam.invalid
>>>>>> says...[clueless snip restored]:
>>>>>
>>>>> "Instead of installing malware that continues to run like a key logger
>>>>> or
>>>>> trojan, malicious programs are increasingly attacking the network
>>>>> router
>>>>> which is common with any internet connected home and/or office. An
>>>>> unwanted
>>>>> program can quickly make a change to your router settings that will
>>>>> immediately open all your computers to the world. The bad guys won't
>>>>> have to
>>>>> install a key logger, they'll be able to record every byte that goes
>>>>> across
>>>>> your network. It's happening now to thousands of routers which are
>>>>> still
>>>>> using their default name and password."
>>>>>
>>>>> So begins a recent item by Bill Pytlovany. Full detail here:-
>>>>> http://billpstudios.blogspot.com/2008/06/malware-attacking-your-router.html
>>>>>
>>>>> Comments invited here!
>>>>>
>>>>> Dave
>>>>>
>>>>>> Try posting to usenet for a few years before spamming Usenet.
>>>>>
>>>>> LOL! If you are so Usenet savvy, how come you don't know this is
>>>>> "Boater Dave", is *not* spam(look up the definition) and don't seem to
>>>>> even know who the author of the Blog is? I've *very rarely* seen you
>>>>> post *anything* helpful or relevant, preferring instead to post your
>>>>> "rebuttals" (pun intended) to PCButts1's posts ad nauseum...
>>>>> Get a clue!
>>>>>
>>>>> HTH,
>>>>> -jen
>>>>
>>>> Thank you for responding in this maner 'jen'. Everything I've ever seen
>>>> *you* post has been helpful and relevant ....... and I hope, by now,
>>>> you know that BoaterDave (yes, me!) wants nothing more than the bad
>>>> guys hung out to dry. I'd be grateful if you would take a look at the
>>>> response to my post (identical) placed in
>>>> 'microsoft.public.security.homeusers' - the reply is from Kerry Brown
>>>> (aka TechB) who *doesn't* seem to think this a serious threat. Perhaps
>>>> you could respond in each group thereafter.
>>>>
>>>> TIA
>>>>
>>>> Dave
>>>>
>>>
>>>
>>> If you wish to reply to me please do so in person. Read my post again. I
>>> do take this threat seriously. What the threat can do has been
>>> exaggerated in the blog you posted a link to. The seriousness of the
>>> threat is not in question. I've been warning people about this for quite
>>> a while.
>>>
>>> --
>>> Kerry Brown
>>> MS-MVP - Windows Desktop Experience: Systems Administration
>>> http://www.vistahelp.ca/phpBB2/
>>>
>>>
>>
>> Hello Kerry Brown/TechB!
>>
>> You mentioned "They could redirect you to sites ....... "
>>
>> Indeed - it appears that might well happen! You mention spyware, but I
>> suspect that one might be sent to URL's which will download *malware*
>> surrepticiously onto one's computer without the knowledge of the user. I
>> fully appreciate that the appropriation of a router does not itself load
>> malware onto a computer, but there is only one more step required to
>> ensnare the associated machines!
>>
>
> When they have enough control to compromise your router they could just as
> easily have installed malware on your computer if they wanted to. Changing
> the DNS settings on your router indicates they probably have other things
> in mind. They could redirect you to a fake bank site for instance.
>
>> I'm pleased that you dropped by here. I was just about to reply to you in
>> the 'homeusers' group to tell you that I was involved in discussion here.
>> I am delighted to learn that you agree that the threat is real ........
>> and very dangerous!
>>
>> What is needed is some simple indication that a router *has* actually
>> been compromised - so that a user may take steps to format/reinstall
>> their operating system(s) and start afresh!
>>
>> Any ideas on how one might be able to tell if a router has been 'got at'?
>>
>> I suspect there is no such indicator!
>>
>
> It's quite easy to tell if a router has been compromised. Check which DNS
> servers the router is using. If they aren't from your ISP the router has
> been compromised. Formatting or reinstalling your OS would have no affect
> at all on this. The wrong DNS settings would still exist in your router.
> Flashing the router's firmware then setting a strong password and
> disabling uPnP are the steps to take to correct the problem. If you think
> they redirected you to a bad site that installed malware then yes, to fix
> that you may need to format and reinstall the OS.
>
> --
> Kerry Brown
> MS-MVP - Windows Desktop Experience: Systems Administration
> http://www.vistahelp.ca/phpBB2/
>
>

We really aren't too far apart, Kerry! <wink>

You will no doubt spot my reply to Bill.

Are you able to point me in the direction of *how* to check which DNS
servers a router is using? My router is a Netgear DG834G v3 supplied by AOL
and which was initially set up by a CD also supplied by AOL - it all
happened 'automatically'!

Dave

 

[MAP]

jen wrote:
> "Leythos" <void@nowhere.lan> wrote in message
> news:1213995318_86351@news.usenet.com...
>> In article <eTtSYAw0IHA.4004@TK2MSFTNGP03.phx.gbl>,
>> ~BD~@nospam.invalid
>> says...[clueless snip restored]:
>
> "Instead of installing malware that continues to run like a key logger
> or
> trojan, malicious programs are increasingly attacking the network
> router which is common with any internet connected home and/or
> office. An unwanted
> program can quickly make a change to your router settings that will
> immediately open all your computers to the world. The bad guys won't
> have to
> install a key logger, they'll be able to record every byte that goes
> across
> your network. It's happening now to thousands of routers which are
> still using their default name and password."
>
> So begins a recent item by Bill Pytlovany. Full detail here:-
> http://billpstudios.blogspot.com/2008/06/malware-attacking-your-router.html
>
> Comments invited here!
>
> Dave
>
>> Try posting to usenet for a few years before spamming Usenet.
>
> LOL! If you are so Usenet savvy, how come you don't know this is
> "Boater Dave", is *not* spam(look up the definition) and don't seem to
> even know who the author of the Blog is? I've *very rarely* seen you
> post *anything* helpful or relevant, preferring instead to post your
> "rebuttals" (pun intended) to PCButts1's posts ad nauseum...
> Get a clue!
>
> HTH,
> -jen


Just like Andrew E. Leythos will never admit any fault.

--
Mike Pawlak

 

[Kerry Brown]

"~BD~" <~BD~@nospam.invalid> wrote in message
news:u4n8yfD1IHA.2188@TK2MSFTNGP04.phx.gbl...
>
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:A6B2884B-1422-447D-99EB-29ABA5FF99B1@microsoft.com...
>> "~BD~" <~BD~@nospam.invalid> wrote in message
>> news:ukg00d%230IHA.3920@TK2MSFTNGP02.phx.gbl...
>>>
>>> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
>>> news:6EB2935C-B3C7-42F9-A914-ABF91E226C67@microsoft.com...
>>>> "~BD~" <~BD~@nospam.invalid> wrote in message
>>>> news:%23FFMn280IHA.5832@TK2MSFTNGP02.phx.gbl...
>>>>>
>>>>> "jen" <jen@example.com> wrote in message
>>>>> news:OCkOkF80IHA.5944@TK2MSFTNGP04.phx.gbl...
>>>>>> "Leythos" <void@nowhere.lan> wrote in message
>>>>>> news:1213995318_86351@news.usenet.com...
>>>>>>> In article <eTtSYAw0IHA.4004@TK2MSFTNGP03.phx.gbl>,
>>>>>>> ~BD~@nospam.invalid
>>>>>>> says...[clueless snip restored]:
>>>>>>
>>>>>> "Instead of installing malware that continues to run like a key
>>>>>> logger or
>>>>>> trojan, malicious programs are increasingly attacking the network
>>>>>> router
>>>>>> which is common with any internet connected home and/or office. An
>>>>>> unwanted
>>>>>> program can quickly make a change to your router settings that will
>>>>>> immediately open all your computers to the world. The bad guys won't
>>>>>> have to
>>>>>> install a key logger, they'll be able to record every byte that goes
>>>>>> across
>>>>>> your network. It's happening now to thousands of routers which are
>>>>>> still
>>>>>> using their default name and password."
>>>>>>
>>>>>> So begins a recent item by Bill Pytlovany. Full detail here:-
>>>>>> http://billpstudios.blogspot.com/2008/06/malware-attacking-your-router.html
>>>>>>
>>>>>> Comments invited here!
>>>>>>
>>>>>> Dave
>>>>>>
>>>>>>> Try posting to usenet for a few years before spamming Usenet.
>>>>>>
>>>>>> LOL! If you are so Usenet savvy, how come you don't know this is
>>>>>> "Boater Dave", is *not* spam(look up the definition) and don't seem
>>>>>> to even know who the author of the Blog is? I've *very rarely* seen
>>>>>> you post *anything* helpful or relevant, preferring instead to post
>>>>>> your "rebuttals" (pun intended) to PCButts1's posts ad nauseum...
>>>>>> Get a clue!
>>>>>>
>>>>>> HTH,
>>>>>> -jen
>>>>>
>>>>> Thank you for responding in this maner 'jen'. Everything I've ever
>>>>> seen *you* post has been helpful and relevant ....... and I hope, by
>>>>> now, you know that BoaterDave (yes, me!) wants nothing more than the
>>>>> bad guys hung out to dry. I'd be grateful if you would take a look at
>>>>> the response to my post (identical) placed in
>>>>> 'microsoft.public.security.homeusers' - the reply is from Kerry Brown
>>>>> (aka TechB) who *doesn't* seem to think this a serious threat. Perhaps
>>>>> you could respond in each group thereafter.
>>>>>
>>>>> TIA
>>>>>
>>>>> Dave
>>>>>
>>>>
>>>>
>>>> If you wish to reply to me please do so in person. Read my post again.
>>>> I do take this threat seriously. What the threat can do has been
>>>> exaggerated in the blog you posted a link to. The seriousness of the
>>>> threat is not in question. I've been warning people about this for
>>>> quite a while.
>>>>
>>>> --
>>>> Kerry Brown
>>>> MS-MVP - Windows Desktop Experience: Systems Administration
>>>> http://www.vistahelp.ca/phpBB2/
>>>>
>>>>
>>>
>>> Hello Kerry Brown/TechB!
>>>
>>> You mentioned "They could redirect you to sites ....... "
>>>
>>> Indeed - it appears that might well happen! You mention spyware, but I
>>> suspect that one might be sent to URL's which will download *malware*
>>> surrepticiously onto one's computer without the knowledge of the user. I
>>> fully appreciate that the appropriation of a router does not itself load
>>> malware onto a computer, but there is only one more step required to
>>> ensnare the associated machines!
>>>
>>
>> When they have enough control to compromise your router they could just
>> as easily have installed malware on your computer if they wanted to.
>> Changing the DNS settings on your router indicates they probably have
>> other things in mind. They could redirect you to a fake bank site for
>> instance.
>>
>>> I'm pleased that you dropped by here. I was just about to reply to you
>>> in the 'homeusers' group to tell you that I was involved in discussion
>>> here. I am delighted to learn that you agree that the threat is real
>>> ........ and very dangerous!
>>>
>>> What is needed is some simple indication that a router *has* actually
>>> been compromised - so that a user may take steps to format/reinstall
>>> their operating system(s) and start afresh!
>>>
>>> Any ideas on how one might be able to tell if a router has been 'got
>>> at'?
>>>
>>> I suspect there is no such indicator!
>>>
>>
>> It's quite easy to tell if a router has been compromised. Check which DNS
>> servers the router is using. If they aren't from your ISP the router has
>> been compromised. Formatting or reinstalling your OS would have no affect
>> at all on this. The wrong DNS settings would still exist in your router.
>> Flashing the router's firmware then setting a strong password and
>> disabling uPnP are the steps to take to correct the problem. If you think
>> they redirected you to a bad site that installed malware then yes, to fix
>> that you may need to format and reinstall the OS.
>>
>> --
>> Kerry Brown
>> MS-MVP - Windows Desktop Experience: Systems Administration
>> http://www.vistahelp.ca/phpBB2/
>>
>>
>
> We really aren't too far apart, Kerry! <wink>
>
> You will no doubt spot my reply to Bill.
>
> Are you able to point me in the direction of *how* to check which DNS
> servers a router is using? My router is a Netgear DG834G v3 supplied by
> AOL and which was initially set up by a CD also supplied by AOL - it all
> happened 'automatically'!
>


You'd have to check with AOL and see which DNS servers should be in use.
Then you'd have to look in the manual for the Netgear as to where to check
which DNS servers were being used.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/

 

[Peter Foldes]

Try this link
http://www.blakjak.demon.co.uk/mul_crss.htm
--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"~BD~" <~BD~@nospam.invalid> wrote in message news:%236T%237H%230IHA.5300@TK2MSFTNGP06.phx.gbl...
>
> "Peter Foldes" <okf22@hotmail.com> wrote in message
> news:u2lI$o90IHA.800@TK2MSFTNGP02.phx.gbl...
> See if this will help you understand Dave
> http://www.blakjak.demon.co.uk/mul_crss.htm
> --
> Peter
>
> Please Reply to Newsgroup for the benefit of others
> Requests for assistance by email can not and will not be acknowledged.
>
>
>
> Hello Peter Foldes!
>
> Thank you for trying to help. I'm afraid, though, that when I copy and paste
> the link you provided into either IE7 or my AOL browser, the page cannot be
> found.
>
> I'd be interested to know whether or not the link (when copied/pasted) works
> for anyone else. Please advise. TIA.
>
> Should I simply click on the link ............ and go wherever it may take
> me? Hmmmm (stroking chin!)
>
> Dave
>
>

 

[~BD~]

"Peter Foldes" <okf22@hotmail.com> wrote in message
news:%23NWd2SI1IHA.1572@TK2MSFTNGP05.phx.gbl...
Try this link
http://www.blakjak.demon.co.uk/mul_crss.htm
--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"~BD~" <~BD~@nospam.invalid> wrote in message
news:%236T%237H%230IHA.5300@TK2MSFTNGP06.phx.gbl...
>
> "Peter Foldes" <okf22@hotmail.com> wrote in message
> news:u2lI$o90IHA.800@TK2MSFTNGP02.phx.gbl...
> See if this will help you understand Dave
> http://www.blakjak.demon.co.uk/mul_crss.htm
> --
> Peter
>
> Please Reply to Newsgroup for the benefit of others
> Requests for assistance by email can not and will not be acknowledged.
>
>
>
> Hello Peter Foldes!
>
> Thank you for trying to help. I'm afraid, though, that when I copy and
> paste
> the link you provided into either IE7 or my AOL browser, the page cannot
> be
> found.
>
> I'd be interested to know whether or not the link (when copied/pasted)
> works
> for anyone else. Please advise. TIA.
>
> Should I simply click on the link ............ and go wherever it may take
> me? Hmmmm (stroking chin!)
>
> Dave
>
>

FYI Peter - posted in microsoft.public.security.homeusers

Perhaps someone here will comment on a point of confusion (for me!)

In the 'virus' group mentioned, where I recently posted a message identical
to my OP here, a Mr Peter Foldes (PF) posted a link to
http://www.blakjak.demon.co.uk/mul_crss.htm whiich explains the difference
between Multiposting and Crossposting (written by David Stevenson). I have
seen it before. Maybe it is genuine, maybe not.

I did not click on the link, but copied and pasted same into my browser(s)
as mentioned in my response to Mr Foldes yesterday. It failed to take me to
the intended page, again as mentioned in my reply to him.

Today Peter Foldes has posted another link - which appears identical to the
original - and this time it 'works'.

Wondering if Gremlins are at work here, I checked both the origal link PF
posted and the one in my reply to him. Wow! Today *all* the links work!

Is it magic ............ or has someone tampered with the links? I wonder
how it was done. Any thoughts anyone? TIA

Dave

 

[Leythos]

In article <ujusFKD1IHA.4364@TK2MSFTNGP02.phx.gbl>,
mikepawlak2REM@OVEhotmail.com says...
> Just like Andrew E. Leythos will never admit any fault.

Just like a troll you don't know what you're talking about kido. I've
already posted that I could have misunderstood.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

 

[MAP]

Leythos wrote:
> In article <ujusFKD1IHA.4364@TK2MSFTNGP02.phx.gbl>,
> mikepawlak2REM@OVEhotmail.com says...
>> Just like Andrew E. Leythos will never admit any fault.
>
> Just like a troll you don't know what you're talking about kido. I've
> already posted that I could have misunderstood.

Ya I read it, you admitted some fault while still blaming BD for the way he
posted and admittingly stating that you did not click the link. the most
non-applogy I've seen in some time. Go ahead and reply, in the past you seem
to have a need to have the last word, go ahead I'll give it to you.


" Unlike you, I can live with being wrong and have been in the past. The
post appeared to be spam and was improperly formatted in a reply, like
your post is not properly quoting the text you quoted.

So, yes, it appears that BD is a good member, that the blog is
reputable, but, I had not seen either before and took it for face value.

Maybe you can get your Usenet interface fixed while you ponder the
simple misunderstanding because of a lack of explanation."


How can you have not reconised BD he's been posting here for several months
and you come here often?


--
Mike Pawlak

 

[Leythos]

In article <uYygn6K1IHA.5300@TK2MSFTNGP06.phx.gbl>,
mikepawlak2REM@OVEhotmail.com says...
> Leythos wrote:
> > In article <ujusFKD1IHA.4364@TK2MSFTNGP02.phx.gbl>,
> > mikepawlak2REM@OVEhotmail.com says...
> >> Just like Andrew E. Leythos will never admit any fault.
> >
> > Just like a troll you don't know what you're talking about kido. I've
> > already posted that I could have misunderstood.
>
> Ya I read it, you admitted some fault while still blaming BD for the way he
> posted and admittingly stating that you did not click the link. the most
> non-applogy I've seen in some time. Go ahead and reply, in the past you seem
> to have a need to have the last word, go ahead I'll give it to you.
>

As I read what you've posted, your sort of saying you were wrong, but,
that's the most non-apology I've seen in some time....

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

 

[jen]

"Leythos" <void@nowhere.lan> wrote in message
news:1214186592_106774@news.usenet.com...
> In article <uYygn6K1IHA.5300@TK2MSFTNGP06.phx.gbl>,
> mikepawlak2REM@OVEhotmail.com says...
>> Leythos wrote:
>> > In article <ujusFKD1IHA.4364@TK2MSFTNGP02.phx.gbl>,
>> > mikepawlak2REM@OVEhotmail.com says...
>> >> Just like Andrew E. Leythos will never admit any fault.
>> > Just like a troll you don't know what you're talking about kido.
>> > I've
>> > already posted that I could have misunderstood.
>> Ya I read it, you admitted some fault while still blaming BD for the
>> way he
>> posted and admittingly stating that you did not click the link. the
>> most
>> non-applogy I've seen in some time. Go ahead and reply, in the past
>> you seem
>> to have a need to have the last word, go ahead I'll give it to you.
> As I read what you've posted, your sort of saying you were wrong, but,
> that's the most non-apology I've seen in some time....

How lame...

-jen

 

[Leythos]

In article <#bc1iQX1IHA.5832@TK2MSFTNGP02.phx.gbl>, jen@example.com
says...
> "Leythos" <void@nowhere.lan> wrote in message
> news:1214186592_106774@news.usenet.com...
> > In article <uYygn6K1IHA.5300@TK2MSFTNGP06.phx.gbl>,
> > mikepawlak2REM@OVEhotmail.com says...
> >> Leythos wrote:
> >> > In article <ujusFKD1IHA.4364@TK2MSFTNGP02.phx.gbl>,
> >> > mikepawlak2REM@OVEhotmail.com says...
> >> >> Just like Andrew E. Leythos will never admit any fault.
> >> > Just like a troll you don't know what you're talking about kido.
> >> > I've
> >> > already posted that I could have misunderstood.
> >> Ya I read it, you admitted some fault while still blaming BD for the
> >> way he
> >> posted and admittingly stating that you did not click the link. the
> >> most
> >> non-applogy I've seen in some time. Go ahead and reply, in the past
> >> you seem
> >> to have a need to have the last word, go ahead I'll give it to you.
> > As I read what you've posted, your sort of saying you were wrong, but,
> > that's the most non-apology I've seen in some time....
>
> How lame...

That's what I thought when MAP said it too.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

 

[~BD~]

"Leythos" <void@nowhere.lan> wrote in message
news:1214264098_123673@news.usenet.com...
> In article <#bc1iQX1IHA.5832@TK2MSFTNGP02.phx.gbl>, jen@example.com
> says...
>> "Leythos" <void@nowhere.lan> wrote in message
>> news:1214186592_106774@news.usenet.com...
>> > In article <uYygn6K1IHA.5300@TK2MSFTNGP06.phx.gbl>,
>> > mikepawlak2REM@OVEhotmail.com says...
>> >> Leythos wrote:
>> >> > In article <ujusFKD1IHA.4364@TK2MSFTNGP02.phx.gbl>,
>> >> > mikepawlak2REM@OVEhotmail.com says...
>> >> >> Just like Andrew E. Leythos will never admit any fault.
>> >> > Just like a troll you don't know what you're talking about kido.
>> >> > I've
>> >> > already posted that I could have misunderstood.
>> >> Ya I read it, you admitted some fault while still blaming BD for the
>> >> way he
>> >> posted and admittingly stating that you did not click the link. the
>> >> most
>> >> non-applogy I've seen in some time. Go ahead and reply, in the past
>> >> you seem
>> >> to have a need to have the last word, go ahead I'll give it to you.
>> > As I read what you've posted, your sort of saying you were wrong, but,
>> > that's the most non-apology I've seen in some time....
>>
>> How lame...
>
> That's what I thought when MAP said it too.
>
> --
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free@rrohio.com (remove 999 for proper email address)
>

Whilst I may be wrong about this, I *think* the lame comment was directed at
YOU Leythos! <wink>

Just as a reminder, you *have* 'met' me here before. Perhaps this 'cut and
paste' will jog your memory:-

In line responses:

>> Maybe *you* will comment on whether or not you feel AumHa is a 'safe'
>> place
>> to visit when one is seeking help and advice on computer related matters?
>
> I make no suggestion that any site is safe, and only state that sites
> are unsafe if I've personally confirmed them to be unsafe or practice
> bad ethics - like pc butts 1 . com (see sig).

A very sensible stance to take! FYI, your link to the speedguide forum
article did not work for me (either from here of from the Techaarena thread
here: http://forums.techarena.in/showthread.php?t=978738

>
> I have never been to the site you ask about, so I can't comment.
>

It often appears - in Malke an PABear responses in particular. I'm surprised
that you haven't been sufficiently curious to take a look! )

Dave

 

[Leythos]

In article <#1I6Bof1IHA.4848@TK2MSFTNGP05.phx.gbl>, ~BD~@nospam.invalid
says...
> Whilst I may be wrong about this, I *think* the lame comment was directed at
> YOU Leythos! <wink>

Are you going to use a Usenet client that strips the sig lines?

> Just as a reminder, you *have* 'met' me here before. Perhaps this 'cut and
> paste' will jog your memory:-

I don't pay attention posters names/nic's, all I go on is content.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

 

[David H. Lipman]

From: "Root Kit" <b__nice@hotmail.com>

| On Fri, 20 Jun 2008 21:17:35 -0400, "David H. Lipman"
| <DLipman~nospam~@Verizon.Net> wrote:

>>WinPatrol is a trusted anti malware utility.

| There is no such thing as a trusted anti malware utility.

Not true at all!

Since there are rogue anti malware utilities associated with the WinFixer and SmitFruad
Trojan groups that are in fact malware. Trojans are installed on the unsuspecting
computer users that goad them to purchase so-called anti malware software that does not do
what they puport they will do. Their goal is just to extract money from you.

Then there are trusted anti malware utilities that perform what they say they will do.
Remove malware. These are trusted and vetted.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 

[jen]

"Leythos" <void@nowhere.lan> wrote in message
news:1214264098_123673@news.usenet.com...
In article <#bc1iQX1IHA.5832@TK2MSFTNGP02.phx.gbl>, jen@example.com
says...
"Leythos" <void@nowhere.lan> wrote in message
news:1214186592_106774@news.usenet.com...
In article <uYygn6K1IHA.5300@TK2MSFTNGP06.phx.gbl>,
mikepawlak2REM@OVEhotmail.com says...
Leythos wrote:
In article <ujusFKD1IHA.4364@TK2MSFTNGP02.phx.gbl>,
mikepawlak2REM@OVEhotmail.com says...
>>>> Just like Andrew E. Leythos will never admit any fault.
>>>>> Just like a troll you don't know what you're talking about kido.
>>>>> I've already posted that I could have misunderstood.
>>>> Ya I read it, you admitted some fault while still blaming BD for
>>>> the
>>>> way he posted and admittingly stating that you did not click the
>>>> link. the
>>>> most non-applogy I've seen in some time. Go ahead and reply, in the
>>>> past
>>>> you seem to have a need to have the last word, go ahead I'll give
>>>> it to you.
>>> As I read what you've posted, your sort of saying you were wrong,
>>> but,
>>> that's the most non-apology I've seen in some time....
>> How lame...
> That's what I thought when MAP said it too.

It seems your lameness knows no bounds, lol.

-jen