#33 ShockRave Worm Intrusion

open
nobody
None
7
2006-01-22
2005-09-03
Damian Parker
No

Yo!

Ive been using Dorgem for about 2 days now on Windows
XP. Tonight literally just a few minutes ago my Norton
Anti-Virus pops up and says its detected and blocked a
Internet Worm Intrusion attempt ShockRave something or
other and listed Dorgem as its gateway onto the machine.

Has this been heard of before?
Should we Dorgem users be worried?

Discussion

  • Damian Parker
    Damian Parker
    2005-09-03

    • summary: ShockWave Worm Intrusion --> ShockRave Worm Intrusion
     
  • Frank Fesevur
    Frank Fesevur
    2006-01-03

    Logged In: YES
    user_id=169016

    I assume this is a problem with Norton AV

     
  • Frank Fesevur
    Frank Fesevur
    2006-01-03

    • status: open --> closed-invalid
     
  • Damian Parker
    Damian Parker
    2006-01-03

    Logged In: YES
    user_id=458483

    Unfornately not, after reading through some other google
    results it seems there is a hole in this software. As its
    happened to numerous others.

    Fortunately for me Im back on Gentoo and have no need to use
    this.

    Norton detected the virus incoming, and listed Dorgem as its
    medium onto my system.

    Cheers

     
  • Frank Fesevur
    Frank Fesevur
    2006-01-04

    Logged In: YES
    user_id=169016

    Then I'll re-open it.

    When I google "shockrave dorgem" I don't get any hits, so
    could you provide some extra information.

     
  • Frank Fesevur
    Frank Fesevur
    2006-01-04

    • status: closed-invalid --> open
     
  • Damian Parker
    Damian Parker
    2006-01-20

    Logged In: YES
    user_id=458483

    Ok, Its taken a while to get a system re-loaded with Windows
    XP. We have Windows XP and Norton Anti-Virus 2005 using the
    latest updates. Bearing in mind this also happened
    previously with Norton 2003 on the original bug reporting.

    Security Rule: Default Block FTP99CMP Trojan Horse
    Date: 20/01/2006
    Time: 20:15
    Path: c:\Program Files\Dorgem\Dorgem.exe
    Filename: Dorgem
    Direction: Inbound
    Local Address: All local network adapters
    Local Port: 1492
    Protocol: TCP

    Dorgem is connected to a Creative Labs Webcam for Notebooks.
    FTP uploading to 192.168.10.1

     
  • Damian Parker
    Damian Parker
    2006-01-20

    • priority: 5 --> 7
     
  • Damian Parker
    Damian Parker
    2006-01-20

    Logged In: YES
    user_id=458483

    Just got another one up:

    Security Rule: Default Block SubSeven 2.1/2.2 Trojan Horse
    Date: 20/01/2006
    Time: 22:06
    Path: c:\program files\dorgem\dorgem.exe
    Filename: Dorgem
    Direction: inbound
    Local Address: All local network adaptors
    Local Port: 2774
    Protocol: TCP

     
  • Damian Parker
    Damian Parker
    2006-01-21

    Logged In: YES
    user_id=458483

    And another:

    Security Rule: Default Block SubSeven 2.1/2.2 Trojan Horse
    Date: 21/01/2006
    Time: 00:11
    Path: c:\program files\dorgem\dorgem.exe
    Filename: Dorgem
    Direction: inbound
    Local Address: All local network adaptors
    Local Port: 4267
    Protocol: TCP

     
  • Damian Parker
    Damian Parker
    2006-01-21

    Logged In: YES
    user_id=458483

    One more:

    Security Rule: Default Block Filenail Trojan Horse
    Date: 21/01/2006
    Time: 00:41
    Path: c:\program files\dorgem\dorgem.exe
    Filename: Dorgem
    Direction: inbound
    Local Address: All local network adaptors
    Local Port: 4567
    Protocol: TCP

     
  • Frank Fesevur
    Frank Fesevur
    2006-01-21

    Logged In: YES
    user_id=169016

    I assume you have the web server activated and available
    from the Internet. I don't see how FTP upload can be
    affected by this.

     
  • Damian Parker
    Damian Parker
    2006-01-21

    Logged In: YES
    user_id=458483

    Nope, the only modules active is FTP upload, and 2x Text
    Captions. machine is on a 192.168.10. IP assigned by DHCP.

     
  • Damian Parker
    Damian Parker
    2006-01-22

    Logged In: YES
    user_id=458483

    Security Rule: Default Block TransScout
    Date: 22/01/2006
    Time: 15:55
    Path: c:\program files\dorgem\dorgem.exe
    Filename: Dorgem
    Direction: inbound
    Local Address: All local network adaptors
    Local Port: 2001
    Protocol: TCP

     
  • Frank Fesevur
    Frank Fesevur
    2006-01-22

    • status: open --> pending
     
  • Damian Parker
    Damian Parker
    2006-01-22

    Logged In: YES
    user_id=458483

    Using your latest released code Dorgem Release 2.1.0

    Neither files exist, which I would hope so as Norton is the
    first thing I always install after any Windows installation.

    Also full system scans using Norton fully updated done
    reveal any nasties, also Spybot search & destory is in
    operation and working. I use Firefox to prevent the general
    junk that IE lets through.

    These popup however on basic XP + Norton + Dorgem, ever on a
    fresh reboot, when the machine is in use and when Im using
    my main Gentoo linux system.

     
  • Damian Parker
    Damian Parker
    2006-01-22

    • status: pending --> open
     
  • Frank Fesevur
    Frank Fesevur
    2006-01-23

    Logged In: YES
    user_id=169016

    I don't have Norton Anti-virus and there is no trail version
    available. So I don't have the resources to investigate this
    any further. I will post an item on my blog to see if anyone
    else can help.