WARNING: Zone Labs web sites spread virus and spyware!

Archived from groups: comp.security.firewalls (More info?)

If you visit Zone Labs (ie. the maker of ZoneAlarm personal
firewall software) support site then be aware that they are
spreading spyware and virus via their web pages!
You can confirm this here: http://forums.zonelabs.com/zonelabs
Your machine will be attacked by hidden links and adresses on
their web pages. For example the following adresses will
endlessly try to contact your PC in hope to find a security hole
while you are on their web pages:
213.61.6.*
80.15.238.*
download.zonelabs.com (a fake adress; has nothing to do with downloads)
65.200.195.*
62.214.9.*
212.187.169.*
195.22.198.79.*
....

The adresses are constantly changing (ie. a form of DDNS) to
make it hard for the people to filter them out. Many addresses
are tried in a round robin fashion in case users machine has one filtered out.

A shame for such a company, IMO a criminal act.
They first try to infect clueless peoples machines and later
try to sell them their security software.
I guess they call this "demand and support"..
8 answers Last reply
More about warning zone labs sites spread virus spyware
  1. Archived from groups: comp.security.firewalls (More info?)

    On Sun, 16 May 2004 14:16:58 -0400, UM spoketh

    >If you visit Zone Labs (ie. the maker of ZoneAlarm personal
    >firewall software) support site then be aware that they are
    >spreading spyware and virus via their web pages!

    Are you sure what you are seeing are related? I just spent 10-15 minutes
    in the ZoneAlarm forums, and I'm not seeing any increase in probes from
    anywhere...

    Lars M. Hansen
    www.hansenonline.net
    Remove "bad" from my e-mail address to contact me.
    "If you try to fail, and succeed, which have you done?"
  2. Archived from groups: comp.security.firewalls (More info?)

    On Sun, 16 May 2004 14:16:58 -0400, UM wrote:
    > If you visit Zone Labs (ie. the maker of ZoneAlarm personal
    > firewall software) support site then be aware that they are
    > spreading spyware and virus via their web pages!
    > You can confirm this here: http://forums.zonelabs.com/zonelabs

    I think I found the problem. Loose nut behind the keyboard. :)

    I clicked your link and my firewall, showed no activity.
    I think you may have see alot of virus probes right at the same time
    you clicked the url.

    I saw a lot of hits up to 12 noon, 4 hits until 1pm and 1 hit up to 2pm.
  3. Archived from groups: comp.security.firewalls (More info?)

    In article <slrncafepn.f4v.BitTwister@wb.home.invalid>
    Bit Twister <BitTwister@localhost.localdomain> wrote:
    >
    > On Sun, 16 May 2004 14:16:58 -0400, UM wrote:
    > > If you visit Zone Labs (ie. the maker of ZoneAlarm personal
    > > firewall software) support site then be aware that they are
    > > spreading spyware and virus via their web pages!
    > > You can confirm this here: http://forums.zonelabs.com/zonelabs
    >
    > I think I found the problem. Loose nut behind the keyboard. :)
    >
    Probably just another Zone Alarm hater who figures
    "I-hate-Zone-Alarm-and-therefore-any-lie-I-want-to-tell-about-
    Zone-Alarm-is-OK."

    -=-
    This message was posted via two or more anonymous remailing services.
  4. Archived from groups: comp.security.firewalls (More info?)

    >Probably just another Zone Alarm hater who figures
    >"I-hate-Zone-Alarm-and-therefore-any-lie-I-want-to-tell-about-
    >Zone-Alarm-is-OK."

    I thought that only happened with Microsoft.
    --
    Dave "Crash" Dummy - A weapon of mass destruction
    crash@gpick.com?subject=Techtalk (Do not alter!)
    http://lists.gpick.com
  5. Archived from groups: comp.security.firewalls (More info?)

    "Bit Twister" <BitTwister@localhost.localdomain> wrote in message
    news:slrncafepn.f4v.BitTwister@wb.home.invalid...
    > On Sun, 16 May 2004 14:16:58 -0400, UM wrote:
    > > If you visit Zone Labs (ie. the maker of ZoneAlarm personal
    > > firewall software) support site then be aware that they are
    > > spreading spyware and virus via their web pages!
    > > You can confirm this here: http://forums.zonelabs.com/zonelabs
    >
    > I think I found the problem. Loose nut behind the keyboard. :)
    >
    > I clicked your link and my firewall, showed no activity.
    > I think you may have see alot of virus probes right at the same time
    > you clicked the url.
    >
    > I saw a lot of hits up to 12 noon, 4 hits until 1pm and 1 hit up to
    2pm.

    Hi All, There has been unusual scanning activity today. My usual
    is under 80 per day lately. Today, since 1:00P.M., my ZAP log shows
    822 and counting. Dozens of hits on Port 5000, (UPnP port). I don't
    have it installed, and I've been on the Newsgroups off and on since
    then. Lots of worms looking for a home out there. Nothing to do with
    ZoneLabs Forums.

    charlie R
  6. Archived from groups: comp.security.firewalls (More info?)

    In article <c8986j$div$1@pscinews.psci.net>, welpctSKIPME@psci.net
    says...
    >
    > "Bit Twister" <BitTwister@localhost.localdomain> wrote in message
    > news:slrncafepn.f4v.BitTwister@wb.home.invalid...
    > > On Sun, 16 May 2004 14:16:58 -0400, UM wrote:
    > > > If you visit Zone Labs (ie. the maker of ZoneAlarm personal
    > > > firewall software) support site then be aware that they are
    > > > spreading spyware and virus via their web pages!
    > > > You can confirm this here: http://forums.zonelabs.com/zonelabs
    > >
    > > I think I found the problem. Loose nut behind the keyboard. :)
    > >
    > > I clicked your link and my firewall, showed no activity.
    > > I think you may have see alot of virus probes right at the same time
    > > you clicked the url.
    > >
    > > I saw a lot of hits up to 12 noon, 4 hits until 1pm and 1 hit up to
    > 2pm.
    >
    > Hi All, There has been unusual scanning activity today. My usual
    > is under 80 per day lately. Today, since 1:00P.M., my ZAP log shows
    > 822 and counting. Dozens of hits on Port 5000, (UPnP port). I don't
    > have it installed, and I've been on the Newsgroups off and on since
    > then. Lots of worms looking for a home out there. Nothing to do with
    > ZoneLabs Forums.

    Port 5000 is also "bittorrent" - it's a program that lets you download
    applications/data from lots of users at the same time. If you run
    BitTorrent, it will go out on ports 6881 through 6899, but it looks for
    inbound on 5000. With Mandrake 10 just out a little bit ago, you may be
    seeing people hitting 5000 looking for it.

    Are you running BitTorrent?


    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  7. Archived from groups: comp.security.firewalls (More info?)

    In article <40abd31e.1055363@bart.spawar.mil>,
    Bart Bailey <me2@privacy.net> wrote:
    :In Message-ID:<c88b5e$oj5$01$1@news.t-online.com> posted on Sun, 16 May
    :2004 14:16:58 -0400, UM wrote:
    :
    :>If you visit Zone Labs (ie. the maker of ZoneAlarm personal
    :>firewall software) support site then be aware that they are
    :>spreading spyware and virus via their web pages!
    :
    :Being poorly trained to resist such a tempting lure, I had to go take a
    :peek, and sure enough, just as I expected, nothing unusual happened.

    Same here, nothing unusual. Windows crashed, my hard disk died after
    emitting a horrific clanking sound, and my 120X CD-ROM drive started
    spinning up and down playing the theme from the original Star Trek
    series. A nearby Linux machine went into a tight loop contemplating its
    kernel. (It later recovered, snuggled down with its source files, and
    declared itself ready to do my every bidding if only I could work out
    the correct syntax for making my request.)

    Yup, nothing unusual. Perfectly routine.

    (I really shouldn't drink beer this early in the day.)

    --
    Bob Nichols AT interaccess.com I am "rnichols"
  8. Archived from groups: comp.security.firewalls (More info?)

    Robert Nichols wrote:

    > Bart Bailey wrote:
    > : UM wrote:

    (snipped)

    > :>If you visit Zone Labs (ie. the maker of ZoneAlarm personal
    > :>firewall software) support site then be aware that they are
    > :>spreading spyware and virus via their web pages!

    > :Being poorly trained to resist such a tempting lure, I had to go take a
    > :peek, and sure enough, just as I expected, nothing unusual happened.

    > Same here, nothing unusual. Windows crashed, my hard disk died after
    > emitting a horrific clanking sound, and my 120X CD-ROM drive started
    > spinning up and down playing the theme from the original Star Trek
    > series. A nearby Linux machine went into a tight loop contemplating its
    > kernel. (It later recovered, snuggled down with its source files, and
    > declared itself ready to do my every bidding if only I could work out
    > the correct syntax for making my request.)

    Hmm, you are having much better luck than I. This morning,
    the instant I clicked on my favorite link to Microsoft
    downloads, my monitor blew up in my face. Very messy.

    * spits glass shards *

    Later I realized I forgot to load Zone Alarm.

    I feel so stupid.


    Purl Gurl
Ask a new question

Read More

Firewalls Internet Explorer Spyware Networking