Sign in with
Sign up | Sign in
Your question

WARNING: Zone Labs web sites spread virus and spyware!

Last response: in Networking
Share
Anonymous
May 16, 2004 6:16:58 PM

Archived from groups: comp.security.firewalls (More info?)

If you visit Zone Labs (ie. the maker of ZoneAlarm personal
firewall software) support site then be aware that they are
spreading spyware and virus via their web pages!
You can confirm this here: http://forums.zonelabs.com/zonelabs
Your machine will be attacked by hidden links and adresses on
their web pages. For example the following adresses will
endlessly try to contact your PC in hope to find a security hole
while you are on their web pages:
213.61.6.*
80.15.238.*
download.zonelabs.com (a fake adress; has nothing to do with downloads)
65.200.195.*
62.214.9.*
212.187.169.*
195.22.198.79.*
....

The adresses are constantly changing (ie. a form of DDNS) to
make it hard for the people to filter them out. Many addresses
are tried in a round robin fashion in case users machine has one filtered out.

A shame for such a company, IMO a criminal act.
They first try to infect clueless peoples machines and later
try to sell them their security software.
I guess they call this "demand and support"..
Anonymous
May 16, 2004 10:55:45 PM

Archived from groups: comp.security.firewalls (More info?)

On Sun, 16 May 2004 14:16:58 -0400, UM spoketh

>If you visit Zone Labs (ie. the maker of ZoneAlarm personal
>firewall software) support site then be aware that they are
>spreading spyware and virus via their web pages!

Are you sure what you are seeing are related? I just spent 10-15 minutes
in the ZoneAlarm forums, and I'm not seeing any increase in probes from
anywhere...

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"
Anonymous
May 16, 2004 11:04:23 PM

Archived from groups: comp.security.firewalls (More info?)

On Sun, 16 May 2004 14:16:58 -0400, UM wrote:
> If you visit Zone Labs (ie. the maker of ZoneAlarm personal
> firewall software) support site then be aware that they are
> spreading spyware and virus via their web pages!
> You can confirm this here: http://forums.zonelabs.com/zonelabs

I think I found the problem. Loose nut behind the keyboard. :) 

I clicked your link and my firewall, showed no activity.
I think you may have see alot of virus probes right at the same time
you clicked the url.

I saw a lot of hits up to 12 noon, 4 hits until 1pm and 1 hit up to 2pm.
Anonymous
May 17, 2004 1:05:37 AM

Archived from groups: comp.security.firewalls (More info?)

In article <slrncafepn.f4v.BitTwister@wb.home.invalid>
Bit Twister <BitTwister@localhost.localdomain> wrote:
>
> On Sun, 16 May 2004 14:16:58 -0400, UM wrote:
> > If you visit Zone Labs (ie. the maker of ZoneAlarm personal
> > firewall software) support site then be aware that they are
> > spreading spyware and virus via their web pages!
> > You can confirm this here: http://forums.zonelabs.com/zonelabs
>
> I think I found the problem. Loose nut behind the keyboard. :) 
>
Probably just another Zone Alarm hater who figures
"I-hate-Zone-Alarm-and-therefore-any-lie-I-want-to-tell-about-
Zone-Alarm-is-OK."

-=-
This message was posted via two or more anonymous remailing services.
Anonymous
May 17, 2004 1:05:38 AM

Archived from groups: comp.security.firewalls (More info?)

>Probably just another Zone Alarm hater who figures
>"I-hate-Zone-Alarm-and-therefore-any-lie-I-want-to-tell-about-
>Zone-Alarm-is-OK."

I thought that only happened with Microsoft.
--
Dave "Crash" Dummy - A weapon of mass destruction
crash@gpick.com?subject=Techtalk (Do not alter!)
http://lists.gpick.com
Anonymous
May 17, 2004 1:31:26 AM

Archived from groups: comp.security.firewalls (More info?)

"Bit Twister" <BitTwister@localhost.localdomain> wrote in message
news:slrncafepn.f4v.BitTwister@wb.home.invalid...
> On Sun, 16 May 2004 14:16:58 -0400, UM wrote:
> > If you visit Zone Labs (ie. the maker of ZoneAlarm personal
> > firewall software) support site then be aware that they are
> > spreading spyware and virus via their web pages!
> > You can confirm this here: http://forums.zonelabs.com/zonelabs
>
> I think I found the problem. Loose nut behind the keyboard. :) 
>
> I clicked your link and my firewall, showed no activity.
> I think you may have see alot of virus probes right at the same time
> you clicked the url.
>
> I saw a lot of hits up to 12 noon, 4 hits until 1pm and 1 hit up to
2pm.

Hi All, There has been unusual scanning activity today. My usual
is under 80 per day lately. Today, since 1:00P.M., my ZAP log shows
822 and counting. Dozens of hits on Port 5000, (UPnP port). I don't
have it installed, and I've been on the Newsgroups off and on since
then. Lots of worms looking for a home out there. Nothing to do with
ZoneLabs Forums.

charlie R
Anonymous
May 17, 2004 2:53:30 PM

Archived from groups: comp.security.firewalls (More info?)

In article <c8986j$div$1@pscinews.psci.net>, welpctSKIPME@psci.net
says...
>
> "Bit Twister" <BitTwister@localhost.localdomain> wrote in message
> news:slrncafepn.f4v.BitTwister@wb.home.invalid...
> > On Sun, 16 May 2004 14:16:58 -0400, UM wrote:
> > > If you visit Zone Labs (ie. the maker of ZoneAlarm personal
> > > firewall software) support site then be aware that they are
> > > spreading spyware and virus via their web pages!
> > > You can confirm this here: http://forums.zonelabs.com/zonelabs
> >
> > I think I found the problem. Loose nut behind the keyboard. :) 
> >
> > I clicked your link and my firewall, showed no activity.
> > I think you may have see alot of virus probes right at the same time
> > you clicked the url.
> >
> > I saw a lot of hits up to 12 noon, 4 hits until 1pm and 1 hit up to
> 2pm.
>
> Hi All, There has been unusual scanning activity today. My usual
> is under 80 per day lately. Today, since 1:00P.M., my ZAP log shows
> 822 and counting. Dozens of hits on Port 5000, (UPnP port). I don't
> have it installed, and I've been on the Newsgroups off and on since
> then. Lots of worms looking for a home out there. Nothing to do with
> ZoneLabs Forums.

Port 5000 is also "bittorrent" - it's a program that lets you download
applications/data from lots of users at the same time. If you run
BitTorrent, it will go out on ports 6881 through 6899, but it looks for
inbound on 5000. With Mandrake 10 just out a little bit ago, you may be
seeing people hitting 5000 looking for it.

Are you running BitTorrent?


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
May 17, 2004 8:54:38 PM

Archived from groups: comp.security.firewalls (More info?)

In article <40abd31e.1055363@bart.spawar.mil>,
Bart Bailey <me2@privacy.net> wrote:
:In Message-ID:<c88b5e$oj5$01$1@news.t-online.com> posted on Sun, 16 May
:2004 14:16:58 -0400, UM wrote:
:
:>If you visit Zone Labs (ie. the maker of ZoneAlarm personal
:>firewall software) support site then be aware that they are
:>spreading spyware and virus via their web pages!
:
:Being poorly trained to resist such a tempting lure, I had to go take a
:p eek, and sure enough, just as I expected, nothing unusual happened.

Same here, nothing unusual. Windows crashed, my hard disk died after
emitting a horrific clanking sound, and my 120X CD-ROM drive started
spinning up and down playing the theme from the original Star Trek
series. A nearby Linux machine went into a tight loop contemplating its
kernel. (It later recovered, snuggled down with its source files, and
declared itself ready to do my every bidding if only I could work out
the correct syntax for making my request.)

Yup, nothing unusual. Perfectly routine.

(I really shouldn't drink beer this early in the day.)

--
Bob Nichols AT interaccess.com I am "rnichols"
Anonymous
May 18, 2004 11:18:15 AM

Archived from groups: comp.security.firewalls (More info?)

Robert Nichols wrote:

> Bart Bailey wrote:
> : UM wrote:

(snipped)

> :>If you visit Zone Labs (ie. the maker of ZoneAlarm personal
> :>firewall software) support site then be aware that they are
> :>spreading spyware and virus via their web pages!

> :Being poorly trained to resist such a tempting lure, I had to go take a
> :p eek, and sure enough, just as I expected, nothing unusual happened.

> Same here, nothing unusual. Windows crashed, my hard disk died after
> emitting a horrific clanking sound, and my 120X CD-ROM drive started
> spinning up and down playing the theme from the original Star Trek
> series. A nearby Linux machine went into a tight loop contemplating its
> kernel. (It later recovered, snuggled down with its source files, and
> declared itself ready to do my every bidding if only I could work out
> the correct syntax for making my request.)

Hmm, you are having much better luck than I. This morning,
the instant I clicked on my favorite link to Microsoft
downloads, my monitor blew up in my face. Very messy.

* spits glass shards *

Later I realized I forgot to load Zone Alarm.

I feel so stupid.


Purl Gurl
!