Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
foxyfemfem
New Member
New Member


Joined: Dec 07, 2003
Posts: 22
Location: USA

PostPosted: Wed Jun 02, 2004 11:12 pm Reply with quote

You gave me more than a hard time, I was in tears you was so hard on me (giggling). Just kidding about the tears Laughing I guess you're not that bad of a guy, notice the word "guess" .. Laughing
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Wed Jun 02, 2004 11:39 pm Reply with quote

Want a second opinion? <MUHAHAHAHAHA>
 
View user's profile Send private message
corky
Regular
Regular


Joined: Feb 29, 2004
Posts: 63

PostPosted: Thu Jun 03, 2004 5:10 am Reply with quote

Hey guys, I downloaded Mikem Virus program, I couldn't get to the internet for an hour, I took it off then started right up
 
View user's profile Send private message
money
New Member
New Member


Joined: Aug 24, 2003
Posts: 11

PostPosted: Thu Jun 03, 2004 8:13 am Reply with quote

Quote:
From speedx: Money go back to school. If you read the posts you would understand what they are trying to say. They said NOW read carefully ok, that they used norton or other virus scanning program and did not find a trojan virus in the files.....

Don't act condescendingly to me speedx. Your one post above mine had nothing, nothing at all, in it on this thread's topic or the forum's topic. If mine is considered off-topic here, then someone please move it to wherever it fits better.

The part of Sentinel which causes the user's computer to malfunction is written in javascript and flash. Those files are downloaded on the user's computer and run inside his browser. PHP, CGI, and binary code is what executes on the server.

I had read their posts. To me whether an anti-virus software alerts is not as big of a deal as the legal issue because everyone here knows Sentinel contains malicious code which when triggered attacks a visitor. Frankly, all the anti-virus software should be issuing alerts not just the one mikem pointed out. Kapersky identified Sentinel's abuse.js file as being infected by a trojan. Only registered users can see links on this board! Get registered or login! and Sentinel's pc killer share similar behaviors. Both use javascript to cause the user's computer to malfunction. The former moves the window rapidly around the screen so the user cannot close it while the latter spawns off an infinite number of popups causing his PC to run out of memory and lock up. Both trap the ALT, F4, CTRL, and DEL keys.

Each malware has a unique set of bits called a signature. Developers try to obtain samples of the code or binaries to analyze their signatures and create definitions. The anti-virus software then uses these definitions to detect and identify malicious code. These products will not automatically recognize every new virus/trojan/etc hitting the street today or into the future. However, they will alert when a software's signature matches an already existing definition which was loaded. The reason why Kapersky alerts while others don't is due to the differences in the way they wrote their definition for Trojan.JS.Offiz. I bet Kapersky is only keying off the javascript trapping of ALT, F4, CTRL, and DEL keys (which is considered malicious) and the others either chose to be more specific or did not include this particular one. If someone sends a copy of Sentinel to the anti-virus companies, IMO they will add it to their detection because regardless of the developers' denial here, this script is a trojan.
 
View user's profile Send private message
money
PostPosted: Thu Jun 03, 2004 8:27 am Reply with quote

Quote:
To Money: I would rely on the answers of higher, corporate/industry standard virus checkers than that of new, false reading minors.

Quote:
money,
Put the doobie down. There is no trojan. KAV falsely reports it. There is nothing malicious. There is no hard drive crash. That is your ridiculous interpretation. "Whether you want to accept this labeling for your post is not important".


Sentinel has a very similar behavior to Only registered users can see links on this board! Get registered or login!. It's obvious we aren't going to agree on this. So, why not let the experts decide by giving a copy to the anti-virus companies. This will verify for sure whether your or my position is correct.

You may not consider spawning multiple popups on someone's PC as malicious, but regular visitors and the government do. A site owner cannot guarantee a visitor's hard drive won't crash because you have no idea what he is running which might conflict. Some here are pointing to other software that crash PCs. Those are not intentional by developers but inadvertently caused by software bugs or poorly written code. That is not illegal. The issue is intent to cause harm which is what your software was specifically written to do. As I already showed, this is against the law in the US. It may be in other countries.
 
Raven
PostPosted: Thu Jun 03, 2004 8:35 am Reply with quote

Money,

Your points are well articulated and taken. Yes, we do differ on opinion/interpretation. The fact that out of all the Major AV products, with the exception of this one (KAV), they do not see this JS/Flash as a virus, does speak volumes imo. Also, a virus is, by definition and acceptance, an INTENTIONALLY placed code to harm a network and/or PC. That is not why it was written nor is what it is in practice. Regardless, the code has been rewritten in v1.2 and does not cause this footprint.
 
xfsunolesphp
Regular
Regular


Joined: Aug 23, 2003
Posts: 77

PostPosted: Thu Jun 03, 2004 8:40 am Reply with quote

i check in Mcafee website, they said it's was a very low risk. they think trojan because Ctrl, Del, Escape, and Alt + F4 to popup an Java Script alert message.
 
View user's profile Send private message
Raven
PostPosted: Thu Jun 03, 2004 8:53 am Reply with quote

xfsunolesphp wrote:
i check in Mcafee website, they said it's was a very low risk. they think trojan because Ctrl, Del, Escape, and Alt + F4 to popup an Java Script alert message.
Also, see this post Only registered users can see links on this board! Get registered or login!
 
Raven
PostPosted: Thu Jun 03, 2004 9:50 am Reply with quote

I wanted to let all know that MikeM has altered his original New's item at NC that started this thread. Thank you Mike. Here is a copy of what MikeM now has as his News item
MikeM wrote:
Beware-Possible Virus in Sentinel™ package

More Information can be found Only registered users can see links on this board! Get registered or login!
The script possibly is being detected as a virus by some Virus scanners due to the nature of the script's function. The authors at Raven scripts are aware of this and are releasing a new version that will not set off this possible "false alarm" from certain virus scanners.
from Raven of ravenphpscripts:
"The fact that out of all the Major AV products, with the exception of this one (KAV), they do not see this JS/Flash as a virus, does speak volumes imo. Also, a virus is, by definition and acceptance, an INTENTIONALLY placed code to harm a network and/or PC. That is not why it was written nor is what it is in practice. Regardless, the code has been rewritten in v1.2 and does not cause this footprint."
 
squiresmk
Regular
Regular


Joined: May 31, 2004
Posts: 95
Location: NY

PostPosted: Thu Jun 03, 2004 12:14 pm Reply with quote

Finally, something smart on NC's part. Now wheres the apology?
 
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
foxyfemfem
PostPosted: Thu Jun 03, 2004 12:27 pm Reply with quote

v1.2?!?!? where? The only link I can find is v1.1 Has v1.2 been released or is it still in testing?
 
stephen2417
Worker
Worker


Joined: Jan 18, 2004
Posts: 244
Location: Bristolville, OH

PostPosted: Thu Jun 03, 2004 12:28 pm Reply with quote

Testing still...
 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Thu Jun 03, 2004 12:28 pm Reply with quote

burnwave:
This was Mike speaking for Mike, not NC Smile

Foxy:
Being tested Wink
 
spcdata
Regular
Regular


Joined: Jan 24, 2004
Posts: 81
Location: Sweden

PostPosted: Thu Jun 03, 2004 12:31 pm Reply with quote

I just can't understand the behaviour that some people have..... Confused Question

_________________
/spcdata 
View user's profile Send private message Send e-mail Visit poster's website
squiresmk
PostPosted: Thu Jun 03, 2004 5:00 pm Reply with quote

Oops, apologies Mike. Kudos to you Smile
 
drmike
Worker
Worker


Joined: Jul 15, 2004
Posts: 108
Location: Charlotte, NC

PostPosted: Thu Sep 09, 2004 6:29 am Reply with quote

burnwave wrote:
If IBM uses it, thats telling you something there Wink


*snicker*

funniest thing I've read all morning. Smile

-drmike

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website ICQ Number
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©