Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Name: Ray Peate
He's back - wonderful news!!! I managed to get to his web site this am - Saturday 14 February: Happy Valentine's Day to you all!
0 
Does anyone know what bug is sending the DDOS attack?
We all might have it and not know.
I have Norton AV & ZoneAlarm and CWS still managed to get onto my PC without me knowing.
CWShredder found it and deleted it.
0
Getting into the SpywareInfo sites depends on luck, your ISP, hitting breaks in the DDOS attack.
I like my LinkSys router with all the LEDs on it, so I can tell if my system is sending things when it should not be.
If you have a firewall or not running a server, then you are not reflecting the attacks. Being infected and taking part in the spread should be detectable as outbound traffic when you are not doing anything.
In theory, a large ISP could protect a Server-Only Farm from this type of attack by blocking all inbound SYN/ACK packets directed the the IP address range of the Farm. How well it would work in practice and how much equipment it would take to filter all traffic would be an issue.
0
Thanks for the good info Jack.
Ray, just got version 1.49.0 at
http://www.majorgeeks.com/download4086.html
a little slow, but I found no problem with it.I think the version people were having
problems with, was 1.48.2
0
I managed to get through directly to Merijn's site and download 1.49.0 also just now. I see how they have manage to get back up. An IP address change might not last long as the attacker can change that part of the attack quickly. However, that breaks some help links where this has been hard coded to avoid CoolWebSearch blocking access through the URL. Time to update those links.
0
i beleave the doss attack was based on the hole left by the worm used to doss sco and microsucks.
as there was severl ports opened by that worm. and the russian mob types that are behind coolweb search would have used that.
jmho••• Resistance is invigorating! •••
0
Thanks, JackG!! Got it from Majorgeeks - very grateful to you for the info. As you say, a long pause before the download begins but at least it works! Tried merijn.org again but still no luck inside the web site!
0
As of right now, 8:10pm EST...I still can't get onto Merijn's site. Says, "action cancelled." Oh well...
--Viv :)
0
Can't get into Spyareinfo's site, TomCyote's sites either....they must all be getting hit by the same attack.
Evil thought but would be nice to see CWS get a taste of their own medicine!
Thanks Ray...got it from Major Geeks!
Good day all!
I never give up!
0
Hey Abnormal
I cant get that one to work either...and I know I'm not infected by any cws or smartsearch...etc. keeping me out. Must be time of day or something (right now it's 3:30pm EST)...I cant see that many websites getting DOS attacked for this long by the CWS writers.....persistant buggers!
BTW...anybody know if the new CWShredder is safe to use? Has anyone had any problems with it?
__________________________
I never give up!
0
Sorry you can't get there, some info from
Mike (spywareinfo).As most people know by now, SpywareInfo, TomCoyote.org and merijn.org disappeared last week. This is due to a colossal, ongoing distributed denial of service attack. Several thousand trojaned PCs are throwing millions of HTTP GET requests at the apache server. The attacker is very determined to keep these sites off the net. Every time we filter out the attack, thousand of new machines join in. For now, the server is firewalled and all traffic is being null routed.
No one has claimed responsibility and there has been no attempt to break into the server. We are examining files from some of the infected machines involved in the attacks. At this time, I cannot confirm or deny the rumors floating around that coolwebsearch.com or one of their affiliated sites is responsible for these attacks.
TomCoyote.org is up and running again on a new server and the forums there are available to help people: http://forums.tomcoyote.org/. The private mailing list and malware repository for antispyware developers is also up and running on a new server.
SpywareInfo and merijn.org will continue to be down for the next several days. My hosting service and I are working on setting up a system of multiple redundant proxy servers to shield the main server from these attacks. I hope to have this running within the next week or so.
There are several mirrors for HijackThis and CWShredder. I believe Majorgeeks.com has the current version of both.
HijackThis: http://www.majorgeeks.com/download.php?det=3155
CWShredder: http://www.majorgeeks.com/download4086.htmlIf anyone would like to contribute a server, please contact me at mike@tomcoyote.org. There are some minimum requirements for each server. I need a minimum PII 300MHz 128RAM, dedicated IP address, apache 1.3x on linux (preferably red hat) with root access via SSH and minimum of 100GB bandwidth/month. A Virtual Private Server (VPS) will work fine (I don't need a whole box).
SpywareInfo will be back. It will take more than this to keep us off the net.
Mike Healan
SpywareInfohttp://www.wilderssecurity.com/index.php?board=22;action=display;threadid=21950
As for the shredder, I found no problem
using ME.
0
http://www.merijn.org
is ONLINE AND RUNNING!If you can't reach the site, add the following to your HOSTS files:
216.40.225.12 merijn.org
216.40.225.12 www.merijn.org
0
Thanks Abnormal
I tried cwshredder too on xp pro...no problems here either, I just wanted to make sure before using it on other people's systems or recommending it to others. I will also try shredder on my 98 system to make sure....cwshredder ok on 98 but still asks about wether or not my modem driver is a random name.....might be a problem for some people not familliar with their system like I am (and many others). I still would be kind of leary on letting the tool remove whatever it wanted to...I dont think it is totally safe....the user should ask or research any "random" files the tool finds.
Finally got to TomCyote's site with the info you provided...Thanks!_____________________________
I never give up!
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
