Results 1 to 6 of 6

Thread: Problem adding spysite to firewall block list

  1. #1
    whereswayno Guest

    Default Problem adding spysite to firewall block list

    Hi there,

    Tonight I discovered a spysite; I was redirected me from one place to http://antivirus-quickscan.com/360/1...php?sid=880460. I tried to add this website to Firewall:Zones as a blocked host/site, but ZoneAlarm fails to find it when looking it up. What do I do?

    Operating System:Windows XP Home Edition
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    naivemelody Guest

    Default Re: AntiVirus 360 malware/ scareware

    Click here > http://www.bleepingcomputer.com/malw...-antivirus-360
    .

    Message Edited by NaiveMelody on 12-21-2008 09:19 PM

  3. #3
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Problem adding spysite to firewall block list

    <blockquote><hr>whereswayno wrote:
    Hi there,

    Tonight I discovered a spysite; I was redirected me from one place to http://antivirus-quickscan.com/360/1...php?sid=880460. I tried to add this website to Firewall:Zones as a blocked host/site, but ZoneAlarm fails to find it when looking it up. What do I do?

    Operating System:
    Windows XP Home Edition
    Software Version:
    8.0
    Product Name:
    ZoneAlarm Internet Security Suite

    <hr></blockquote>


    When the ZA does the domain name lookup it does so by asking your own DNS servers which are used by your windows or system.
    If the name lookup failed for the IP lookup, it is because your own DNS server never gave the IP for the site involved.
    This can be a good thing as it would by default prevent you to visit the site.
    (unless of course you have the ZA blocked fom connecting your DNS server, and this would explain why there is no IP found by the ZA. Or any IP for that matter)

    This can be proved by opening the command and using the nslookup command (in windows itself) to determine the IP.
    Open the Run, type in "cmd" and ok the Run (without the quotation marks).
    Type in "nslookup" (without the quotation marks) to start, then make a space after this and then type in the full url like "http://antivirus-quickscan.com/360/1/en/_freescan.php?sid=880460" (without the quotation marks) or just the site url "antivirus-quickscan.com" (without the quotation marks). Then press the [Enter] key.
    There is an instant either the result or not (not I am guessing, as the ZA failed already).

    This is the result using DNS lookup for opendns.com (resolver1.opendns.com is 208.67.222.222 and resolver2.opendns.com is 208.67.220.220) which I use as my regular DNS server:

    Name: antivirus-quickscan.com
    Address: 89.149.217.194

    (or just type into the Run the nslookup, and in the command window then type in antivirus-quickscan.com and press Enter. I did this just now and I often do this is only doing a one url/ip lookup)


    Alternatively, there are many online tools to do IP lookups and find out info.
    LIke this one for example:

    http://network-tools.com/default.asp...-quickscan.com

    Online tools like these will also do Pings, tracerts for a second opinion other than your own ping and tracert (or even skip your ping and tracert efforts and just use the online sites for th pings and tracerts).

    LIke this in the command prompt:

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SkyRider>tracert antivirus-quickscan.com

    Tracing route to antivirus-quickscan.com [89.149.217.1]
    over a maximum of 30 hops:

    1 Transmit error: code 5.

    Trace complete.

    (ping is performed similar with "ping" and a space followed by the url, but pinging this site failed - something failed on my end, I suppose.)
    Also understand these tools from windows can be used to find the url for almost given IP.
    This can valuable at times too!

    Okay once you got the IP, now add the IP to the ZA Blocked Zone.

    Oldsod.
    Best regards.
    oldsod

  4. #4
    whereswayno Guest

    Default Re: Problem adding spysite to firewall block list


    <blockquote><hr>Oldsod wrote:
    <blockquote><hr>whereswayno wrote:
    Hi there,

    Tonight I discovered a spysite; I was redirected me from one place to http://antivirus-quickscan.com/360/1...php?sid=880460. I tried to add this website to Firewall:Zones as a blocked host/site, but ZoneAlarm fails to find it when looking it up. What do I do?

    Operating System:
    Windows XP Home Edition
    Software Version:
    8.0
    Product Name:
    ZoneAlarm Internet Security Suite

    <hr></blockquote>


    When the ZA does the domain name lookup it does so by asking your own DNS servers which are used by your windows or system.
    If the name lookup failed for the IP lookup, it is because your own DNS server never gave the IP for the site involved.
    This can be a good thing as it would by default prevent you to visit the site.
    (unless of course you have the ZA blocked fom connecting your DNS server, and this would explain why there is no IP found by the ZA. Or any IP for that matter)

    This can be proved by opening the command and using the nslookup command (in windows itself) to determine the IP.
    Open the Run, type in &quot;cmd&quot; and ok the Run (without the quotation marks).
    Type in &quot;nslookup&quot; (without the quotation marks) to start, then make a space after this and then type in the full url like &quot;http://antivirus-quickscan.com/360/1...d=880460&quot; (without the quotation marks) or just the site url &quot;antivirus-quickscan.com&quot; (without the quotation marks). Then press the [Enter] key.
    There is an instant either the result or not (not I am guessing, as the ZA failed already).

    This is the result using DNS lookup for opendns.com (resolver1.opendns.com is 208.67.222.222 and resolver2.opendns.com is 208.67.220.220) which I use as my regular DNS server:

    Name: antivirus-quickscan.com
    Address: 89.149.217.194

    (or just type into the Run the nslookup, and in the command window then type in antivirus-quickscan.com and press Enter. I did this just now and I often do this is only doing a one url/ip lookup)


    Alternatively, there are many online tools to do IP lookups and find out info.
    LIke this one for example:

    http://network-tools.com/default.asp...-quickscan.com

    Online tools like these will also do Pings, tracerts for a second opinion other than your own ping and tracert (or even skip your ping and tracert efforts and just use the online sites for th pings and tracerts).

    LIke this in the command prompt:

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SkyRider&gt;tracert antivirus-quickscan.com

    Tracing route to antivirus-quickscan.com [89.149.217.1]
    over a maximum of 30 hops:

    1 Transmit error: code 5.

    Trace complete.

    (ping is performed similar with &quot;ping&quot; and a space followed by the url, but pinging this site failed - something failed on my end, I suppose.)
    Also understand these tools from windows can be used to find the url for almost given IP.
    This can valuable at times too!

    Okay once you got the IP, now add the IP to the ZA Blocked Zone.

    Oldsod.
    <hr></blockquote>
    Wow! Thank you so much. This fixed the problem.

  5. #5
    Join Date
    Dec 2005
    Posts
    9,056

    Default AntiVirus 360 malware/ scareware

    Not neccessarily there is spyware/malware on the windows.
    Often a link in one site will redirect to another site - this is true with malicious sites too.

    Yes it is a rogue site as you point out.

    Yes I did go the site in question and it does get verified as a "remove-antivirus-360" site.
    But, most importantly, I visited the site using NO javascripts, allowed cookies, mime, vbs or other scripts, activeX, animated GIFs, Java, popups and pop-unders and so forth.
    Plus the IFrame is disabled or prevented in the browser itself (Iframes are allowed only on specific sites listed within the browser).
    This prevented any possibility of any infection from the site.
    Properly securing the browser (any browser for that matter. but Firefox and Opera and a little more safer out of the box than IE) will prevent these possible infections too.


    Often the trick used by malware participating sites is the site linked is not the site seen in the mouse over. I have seen this many times - you think it leads to a certain or specific site, but there is a hidden redirect to the bad site, giving you the wrong site (bad site).
    ( I often run on the dark side of the web - for practise and to learn new things.
    But I do it in a secure and safe manner - haven't been infected in years- so I must be doing things right).
    Very often rogue Iframes and javascripts are used for the "surprise" re-directs.

    Occasionally the site entered into the address bar itself results with a bad site - some IP redirect going to a "copied" IP (domain hijacking in a sense) or using empty IP spots as in Bogon IPs) or some parked domain or cyber squatting is often involved.

    Oldsod.

    Message Edited by Oldsod on 12-22-2008 12:07 AM
    Best regards.
    oldsod

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Problem adding spysite to firewall block list

    Also look at this thread called "what a fake site looks like" (just some other ideas):

    http://forum.zonelabs.org/zonelabs/b...ssage.id=18909

    Oldsod.

    Message Edited by Oldsod on 12-22-2008 02:49 AM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •