OpenEuphoria

2. Re: ATTN: Eu community Esp. CoJaBo Re: What would you choose?

• Posted by CoJaBo <cojabo at suscom.net> Sep 04, 2004
• 481 views

William Heimbigner wrote:
> 
> 
> ----- Original Message -----
> From: "William Heimbigner" <icxcnika at hotpop.com>
> To: <EUforum at topica.com>
> Sent: Saturday, September 04, 2004 6:56 AM
> Subject: Re: Attn: CoJaBo What would you choose?
> 
> 
> > ----- Original Message -----
> > From: "CoJaBo" <guest at RapidEuphoria.com>
> > To: <EUforum at topica.com>
> > Sent: Friday, September 03, 2004 9:45 PM
> > Subject: Re: What would you choose?
> >
> >
> > > posted by: CoJaBo <cojabo at suscom.net>
> > >
> > > William Heimbigner wrote:
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "irv mullins" <guest at RapidEuphoria.com>
> > > > To: <EUforum at topica.com>
> > > > Sent: Friday, September 03, 2004 4:53 PM
> > > > Subject: What would you choose?
> > > >
> > > >
> > > > > posted by: irv mullins <irvm at ellijay.com>
> > > > >
> > > > >
> > > > > I may have an opportunity to set up a number of recycled pc's for
> > > > > local students who need, but can't afford, a computer.
> > > > >
> > > > > I thought I might include a CD with useful stuff. Firefox, of
> course,
> > to
> > > > > replace the evil IE, and a good, safe e-mail client instead of OE,
> and
> > > > > a free firewall.
> > > > >
> > > > > Anyone have suggestions for other things, including a list of
> > > > > Euphoria DOS and Windows stuff which might be useful?
> > > > >
> > > > My SySlaunch program would be useful! (Of course, I'm sure you already
> > had
> > > > that in mind    )
> > > >
> > > > <a
> >
> href="<a
> href="http://www.geocities.com/icxcnika123/syslaunch.zip">http://www.geocities.com/icxcnika123/syslaunch.zip</a>"><a
> href="http://www.geociti">http://www.geociti</a>
> > es.com/icxcnika123/syslaunch.zip</a> - btw, anyone else
> > > > reading this message, DONT get it from this link. Get it from the
> > euphoria
> > > > archive. Thx.
> > > Using a specialized web browser I discovered the site uses code
> > > similar to the "Nitrious" super-virus installer; this is reason enough
> > > for me to add that site to my blacklisted sites list.
> > > As of now I will not download any of your programs that use the site
> > > "<a
> > > href="http://www.downloadcounter.com">http://www.downloadcounter.com</a>".
> > Wha? I have no clue what you are talking about. Please explain. What is
> > Nitrious? What makes you think it has Nitrious code? Did a program tell
> you
> > this, or did you see the html code for yourself? I don't think anyone
> should

"Nitrious" is what I am calling a very powerful virus
(because the installer was in a popup ad at NITRIOUS.[can't remember].com/...),
I haven't seen anything like it in any virus discovered.
Some things it does are:
Downloads hundreds of adware, trojans, spy, etc programs
  (non IE browsers seem immune to this effect)
Starts popup windows that acces odd sites randomly(simple DDOS attack?)
  (This even works under Mozzila Firefox!)
Starts collecting data and uploading it (along with the
  programs it installed to do that)

Other suspicuicus things on downloadcounter:
Large number of redirects in popup ad code (like "Nitrious" does)
Excesive use of cookies
Odd binary data in headers(like "Nitrious" installer)
Off-screen popunder(used in the "Nitrious" installer)
Some HTML ode identical to Nitrous installer, mainly:

function GoHideMe(){
	self.blur();
	self.moveTo(10000,10000);
	self.resizeTo(1,1);
	self.blur();
  if (navigator.appName=="Netscape") {
if(window.opener){
window.opener.focus();
}
}
}
Identical down to the last letter...

Theese similarities are enoughf that I am not going to
risk using the downloadcounter links.

> > believe people that go stabbing around into thin air
> >  Explain what the $@&* you are talking about, and maybe I can do something
> > about it...
> >
> After pondering it a bit, i thought of another thing: People that 'overdo
> it' in their
> description such as '*specialized* web browser' and '*super-*virus'
My "specialized" web browser simply displays things like the page
header and HTML source without
proccesing it in any way.
 

> can't be
> trusted. Stabbing around and assuming I am trying to load this 
> 'super-virus'
> of
> yours onto people's computers without any explanation as to what makes you
> thinks this is rude, crude, stupid, mean, full of bs, etc. etc. etc. 
I never said you tried to do that.

> If you
> would actually
> be helpful, i.e. say something like 'Why is [name of your AV program]
> flagging
> [virus name] on this site? My [name of your so called specialized browser]
> sees
> [actual code in the web page]. I'm sorry I'm a bit cautious, but whats 
> going
> on?'
> Also, I 'googled' it, searching for "nitrious" OR "nitrous" AND 
> "virus". All
This is because that is the name I gave it. If it has even been
discovered, it wouldn't have the same name.


> of
> the results that came up had to do with th nitrous antivirus program.
> At this point, you leave me to think one of the following:
> A.)    You are lying for the purpose of bringing other people down because
> you
>      are not as good of a programmer.
Nope.

> B.)    You are <clears throat> on of the more 'mentally challenged' people
> in this
>      world and do not actually understand the situation.
Nope.

> C.)    You heard someone else getting a little suspicious about some other
>      program I wrote, and so assumed that all of my other programs are
> definately
>      malicious, just because one person suspected (falsely, but I must say
Are you talking about your ABC my ... programs?
I have used AbcMSM and was quite surprised at
how much faster the start menu loaded: about 2
seconds compared to almost a minuet before!

> with very
>      good reason) that one of my programs was dangerous.
I did not say that any program was harmful in any way,
it is the download counter that is the problem.


> D.)    You are bored and have nothing to do but write hate mail.
I have plenty of better things too do.

> E.)    You are using an anti-virus that is a piece of GUI &*#$ like 
> Kapersky
> or
>      AVG.

It isnt even detected by any virus scanner I know of.
I tried Norton(detect a virus installed by nitrious), 
McAfee(Nothing detected),
a few free ones(again nothing detected),
and some adware scanners(detected over 1000 adware, spyware, etc
on the first scan, but Nitrious remained and simply reinstalled them)


> F.)    You are using a fabulous anti-virus such as Norton but you have the
>      bloodhound heuristics cranked to maximum, thus risking false 
> positives.
Not even that could defeat(or even detect) the virus.


> G.)    I will not deny the possibility that there *is* a malicious 
> script on
>      the downloadcounter.com ws, but until you give more information, 
> there
>      is nothing i can do!!!
The script looked similar to one I saw in the Nitrous installer.
I am not taking any chances with what could be a virus that powerful.

> H.)    I beat you to a similiar program; and you are p.o.ed because now if
> you
>      post it it will look like you are ripping off of me.
Nope

> 
> So what is it? I would do SOMETHING about it in a heartbeat if you would
> not be so vague!
> 
> Sincerely,
>              William Heimbigner
> icxcnika at hotpop.com
> Visit the UBoard - Forceful Signups Removed! -
> <a href="http://uboard.proboards32.com">http://uboard.proboards32.com</a> -
> Threaded discussion, improved searching,
> human moderating, graphical smileys, better formatting abilities (now what
> else was there...)
> Visit my website: <a
> href="http://www.geocities.com/icxcnika123">http://www.geocities.com/icxcnika123</a>
> 
>