Re: XEVSJGB

[Jay T. Blocksom]

On Wed, 30 Jul 2003 06:13:00 GMT, in <alt.privacy.spyware>, forte agent
<pgmeyer@gte.net> wrote:
>
> On Tue, 29 Jul 2003 05:55:38 -0400, "mto" <nobody@nowhere.com> wrote:
> Unfortunatly I didn't. it appears to be a "drive by install" that some
> one put in every page I accssed on the web site.
[snip]

> FYI the web site is
> www.stratitec.com.
[snip]

First and foremost... When posting URLs for sites you consider malicious
(or even suspicious), ALWAYS munge them so that any "naive innocents"
reading your article cannot just click on it and be redirected there
automagically. Something like this, for example:
<www[dot]stratitec[dot]com>.

However, you'll note that I didn't bother to fix the quoted one above
because...

I just had a look at that site via the SamSpade "Safe Browser"
<http://samspade.org/t/safe?u=http%3A%2F%2Fwww.stratitec.com>, and saw
nothing of the sort. The closest it gets to what you describe is some
canned (i.e., the site owner cribbed 99% of it from a third party)
JavaScript menu-generation routines. That's arguably very stupid, but not
inherently evil -- and a quick perusal of the JS itself showed no hint of a
DBDL.

Methinks you have not yet found the source of your problem.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Jay T. Blocksom]

On Wed, 30 Jul 2003 06:21:54 GMT, in <alt.privacy.spyware>, forte agent
<pgmeyer@gte.net> wrote:
>
> On Wed, 30 Jul 2003 01:08:27 -0400, Jay T. Blocksom
> <usenet01+SPAMBLOCK@appropriate-tech.net> wrote:
>
>
> >
> >Then improve your system setup and operating habits so that something
> >like this won't happen again.
> This is something that the programs(I have) have not encountered in
> this formor there a setting I missed.It's relativly simple
> ,small,crudely done,loads fast ( a486dx2 might be slow enough to be
> able to stop it from loading) or I would not have been able to remove
> the parts I found.It appears to be dependant on inserting a run
> reference in the reg.

I'm sorry, but... Even after re-reading it several times, I still cannot
make any sense whatsoever out of your article, particularly in context.
Please try again in English.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[mto]

"Jay T. Blocksom" <usenet01+SPAMBLOCK@appropriate-tech.net> wrote in message
news:sn1givkl7io0vlkbdg0qe6uk1c194dttgu@news.rcn.c om...
> On Wed, 30 Jul 2003 06:13:00 GMT, in <alt.privacy.spyware>, forte agent
> <pgmeyer@gte.net> wrote:
> >
> > On Tue, 29 Jul 2003 05:55:38 -0400, "mto" <nobody@nowhere.com> wrote:
> > Unfortunatly I didn't. it appears to be a "drive by install" that some
> > one put in every page I accssed on the web site.
> [snip]
>
> > FYI the web site is
> > www.stratitec.com.
> [snip]
>
> First and foremost... When posting URLs for sites you consider malicious
> (or even suspicious), ALWAYS munge them so that any "naive innocents"
> reading your article cannot just click on it and be redirected there
> automagically. Something like this, for example:
> <www[dot]stratitec[dot]com>.
>
> However, you'll note that I didn't bother to fix the quoted one above
> because...
>
> I just had a look at that site via the SamSpade "Safe Browser"
> <http://samspade.org/t/safe?u=http%3A%2F%2Fwww.stratitec.com>, and saw
> nothing of the sort. The closest it gets to what you describe is some
> canned (i.e., the site owner cribbed 99% of it from a third party)
> JavaScript menu-generation routines. That's arguably very stupid, but not
> inherently evil -- and a quick perusal of the JS itself showed no hint of
a
> DBDL.
>
> Methinks you have not yet found the source of your problem.
>
> --

I agree. Every drive-by install that I have seen comes from the ADVERTISING
on the site, not the site itself. You can stop most of it by blocking the
adservers as you come across them.

[Dick Hazeleger]

Jay T. Blocksom wrote:

> On Wed, 30 Jul 2003 06:21:54 GMT, in <alt.privacy.spyware>, forte
> agent <pgmeyer@gte.net> wrote:
> >
> > On Wed, 30 Jul 2003 01:08:27 -0400, Jay T. Blocksom
> > <usenet01+SPAMBLOCK@appropriate-tech.net> wrote:
> >
> >
> > >
> > >Then improve your system setup and operating habits so that
> something > >like this won't happen again.
> > This is something that the programs(I have) have not encountered in
> > this formor there a setting I missed.It's relativly simple
> > ,small,crudely done,loads fast ( a486dx2 might be slow enough to be
> > able to stop it from loading) or I would not have been able to
> remove > the parts I found.It appears to be dependant on inserting a
> run > reference in the reg.
>
> I'm sorry, but... Even after re-reading it several times, I still
> cannot make any sense whatsoever out of your article, particularly in
> context. Please try again in English.

Jay... how about this then. This is what the OP meant IMO:

This (the drive by download) is something the programs that I have did
not stop or report in this form or there must be a setting that I
missed. It's (the drive by download) relativley simple, small and
crudely done and downloads fast (a 486-DX2 might be slow enough to be
able to stop it from loading) and I would have been able to remove the
parts I found. It (the drive by download) seems to be depending on
inserting a run (at boot time) in the registry.

English is a difficult language... don't condemn those who don't speak
it as well as you do.. I would love to see you posting in my native
language!

Regards
Dick

[Jay T. Blocksom]

On Sat, 02 Aug 2003 00:12:33 -0000, in <alt.privacy.spyware>, "Dick
Hazeleger" <Dick@post_it_in_the_newsgroup.com> wrote:
>
[snip]
>
> English is a difficult language... don't condemn those who don't speak
> it as well as you do..
[snip]

Not condemning. Just pointing out that (your attempt at "translation"
notwithstanding) the message, as posted, was undecipherable. I never got
the impression that this was due to the poster's primary language being
something other than English.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -