Virus and Port Scan ????/

Someone who frequents this board and another DR board is very computer literate and knows how to invade a computer via port scan and how to access a persons hard drive, address book and the likes, It has happened to Andy (Samana.net)with the virus sent out to address' in his book and now a simple little post on the other board and the copies that were generated, likely from same IP address as mine. My fire wall was disengaged by a family member and bang. PROBLEMS!!
DON'T LET YOUR GUARD DOWN.

Make sure your virus software is updated and you are running a firewall, at all times.
I went down BIG time a few weeks ago opening an email from DR1 and thought it was a virus, symantec said yes it was a virus but was it attached to the email, ???? not likely I am now sure it was a port scan and invasion precisely when I opened the mail and had DR1 and Bravenet both still running in the background, a number of friends have reported that I sent them the same virus Andy received.
BEWARE: NEVER LET YOUR GUARD DOWN, KEEP ALL SOFTWARE UPDATED AND FIREWALL RUNNING AT ALL TIMES.

THANKS FOR READING
HLYWUD

Hlywud,
Although several people have questioned my suspicion that my computer was maliciously invaded and scanned, your report confirms my suspicions. If ANYONE should discover the IP/identity of the person responsible for these malicious attacks, please provide me with that information as Samana.Net will fully pursue this and prosecution will be forthcoming.
And I completely agree, everyone should install a firewall and keep it running at all times. Thanks again for providing me with the download information for ZA and I'm happy to report it's working. I'm amazed at how many times the alarm goes off and blocks an IP during the day. Some I know are harmless, but others,...?

Can one of you guys explain how to set that "tiny firewall" up correctly? I get all kinds of warnings but I don't know what is good and what is bad.

Thank you very much

John

Same problem for me. I don't know when I should or should not "allow local - allow internet" and "allow server local - allow server internet".

Here is a sample, you must allow your ISP whoever it is or you cannot connect. You should also allow your email program whatever it is Outlook Express, eudora, incredimail or whatever, Zone alarm has a built in email safe protection to quarantine bad scripts, just click on the box at bottom of security page. I also allow tsadbot and windows explorer and Napster and Imesh as I download a lot of music. Kind of feel it out you can change settings whenver you want and do not need to restart computer.
Alerts can be cleared and the alert log may also be cleared at any time.

It is amazing how many time it will alarm, you do not need to track each one but by clicking on more info it takes you to the walert page and you can do the whi is this search.
You will find all kinds of locations, Korea, Argentina. Brazil, California where Zone Alarm tracks to. I have also used Sam Spade to check out walert to see if they are correct and they are.
When Zone Alarm is running I feel much safer.
Ciao Andy

Hlywud

I feel for you guys, but after reading Andy's description of the events surrounding his attack, he was hit with nothing more than a common E-mail trojan horse. It was an E-mail virus. Serious yes, but not related to port scans. A trojan horse is a program that commits malicious activity, but is disguised as something else to get the user to run it.

He ran an unknown program that came as an E-mail attachment. This has nothing to do with port scans or attacks via IP addresses and Zone Alarm, Black Ice, etc. will NOT protect one from this type of attack unless it also contains code to automatically scan E-mail (I don't know if it does or not, but I don't think so since they are firewalls, not virus scanners). Any good virus scanning software would have prevented this attack since this was a known trojan horse virus.

One should never run an executable E-mail attachement from ANYBODY without at least doing a good virus scan on the attachment. I personally, won't run an executable attachment unless I ASKED for it. Also, there are certain types of scripts that will run on older versions of Outlook and Outlook express that can also give the receiver a virus even if they don't explicitly run the attachment. Upgrade to the latest version or download the patches that are available for from from www.Microsoft.com to avoid this problem and plug this security hole.

Jim,

Thanks for the further info, but I did not run an .exe attachment (like you, I NEVER open any attachment unless I am sure of it's contents).

I'm also running the latest version of OE along with ME 2000. I stay updated as much as possible.

From the replies I have recieved from people in my address book, I know someone got into my comp. I've run a Trojan Detector and it found nothing. I also checked my e-mail output through several other computers and my mails are clean. Because several different names were used in the From: section, it is highly suspected that this was malicious. We do know the computer they came from and they are being investigated by Codetel/Verizon.