imesh and others broadcasting my ebay password! - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: imesh and others broadcasting my ebay password!

  1. #11
    Junior Member
    Join Date
    Jan 2004
    Posts
    4
    It would be nice if i could take a screen shot of it to show you, but i have written down the message and will try to relay it as best i can. The zone alarm message looks like this;



    ZONE ALARM ALERT

    do you want to allow a clear text password to be sent to 68.114.88.31 ?

    TECHNICAL INFORMATION

    Destination IP 68.114.88.31
    Application Imesh.exe
    Version 2.2.0.121

    MORE INFORMATION AVAILABLE

    imesh client for PC platforms is trying to send "ebay password" to 68.114.88.31





    the color of the text ZONE ALARM ALERT is in purple background. I am running Norton antivirus with autoprotect on. I updated last just yesterday. I have Spybot 1.2 and Ad-Aware and both of those are updated and just ran. I have not done a full system scan with norton though. I did notice something wierd the other day while imesh was running i noticed that my norton shut itself off and that worried me so i immediately rebooted. I may have gotten a virus then through one of the spyware programs i just removed with ad-aware. i just installled that this morning too and found 52 things. I will run a full scan while waiting for a reply from the rest of you. Thanks.
    blah

  2. #12
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Not sure why imesh is requesting your ebay password... but zone alarm has built in protection for this.

    In response to the rapidly growing number of incidents of online identity theft, "phishing," and other e-fraud exploits, Zone Labs has formed a Security Alliance Partner Program. The goal of the Security Alliance Partner Program is to combat electronic fraud and identity thieves through vendor cooperation in developing and distributing solutions that will protect the sensitive personal information required for online transactions.
    Through collaboration with leading internet retailers such as eBay, Amazon, and others, Zone Labs has developed a set of e-fraud protection features designed to reduce consumers' vulnerability to ecommerce fraud and identity theft. The combination of Zone Lab's myVault Lock box protection for sensitive personal information combined with fraud prevention features such as vendor-specific IP verification ensures that users are alerted when sensitive information is being sent to unauthorized destinations.

    Security Alliance Partners participate in ongoing problem identification and solution design, and contribute specific vendor information in order to create powerful e-fraud protection solutions. Additionally, Zone Labs provides Security Alliance Partners with access to fraud reporting, a feature enabling users to escalate suspected vendor specific fraud events to a partner's fraud and abuse teams, enabling Security Alliance Partners to address fraudulent activity rapidly and efficiently.

    Please contact Zone Labs for more information about the Security Alliance Partner Program.
    http://www.knarf.ca/archives/000057.html

    If I were you, I'd do a packet sniff with something like ethereal to find out exactly what is trying to be sent.

    I couldn't find any info on imesh trying to send ebay passwords... just that zone alarm "protects it"... To me, it sounds like zone alarm is doing its job, and denying access.

    I'd still be a little concerned about using imesh though... seeing that it allows other users to request passwords for ebay accounts? That doesn't make sense to me... though, there are a lot of things that don't make sense to me....
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #13
    Junior Member
    Join Date
    Jan 2004
    Posts
    4
    what do i do with it (ethereal)? I mean is this supposed to reveal what is sending the pass or what. i dont understand how i use this to stop it from happening? That and i dont know how to use it in the first place. Where could my ebay password be stored? ill delete it. MY main objective is to kill the source of this and i dont care about my account i have already emailed them with a request to delete my files. Also whenever i send an email i get the same zone alert. it always sends to a different IP. So its not just imesh. Also the norton scan has revealed nothing.
    blah

  4. #14
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    It does a text search in all outgoing packets, as well as incoming. In the zone alarm settings you can also tell it Which sites are okay to use that information, which sites banned, and whether to notify your or block by default. So that options as to what site it hits on and what sites are allowed is 100% up to you. In the case of the ebay password, zonealarm knows by default to check the URL and an SSL connection because of the configuration they included into it, so it knows what is ebay and what isn't already Even then, you can fine tune and configure that.
    I use Zonealarm Pro and I have never had it ask for or makeuse of any password on my system (of course I don't use autocomplete passwords either??).
    Aeridyne, from what you posted :
    ZONE ALARM ALERT

    do you want to allow a clear text password to be sent to 68.114.88.31 ?

    TECHNICAL INFORMATION

    Destination IP 68.114.88.31
    Application Imesh.exe
    Version 2.2.0.121
    You Imesh. exe is the culprit. If you are not deeply in love with this program, I would suggest uninstalling it (delete that sucker). I don't trust most P2P transfer programs anyway, and this one seems intent of divulging your password in clear text. Your zonealarm is doing its job and alerting you to a possible problem, and that is very good. If you wished to not be bothered by the constant popup alerts you can check the box to always follow the same intruction (either allow or disallow) and thn it will just do such automatically and not alert you everytime. You can later change this rule in your options at a later time if you wish.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  5. #15
    Junior Member
    Join Date
    Jan 2004
    Posts
    4

    Exclamation

    well i would have just checked the box and forgot about it...but the option is grayed and not available. On top of that it is always sending it to a different IP. So even if i could wouldnt it just ask again because its a diff ip that its sending to? also keep in mind that my email does the same thing anytime i send an email, even when imesh is not running. I cant remember exactly what it says, but its essentially the same thing. And unfortunately i am in love with imesh. I dont know if deleting it would work anyway since my email does it too...?? Plz help.
    blah

  6. #16
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    pooh sun tzu, As long as your being technical, a packet sniffer is a piece of software that captures and dumps the content of packets like ethereal packetmon etc. A firewall is not a packet sniffer. It may use packet filtering but is not itself a packet sniffer. Packet filtering can be incorporated into packetsniffers to check for packets going to or coming from certain address or packets that contain certain strings, flags etc. and then dump only those or exclude them from the dump Your point is not taken.

    Aeridyne I have not used zone alarm for a while and did not know it scanned for given strings. That is pretty cool and does put a different slant on things. My apologies. Something that could do that would have a signiture in virus definitions. Unless its 0day and this, apparently has been going on for a while…which is why I asked what av you were using.

    Here’s a few possibles:

    http://www.esecurityplanet.com/alert...le.php/3290341

    (below) this one uses kazaa and emule to spread. This doesn’t mean you cant get it anyway. If you don’t have anti-virus software get it. If you do update your definitions and do a full scan (just went back and say you already did this)

    http://securityresponse.symantec.com...chnicaldetails
    When W32.HLLW.Cayam is executed, it does the following:
    1. Copies itself as
    · C:\Windows\Msfind32.exe
    · C:\eBayVerify.exe
    2. Adds the value:

    "MSFind32"="c:\windows\msfind32.exe"

    to the registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    RunOnce

    so that the worm runs when you start Windows.
    3. Copies itself as:
    · C:\Program Files\Kazaa\My Shared Folder\Mayacrack.exe
    · C:\Program Files\eMule\Incoming\3dsmaxcrack.exe

    so that the worm will spread using the Kazaa and eMule file-sharing networks.

    here is some info on 68.114.88.31:

    Query for 31.88.114.68.in-addr.arpa type=255 class=1
    31.88.114.68.in-addr.arpa PTR (Pointer) ip-pa-jtown-68-114-88-031.charterpa.com
    88.114.68.in-addr.arpa NS (Nameserver) ns01.charterpa.com
    88.114.68.in-addr.arpa NS (Nameserver) ns02.charterpa.com
    ns01.charterpa.com A (Address) 24.159.0.152
    ns02.charterpa.com A (Address) 24.197.32.29

    why its sending to all the others I don’t know.

    although imesh seems to be the cause its not built into the program to do this. after you clean your system you can download it again and re-install just make sure you keep you av up to date along with keeping your os patches current etc.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  7. #17
    Senior Member
    Join Date
    Jan 2004
    Posts
    124
    I don't trust P2P programs. It just bother me that I don't have apsolute control of my HDD content. Anyone can use my box as relay for any kind of files. Someone will say that you can turn off the file sharing. What is the point then? You just take, and don't give anything in return. And how to trust in content you get?
    For this particular case:
    Some viruses/troyans use other aplications to mask themselves. Aeridyne found some viruses on his box. Imesh is probably used by them to mask IP trafic. ZoneAlarm has option to check if application is changed. I strongly recommend turning on that option. Also, I recommend to deintstall Imesh, and to delete his folder... then install it again if you can't live without it.

    This is maybie not a must to do... but what is safe is safe...

    good luck
    Ikalo
    ------
    Make your knowledge your deadliest weapon.

  8. #18
    Senior Member
    Join Date
    Dec 2003
    Posts
    100
    I haven't touched a P2P client since Napster, I have found that IRC is increasing in the amount of high-speed users and has been such a weatlh of information and other activities.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides