[RTTY] FW: QRZ.com virus

[David Levine]

I'm pasting the last paragraph of my reply here in case folks read just the
1st paragraph before they delete the post:

For all you folks that are other reflectors, I consider this nothing more
than what appears to be nearly monthly reports we get from someone
downloading the latest N1MM or some other program "Z" and their AV telling
them it was infected when it wasn't. I'm sure you are on lists like I am
and see this reported multiple times a month. Imagine if no one downloaded
those programs because 1 or 2 people reported they were infected when they
weren't? That's what this seems to be.

The article referenced is almost 2 years old. Also, your (K5WW) email is
live.com - a Microsoft domain. Seems odd you'd be using Microsoft email (no
matter if you've had it for the short time before MS bought Hotmail) when
theresponse seemed so against Microsoft as a solution. I'm sure you can
find "experts" saying anything, though a lot of these folks are expert
journalists which doesn't qualify them as experts in the field of
virus/malware such as the "expert" that wrote that article from early 2010.

I have friends(?) and relatives drop off their PCs way too often. I've come
home from work and there were multiple computers waiting for me to do
something about them. As I moved people to Chrome/FF away from IE as well
as install AVG (especially vs Mcafee or Norton), those same people don't
typically (some due especially those that download a lot) return there
computers to me. There has never been a case where someone received a virus
on the computer they gave me without doing something - downloading and
installing something infected or clicking on a pop-up. I always ask and
they tell me the truth.

What I'm trying to make a point of here is that the viruses people have
described, though none seem to have provided useful details, are ones I've
run across that require an action to be taken. They are also ones that
don't immediately display when you visit a site that caused the infection.
It would occur on page views AFTER you were already infected.

There were also a multiple reports (Scott being one) that people reported
having been infected, cleaning it from his computer, and *then* seeing the
malware when visiting QRZ and making the connection, incorrectly as far as
I'm concerned, that QRZ is the cause when there's nothing proving it. This
is especially true if someone is already reporting they were knowingly
infected (cleaned or not) before visiting the site. I've cleaned many
computers where it takes multiple attempts to clean and depending on what
is infected you wouldn't always see it. That is especially true IE isn't
your primary browser and it is only used in embedded applications.

QRZ has 10's of thousands of visitors a day. If there was a virus from an
ad or anything else on that site it would be impacting a huge base of hams
and they'd be talking about it, not a couple of hams on a reflector.

To blame QRZ without any proof (and I've yet seen any) isn't fair. I have
no vested interest in QRZ other than I'm a satisfied paid user of the
site. I'm sure the reflector probably doesn't care much about this and I'll
let it go, but it really bothers me that QRZ's reputation could be
tarnished because of this with a statement like Scott's that he's never
going back to QRZ.

For all you folks that are other reflectors, I consider this nothing more
than what appears to be nearly monthly reports we get from someone
downloading the latest N1MM or some other program "Z" and their AV telling
them it was infected when it wasn't. I'm sure you are on lists like I am
and see this reported multiple times a month. Imagine if no one downloaded
those programs because 1 or 2 people reported they were infected when they
weren't? That's what this seems to be.

73 & Happy New Year!
K2DSL - David


On Sat, Dec 31, 2011 at 1:47 AM, G. E. Janssens - K5WW <k5ww at live.com>wrote:

>
> Unfortunately David, that statement is "not 100 percent" true. You don't
> have to believe me, but read this
> http://news.cnet.com/8301-27080_3-20000898-245.html and kindly scroll
> down to the seventh paragraph, to read what the experts say. It's the first
> one I could find in a hurry; but there are many others out there that will
> tell you the same. In short: you don't have to click on anything to get
> infected. I clean up PCs like this on an almost daily basis, from customers
> who swear on their mother's grave that they never clicked on anything. And
> I know they're speaking the truth.
>
> It's not as simple and straightforward as you think it is. Hackers, in
> many situations, can alter an ad's code, and - simply by displaying the
> (altered) ad on your screen - have that download malware on your PC. And
> QRZ.com and others may never be the wiser; because the best of those crooks
> have a way of covering their tracks. They are "here today, gone tomorrow".
>
> Worse: the code can be split up in different segments, and doesn't have to
> come from ONE site. There are cases in which they break up their malicious
> code, hide one part in one ad, and another part in a second ad, and so on,
> on totally different websites. You could be visiting Google search one day,
> and a week later pick up the remainder of the code on eBay (just an
> example, I know Google and eBay have teams to check for those attacks).
> After that - you're screwed. These suckers are getting smarter, yes.
>
> I run my amateur radio applications on a Windows desktop, because I have
> no other choice. Everything else (90 percent of my email, and all of my web
> browsing) runs on a Ubuntu laptop. Not that Linux won't be infested with
> virusses, a few (!) years from now; but for now it's the safest thing to do.
>
> If you want a virtually headache-free internet experience then by all
> means switch to an operating system that is not so virus-inviting. And if
> you want a totally headache-free internet experience... then stay off of
> the internet!
>
> And another word to the wise: services and programs such as Adblock Plus
> only work because they detect the ad's code. That means the ad's code is
> ran first. Then intercepted. It's only a matter of time before those
> services/programs get bypassed. Don't trust them with your life: the
> scammers will always be one step ahead of the counter-scammers - if not
> more.
>
> 73,
>
> Erik - K5WW
>
>