Sign up with Google
- Joined
- Jul 22, 2003
- Messages
- 66,740
-
Ask a question and get free supportUnlock new privileges and see hidden discussionsWin prizes and earn reputation
-
Question of the day ~ How often do you braai?
-
Afristay giveaway.Win a 2-night stay for two people at an establishment of your choice with R1,000 in spending money. Enter here.
“Severe network degradation” on iBurst network
- Thread starter rpm
- Start date
guest2013-1
guest
- Joined
- Aug 22, 2003
- Messages
- 19,800
Check them blame "abusers" for their problems again.
Also, FYI, the status page on iBurst only shows base station "up" based on if the radio array is functioning or not (that what connects you to the physical base station) and not the actual bandwidth allocated to you (or the status of the actual internet connection/network experience)
Also, FYI, the status page on iBurst only shows base station "up" based on if the radio array is functioning or not (that what connects you to the physical base station) and not the actual bandwidth allocated to you (or the status of the actual internet connection/network experience)
Simple Twist Of Fate
Senior Member
- Joined
- Dec 3, 2003
- Messages
- 705
My thoughts are that it would be more effective to have a non-payment action .
I propose that all Ibursters should send a "refusal to pay" fax to WBS offices, until such time as they re-write their AUP and gives us back what we expect.
Lets have a complete "synergy" in protest to WBS mushroom fertilizer policies and draconian-hitler-nazi like rules.
I propose that all Ibursters should send a "refusal to pay" fax to WBS offices, until such time as they re-write their AUP and gives us back what we expect.
Lets have a complete "synergy" in protest to WBS mushroom fertilizer policies and draconian-hitler-nazi like rules.
- Joined
- Nov 8, 2004
- Messages
- 14,805
Great article thanks Cara as well as RPM for running with it 
.
It's time that WBS realized that MyADSL is also a news site, and that continual iBurst problems will reach the press and be reported to WBS' potential iBurst customers - perhaps that will give WBS some incentive to actually stabilise & sort out their iBurst network and upstream bandwidth supply issues...sad that once again WBS' head was too far burried in the sand & not available for comment...well WBS' butt is still available for a kicking.
.It's time that WBS realized that MyADSL is also a news site, and that continual iBurst problems will reach the press and be reported to WBS' potential iBurst customers - perhaps that will give WBS some incentive to actually stabilise & sort out their iBurst network and upstream bandwidth supply issues...sad that once again WBS' head was too far burried in the sand & not available for comment...well WBS' butt is still available for a kicking
.Simple Twist Of Fate
Senior Member
- Joined
- Dec 3, 2003
- Messages
- 705
Virus Alerts [Panda Software reports one of the most complex organized attack
Maybe this is what the "Upstream Provider" calls a gremlin???
-Panda Software reports one of the most complex organized attacks ever-
Virus Alerts, by Panda Software (http://www.pandasoftware.com)
Madrid, August 12 2005 - PandaLabs has reported a sophisticated 'chain'
attack, perpetrated through the SpamNet.A Trojan, discovered on a web
page hosted on a server in the USA, with a domain registered from an
address in Moscow. The attack is highly complex, using a tree structure
to infect with up to 19 species of malware. Its principal goal is to
send out junk mail, and, by using this complex structure, has so far
compiled more than 3 million email addresses worldwide. Panda Software
has contacted the companies that host the files and web pages that are
the main part of this organized attack.
The infection chain begins when a user visits the web page mentioned
above. This web page uses the Iframe tag to try to open two new pages.
This initiates two parallel processes, each one associated to one of the
two pages:
1. When the first of the two pages opens, it in turn opens six
other pages, which redirect the user to several pages with pornographic
content. It also directs the user to a seventh page, which starts the
principal attack process. This page exploits two possible
vulnerabilities to carry out its actions: Ani/anr and Htmredir. In any
event, if the attack is successful, it installs and executes one of two
identical files -Web.exe or Win32.exe, on the computer.
When run, these files create seven files on the computer, one of which
is a copy of itself. The other six are as follows:
a. The first two are binarily identical copies of Downloader.DQY,
and both create a file called svchost.exe in the operating system, which
is really Downloader.DQW. This registers as a system service that tries
to download and run files every ten minutes from four different web
addresses, two of which were not available at time of writing, and the
other two are:
i. The Multidropper.ARW Trojan
ii. The Sapilayr.A trojan
b. The third of the six files is Adware/SpySheriff
c. The fourth is the Downloader.DYB Trojan, which tries to find
the computer ID. If the computer is in the UK, it downloads and runs
Dialer.CHG. If it is not in the UK, it downloads another file identified
as Dialer.CBZ. These types of files redirect users dial-up connections
to premium-rate numbers.
d. The fifth, Downloader.CRY, creates two files. The first of
these, svchost.exe, is created in c:\windows\system. The second has been
identified as Lowzones.FO.
e. The sixth, Downloader.EBY, creates, in turn, another six files:
i. The first is the Downloader.DLH Trojan which uses an another
application to compile email addresses and sent them to remote address
via FTP. At time of writing, it had compiled 3 million addresses.
ii. The second, the Agent.EY Trojan, installs itself on the system
and runs on every startup, visiting a web page which could be used to
compile the IPs of the computers affected, thus providing statistical
information about the infections.
iii. The third, Clicker.HA, waits ten minutes after executing and
then opens a pornographic web page every 40 seconds.
iv. The fourth is Dialer.CBZ
v. The fifth is Adware/Adsmart
vi. The sixth, the Downloader.DSV Trojan downloads the backdoor
Trojan Galapoper.C from a certain address. Galapoper.C carries out the
main purpose of the attack: sending spam. It checks if there is an open
Internet connection and, if there is, visits three web pages specified
in its code and depending on the computer infected, downloads a file.
This enables personalized attacks, and can even contain other
instructions or updates for the backdoor Trojan.
Galapoper.C also opens a principal thread and two secondary ones: in the
first it periodically checks the availability of content on the three
pages mentioned above. It uses the secondary ones to send spam (from the
infected computer) and compile information from the server (email
addresses, subject, message texts) for the spam messages, every 10
minutes or every time it sends 70,000 spam mails.
2. The second of the pages redirects the user to another, which
tries to use the ByteVerify vulnerability to execute a file located on a
URL. It also invokes a new page using an HTML tag, which was not
available at time of writing.
It also opens another page, whose code is masked by a Javascript
function, which uses the ADODB.Stream function to overwrite Windows
Media Player using a file located on another page.
The complexity of this attack is virtually unprecedented. As Luis
Corrons, director of PandaLabs, explains, "This attack is far more
elaborate than usual. Users of TruPreventTM Technologies have been
protected from the outset, but this is one of the most complex organized
attacks that we have ever witnessed at PandaLabs. The fact that more
than 3 million addresses have been compiled to send spam to is an
indication of the success the creator of this attack is enjoying. As is
frequently the case with attacks nowadays, financial gain is the primary
motive, over and above notoriety, and spam is one of the chief sources
of income for malware creators." By way of advice, Corrons points out,
"In addition to having an antivirus solution, users need to ensure their
systems are updated, as the success of SpamNet.A depends largely on
vulnerability exploits".
Maybe this is what the "Upstream Provider" calls a gremlin???
-Panda Software reports one of the most complex organized attacks ever-
Virus Alerts, by Panda Software (http://www.pandasoftware.com)
Madrid, August 12 2005 - PandaLabs has reported a sophisticated 'chain'
attack, perpetrated through the SpamNet.A Trojan, discovered on a web
page hosted on a server in the USA, with a domain registered from an
address in Moscow. The attack is highly complex, using a tree structure
to infect with up to 19 species of malware. Its principal goal is to
send out junk mail, and, by using this complex structure, has so far
compiled more than 3 million email addresses worldwide. Panda Software
has contacted the companies that host the files and web pages that are
the main part of this organized attack.
The infection chain begins when a user visits the web page mentioned
above. This web page uses the Iframe tag to try to open two new pages.
This initiates two parallel processes, each one associated to one of the
two pages:
1. When the first of the two pages opens, it in turn opens six
other pages, which redirect the user to several pages with pornographic
content. It also directs the user to a seventh page, which starts the
principal attack process. This page exploits two possible
vulnerabilities to carry out its actions: Ani/anr and Htmredir. In any
event, if the attack is successful, it installs and executes one of two
identical files -Web.exe or Win32.exe, on the computer.
When run, these files create seven files on the computer, one of which
is a copy of itself. The other six are as follows:
a. The first two are binarily identical copies of Downloader.DQY,
and both create a file called svchost.exe in the operating system, which
is really Downloader.DQW. This registers as a system service that tries
to download and run files every ten minutes from four different web
addresses, two of which were not available at time of writing, and the
other two are:
i. The Multidropper.ARW Trojan
ii. The Sapilayr.A trojan
b. The third of the six files is Adware/SpySheriff
c. The fourth is the Downloader.DYB Trojan, which tries to find
the computer ID. If the computer is in the UK, it downloads and runs
Dialer.CHG. If it is not in the UK, it downloads another file identified
as Dialer.CBZ. These types of files redirect users dial-up connections
to premium-rate numbers.
d. The fifth, Downloader.CRY, creates two files. The first of
these, svchost.exe, is created in c:\windows\system. The second has been
identified as Lowzones.FO.
e. The sixth, Downloader.EBY, creates, in turn, another six files:
i. The first is the Downloader.DLH Trojan which uses an another
application to compile email addresses and sent them to remote address
via FTP. At time of writing, it had compiled 3 million addresses.
ii. The second, the Agent.EY Trojan, installs itself on the system
and runs on every startup, visiting a web page which could be used to
compile the IPs of the computers affected, thus providing statistical
information about the infections.
iii. The third, Clicker.HA, waits ten minutes after executing and
then opens a pornographic web page every 40 seconds.
iv. The fourth is Dialer.CBZ
v. The fifth is Adware/Adsmart
vi. The sixth, the Downloader.DSV Trojan downloads the backdoor
Trojan Galapoper.C from a certain address. Galapoper.C carries out the
main purpose of the attack: sending spam. It checks if there is an open
Internet connection and, if there is, visits three web pages specified
in its code and depending on the computer infected, downloads a file.
This enables personalized attacks, and can even contain other
instructions or updates for the backdoor Trojan.
Galapoper.C also opens a principal thread and two secondary ones: in the
first it periodically checks the availability of content on the three
pages mentioned above. It uses the secondary ones to send spam (from the
infected computer) and compile information from the server (email
addresses, subject, message texts) for the spam messages, every 10
minutes or every time it sends 70,000 spam mails.
2. The second of the pages redirects the user to another, which
tries to use the ByteVerify vulnerability to execute a file located on a
URL. It also invokes a new page using an HTML tag, which was not
available at time of writing.
It also opens another page, whose code is masked by a Javascript
function, which uses the ADODB.Stream function to overwrite Windows
Media Player using a file located on another page.
The complexity of this attack is virtually unprecedented. As Luis
Corrons, director of PandaLabs, explains, "This attack is far more
elaborate than usual. Users of TruPreventTM Technologies have been
protected from the outset, but this is one of the most complex organized
attacks that we have ever witnessed at PandaLabs. The fact that more
than 3 million addresses have been compiled to send spam to is an
indication of the success the creator of this attack is enjoying. As is
frequently the case with attacks nowadays, financial gain is the primary
motive, over and above notoriety, and spam is one of the chief sources
of income for malware creators." By way of advice, Corrons points out,
"In addition to having an antivirus solution, users need to ensure their
systems are updated, as the success of SpamNet.A depends largely on
vulnerability exploits".