Re: winxp-antivir-on-line-scan - dslreports.com

			Search:
	login · register

	All Forums		Hot Topics		Gallery

how-to block ads

Forums » Up and Running » Security » Security » winxp-antivir-on-line-scan


Search Topic:	Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

Microsoft Security Bulletin Minor Revisions - Sept. 10 »
« Would you go with NOd32 3.0 over 2.7?

Author

All Replies

therube

join:2004-11-11
Randallstown, MD

reply to katarina
Re: winxp-antivir-on-line-scan

Why?

It is not Google, cause you can get the same results if you perform the search on Yahoo & open the site from there.

So if it is not Google & not Yahoo, then what?

And why is it that (sometimes) only the first time you attempt it, you are redirected.

davies has to be hacked, doesn't it?
Perhaps from a "gif"? Perhaps dealing with this line, onLoad="MM_preloadImages('images/sales_off-over.gif', ...

There are also various "MM" functions, like, function MM_preloadImages(). Their usage (in general, I don't know about on this site) appear legit.

That part of the code is run by JavaScript.

But you are redirected in SeaMonkey with NoScript blocking JavaScript, so that makes me believe it has something to do with the onLoad & a "gif"?

to forum · permalink ·

· 2008-09-07 23:32:43 ·

mysec
Premium
join:2005-11-29

said by therube

:

Yes, it can be exploited in other search engines. See

»clsc.net/research/google-302-page-hijack.htm

to forum · permalink ·

· 2008-09-07 23:43:34 ·

therube

join:2004-11-11
Randallstown, MD

edit:
September 8th, @12:36AM

reply to therube
Maybe someone can make sense of this.
And as I thought, you are going to davies, but then sent to malware site.

http://rds.yahoo.com/_ylt=A0geu5T2n8RIhxEAKJpXNyoA;_ylu=X3oDMTEzajlma2luBHNlYwNzcgRwb3MDMQRjb2xvA2FjMgR2dGlkA0RGRDVfMTMx/SIG=11om9p0p8/EXP=1220931958/**http%3a//davieshardware.com/index.html
 
GET /_ylt=A0geu5T2n8RIhxEAKJpXNyoA;_ylu=X3oDMTEzajlma2luBHNlYwNzcgRwb3MDMQRjb2xvA2FjMgR2dGlkA0RGRDVfMTMx/SIG=11om9p0p8/EXP=1220931958/**http%3a//davieshardware.com/index.html HTTP/1.1
Host: rds.yahoo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 SeaMonkey/1.1.12
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://search.yahoo.com/search;_ylt=A0geu71amcRIz.wAaKil87UF?p=davies+hardware&ei=UTF-8&iscqry=&fr=sfp
Cookie: YLS=v=1&p=0&n=0; PH=fn=CH7mzqunQWRt56e.Nok-&l=en-US; F=a=FQCDrdkMvTBrQGXXM0sXdCxdtTo2GS1zxHOAgQ0iVrQdfd1lU8uLnIEVdHLqHVnXab27zp2dwYpdNC N0sAqdd3OfnA--&b=SI_P; ystat_cn_bc=11752904991107379741; B=2ssp5cl42c4lq&b=4&d=4NxfvXtpYEIaqeg3pV90SL6ZhDEAMbmDu1skFFwlukNx&s=uo; PL=V=1.1&d=2Y7.G3_fGIM5CYSjL3dBf6R6Q3UtzuBBfSm2xL1IWjAGIbCD8puzvXyB1mPOdJdTrpiSpJM8wHh5ByFrsQ--; Y=v=1&n=f17cvluv5g8j3&l=i914diao/o&p=m1s0kkdb53020600&r=7d&lg=en-US&intl=us&np=1; T=z=QvywIBQDa1IBrLo0BQURj1IMTUzBk42Nk8yNDE2MA--&a=QAE&sk=DAAwvKfseiuizp&ks=EAAiPJHKS_djkTfz9k5BzjNZA--~A&d=c2wBTmpJMEFUa3hNVGcxTXpZeE53LS0BYQFRQUUBZwFOTTZPN0lLQ0JPU0NJRlZaRTVMS0g2V0sySQF0 aXABaWxla01DAXp6AVF2eXdJQkE3RQ--
 
HTTP/1.x 302 Found
Date: Mon, 08 Sep 2008 03:46:24 GMT
Cache-Control: private, max-age=0, no-cache
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Location: http://davieshardware.com/index.html
Connection: close
Content-Type: text/html; charset=utf-8
----------------------------------------------------------
http://davieshardware.com/index.html
 
GET /index.html HTTP/1.1
Host: davieshardware.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 SeaMonkey/1.1.12
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://search.yahoo.com/search;_ylt=A0geu71amcRIz.wAaKil87UF?p=davies+hardware&ei=UTF-8&iscqry=&fr=sfp
 
HTTP/1.x 302 Found
Date: Mon, 08 Sep 2008 03:46:24 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Server: Apache
Location: http://87.248.180.90/in.html?s=ipw2
----------------------------------------------------------
http://87.248.180.90/in.html?s=ipw2
 
GET /in.html?s=ipw2 HTTP/1.1
Host: 87.248.180.90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 SeaMonkey/1.1.12
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://search.yahoo.com/search;_ylt=A0geu71amcRIz.wAaKil87UF?p=davies+hardware&ei=UTF-8&iscqry=&fr=sfp
Cookie: visited=3
 
HTTP/1.x 302 Found
Date: Mon, 08 Sep 2008 03:49:39 GMT
Server: Apache/1.3.39 (Unix) PHP/5.2.5 with Suhosin-Patch
X-Powered-By: PHP/5.2.5
Set-Cookie: visited=4
Location: http://winxp-antivir-on-line-scan.com/1/?id=20586
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
----------------------------------------------------------
http://winxp-antivir-on-line-scan.com/1/?id=20586
 
GET /1/?id=20586 HTTP/1.1
Host: winxp-antivir-on-line-scan.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 SeaMonkey/1.1.12
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://search.yahoo.com/search;_ylt=A0geu71amcRIz.wAaKil87UF?p=davies+hardware&ei=UTF-8&iscqry=&fr=sfp
Cookie: PHPSESSID=9c61627a737dfb6c3e220bbf40bab6fd
 
HTTP/1.x 200 OK
Date: Mon, 08 Sep 2008 03:46:27 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.6
X-Powered-By: PHP/5.2.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
----------------------------------------------------------

to forum · permalink ·

· 2008-09-07 23:49:25 ·

Its a Secret
Rabidly yours
Premium
join:2008-02-23
Kelowna, BC

·Shaw

edit:
September 8th, @12:02AM

It looks to me like the referrer link has been encrypted/ scrambled so you can't see where it's pointed to. I may be wrong, but I don't think so.

Opinions on this?

PS - I used to use code like this to protect my private js from being nicked.
--
"In the future, that which is not mandatory will be illegal"

to forum · permalink ·

· 2008-09-07 23:59:44 ·

therube

join:2004-11-11
Randallstown, MD

reply to mysec
I'm not finished reading it yet, but it appears that we should see discrepancy in the listed search engine (green) URL & the actual website URL? But in this case, they are the same?

to forum · permalink ·

· 2008-09-08 00:08:29 ·

therube

join:2004-11-11
Randallstown, MD

edit:
September 8th, @12:28AM

Ok, looks like it is going to be related to the search engine?

I manually open up davies.
I click the Product Line link, the & product.html page opens.

I manually open up davies.
I manually change the URL line to read davies/product.html (but do not press return).
I spoof the referrer to, »search.yahoo.com/.
The malware page opens.

Note that many times, after first doing this, it is not repeatable.

to forum · permalink ·

· 2008-09-08 00:26:55 ·

therube

join:2004-11-11
Randallstown, MD

edit:
September 8th, @12:56AM

»www.msn.com/ works to.

So by using a spoofer, simply by setting the URL & the Referrer, I can get the malware site to load.

http://www.davieshardware.com/sales.html
 
GET /sales.html HTTP/1.1
Host: www.davieshardware.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 SeaMonkey/1.1.12
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.msn.com/
 
HTTP/1.x 302 Found
Date: Mon, 08 Sep 2008 04:33:17 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Server: Apache
Location: http://87.248.180.90/in.html?s=ipw2
----------------------------------------------------------
http://87.248.180.90/in.html?s=ipw2
 
GET /in.html?s=ipw2 HTTP/1.1
Host: 87.248.180.90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 SeaMonkey/1.1.12
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.msn.com/
Cookie: visited=16
 
HTTP/1.x 302 Found
Date: Mon, 08 Sep 2008 04:36:29 GMT
Server: Apache/1.3.39 (Unix) PHP/5.2.5 with Suhosin-Patch
X-Powered-By: PHP/5.2.5
Set-Cookie: visited=17
Location: http://winxp-antivir-on-line-scan.com/1/?id=20586
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
----------------------------------------------------------
http://winxp-antivir-on-line-scan.com/1/?id=20586
 
GET /1/?id=20586 HTTP/1.1
Host: winxp-antivir-on-line-scan.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 SeaMonkey/1.1.12
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.msn.com/
Cookie: PHPSESSID=9c61627a737dfb6c3e220bbf40bab6fd
 
HTTP/1.x 200 OK
Date: Mon, 08 Sep 2008 04:33:18 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.6
X-Powered-By: PHP/5.2.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
----------------------------------------------------------

I've tried a number of other "likely" search engines as the referrer (including www.live.com & ask.com) but only Google, Yahoo, & MSN seem to make it click.

Now, mysec's link mentions 302's & so do my captures, HTTP/1.x 302 Found.

Note that /cache/ or cookies may have an affect on what you see or don't see. Like if a page is in /cache/ & I resend the spoof, I can't capture it again, until I clear /cache/.

(I see a "koma3504" to the left of this post. Does anyone else? What does it mean?)

to forum · permalink ·

· 2008-09-08 00:36:46 ·

mysec
Premium
join:2005-11-29

reply to therube

said by therube

:

Maybe someone can make sense of this.
And as I thought, you are going to davies, but then sent to malware site.

Yes, just like the old Google exploit. Here are the firewall alerts:

First, to google search:

Then clicking on the link to davieshardware.com:

Then a page 302 error redirects to the site that calls out for the WinAntiVir files. From therube's code:

hxxp://87.248.180.90/in.html?s=ipw2

WhoIS:

said by Its a Secret

:

It looks to me like the referrer link has been encrypted/ scrambled so you can't see where it's pointed to. I may be wrong, but I don't think so.

Probably - I don't see a URL in therube's code but the firewall shows:

WhoIS:

Not much info - can someone else search for this?

Now we are at the cleverest part of the exploit because no html page is cached in IE. (I cannot get the exploit to run in Opera).

Only the .gif files and the .js files are cached which do the work:

If you look at the screen after everything is loaded, it is a series of .gif files but no html file and no source code.

But if I load directly into the browser:

hxxp://87.248.180.90/in.html?s=ipw2

I get the the html file and can watch the code loading everything (thanks therube for getting that URL):

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2"><title>Windows Antivirus</title>
<script>var mw_texts = new Array();</script>
<script>var install_link = 'http://soft-upgrade-network.com/antivirus.v.1.0.20586.exe';</script>
<script language="javascript" src="images/brand_co.js"></script>
<script language="javascript" src="images/mouse_te.js"></script>
<link href="images/pre_load.css" rel="stylesheet" type="text/css">
 <script language=javascript>if(self.parent.frames.length!=0){self.parent.location=document.location}</script><script language=javascript>window.moveTo(0, 0); window.resizeTo(screen.availWidth, screen.availHeight);</script> <link href="images/window00.css" rel="stylesheet" type="text/css">
<link href="images/this_lan.css" rel="stylesheet" type="text/css">
<link href="images/translat.css" rel="stylesheet" type="text/css">
</head>
<body>
 
<div id="preloader"></div>
<script language="javascript" src="images/mouse_bl.js"></script>
<div class="mw_final_win" id="mw_results_window">
<a class="mw_final_res" href="javascript:install_begun();"></a>
</div>
 
<div class="mw_window" id="mw_main_win">
<div class="mw_win_body">

<div class="mw_window_plaz">
 
<div class="mw_search_left_panel">
<a href="javascript:install_begun();" class="mw_security_panel"></a>
</div>

 
<div class="mw_window_body">
 
<div id="mw_disk_c" class="mw_wi_disk mw_hd_disk"><span class="mw_name"><span class="local_c"></span></span><span id="mw_err_1" class="mw_error"><span class="hardw_error"></span></span></div>
<div id="mw_disk_d" class="mw_wi_disk mw_hd_disk"><span class="mw_name"><span class="local_d"></span></span><span id="mw_err_2" class="mw_error"><span class="hardw_error"></span></span></div>
<div id="mw_disk_dvd" class="mw_wi_disk mw_dvd_disk"><span class="mw_name"><span class="local_dvd"></span></span></div>
<div id="mw_disk_fldr" class="mw_wi_disk mw_folder_disk"><span class="mw_name"><span class="shared"></span></span><span id="mw_err_3" class="mw_error"><span class="sec_thr"></span></span></div>
 
<br><br><br><br><br><br><br><hr color="#CCCCCC" size="1"><br><br><br><br><br><br><hr color="#CCCCCC" size="1">
 
<div class="mw_disclaimer"><span class="secr_thr_fndd"></span></div>
 
<div class="mw_progress_bar">
<span class="mw_status" id="mw_status"></span>
<div class="pb_decor"><div class="decor_lp"></div><div class="decor_rp"></div><div id="mw_progress_bar"></div></div>
<A id="mw_cncl_but" class="mw_cancel" href="javascript:install_begun();"></A>
                                <div id="simulation_1"><span class="simulation_qts"></span></div>
</div>
<div class="mw_display_filename">
<span class="mw_status"><span class="object"></span></span>
<span class="mw_filename" id="mw_file_name"></span>
</div>
 
<div class="mw_test_results" id="mw_inwin_results"><div class="mw_test_rez_decor"><div class="mw_res_rtc"></div>
<div class="mw_header_f_res"><span class="hrdw_n_sec"></span></div>
<a class="mw_remove_button" href="http://soft-upgrade-network.com/antivirus.v.1.0.20586.exe"></a>
<div class="mw_res_pads">
<span class="mw_res_hdr"><span class="hrdw_errors"></span></span>
<div class="mw_res_text"><span class="perfomance_usw"></span></div>
</div></div>
 
  </div>
</div>

</div>
 
</div>
</body>
<script language="javascript" src="images/unic_scr.js"></script>
<script language="javascript" src="images/text_con.js"></script>
<script language="javascript" src="images/file_nam.js"></script>
<script language="javascript" src="images/domFunct.js"></script>
<script language="javascript" src="images/startaft.js"></script>
</html>

Now, can someone explain how these images are loaded onto my browser screen and there is no html file cached?

---

to forum · permalink ·

· 2008-09-08 00:54:46 ·

Its a Secret
Rabidly yours
Premium
join:2008-02-23
Kelowna, BC

·Shaw

said by mysec

:

Now, can someone explain how these images are loaded onto my browser screen and there is no html file cached?

It may be here in the code:
HTTP/1.x 200 OK
Date: Mon, 08 Sep 2008 03:46:27 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.6
X-Powered-By: PHP/5.2.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
----------------------------------------------------------
--
"In the future, that which is not mandatory will be illegal"

to forum · permalink ·

· 2008-09-08 01:01:34 ·

mysec
Premium
join:2005-11-29

Thanks -- very clever in covering tracks, don't you think?

Another thing - why doesn't the last URL 66.232.126.192 appear in that code?

---

to forum · permalink ·

· 2008-09-08 01:09:40 ·

Its a Secret
Rabidly yours
Premium
join:2008-02-23
Kelowna, BC

·Shaw

edit:
September 8th, @01:21AM

said by mysec

:

Another thing - why doesn't the last URL 66.232.126.192 appear in that code?

Maybe why? It looks like it self-refers to the doc (page) in question...maybe?

if(self.parent.frames.length!=0){self.parent.location=document.location}

--
"In the future, that which is not mandatory will be illegal"

to forum · permalink ·

· 2008-09-08 01:19:08 ·

therube

join:2004-11-11
Randallstown, MD

edit:
September 8th, @01:21AM

reply to mysec

Two shots, one direct, one spoofed.

to forum · permalink ·

· 2008-09-08 01:21:09 ·

mysec
Premium
join:2005-11-29

Can you explain more?

---

to forum · permalink ·

· 2008-09-08 01:24:48 ·

Its a Secret
Rabidly yours
Premium
join:2008-02-23
Kelowna, BC

·Shaw

edit:
September 8th, @01:37AM

The second and fourth jpg's show the 'GET' command, and I'd hazard that's where the breach happened. One and three hit the actual page.

FYI - It looks like jpg 2 shows a different response-head that may well point to the actual target in jpg 4.
--
"In the future, that which is not mandatory will be illegal"

to forum · permalink ·

· 2008-09-08 01:28:45 ·

jeno

@bellsouth.net

reply to mysec
Said by mysec:
"Another thing - why doesn't the last URL 66.232.126.192 appear in that code?"

This might help explain it...
»www.robtex.com/ip/66.232.126.192.html#a4

to forum · permalink · 2008-09-08 15:06:57 ·

therube

join:2004-11-11
Randallstown, MD

edit:
September 8th, @10:04PM

reply to mysec
At first I was going to say "explain more, what?".

I guess I could have explained more. I think I tried, but OFTEN the workings of this forum confuse me.

Anyhow, originally I was just going to describe the screenshots saying that they confirm what has been posted so far.

Further to that, & to explain a bit more ... I cleared my cache, & loaded davies directly - the 1st shot.

Note Data size: 9563, the size of the cached html file. And the response, 200 OK.

Cleared my cache again, but this time loaded davies, & also spoofed the referrer as msn.com - the 2nd shot.

This time Data size: 0, & the response, 302 Found. Not to mention the Location:.

to forum · permalink ·

· 2008-09-08 21:59:38 ·

papafz

@comcast.net

reply to therube
hey there... i am getting this on one of my client's sites. Going nuts trying to figure it out, but all of your observations about are exactly the same as mine (except i didnt get as far as u did in figuring out what caused it).

try searching for 'Kenny Meez'

If I go directly to KennyMeez.com i do not get the popup.. if i go from a Google result, i do but usually only the first time.

any help would be greatly appreciated.

to forum · permalink · 2008-09-08 23:11:16 ·

mysec
Premium
join:2005-11-29

It looks like the same exploit. Clearing the cache usually lets you connect a second time.

Contact the server which hosts the site.

---

to forum · permalink ·

· 2008-09-08 23:22:31 ·

Kayrac
Premium
join:2001-09-29
Lee, NH

reply to papafz

said by papafz :

hey there... i am getting this on one of my client's sites. Going nuts trying to figure it out, but all of your observations about are exactly the same as mine (except i didnt get as far as u did in figuring out what caused it).

try searching for 'Kenny Meez'

If I go directly to KennyMeez.com i do not get the popup.. if i go from a Google result, i do but usually only the first time.

any help would be greatly appreciated.

»www.google.com/search?hl=en&q=%2···aq=f&oq=

(thats a google link for the /in blahblah that the exploit uses) the first link is macafee site advisor, the second is this thread, the next are ways to fix it

happy hunting

-Brian

to forum · permalink ·

· 2008-09-09 06:03:10 ·

-

Topic: Follow · Sitemark · Mark Unread

Forums » Up and Running » Security » Security	Microsoft Security Bulletin Minor Revisions - Sept. 10 » « Would you go with NOd32 3.0 over 2.7?


Thursday, 08-Jan 13:58:55	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2009 dslreports.com. page compression OFF

Most commented news this week
· [160] New Comcast Throttling System 100% Online
· [112] After 10 Years Of Service, Charter Declares Home 'Unserviceable'
· [109] iTunes Dumps The DRM
· [71] AT&T, Verizon Stocks Tumble
· [58] DOCSIS 3.0 Gets Faster
· [55] Cable To Grab 75% Of New Subs In 2009
· [54] Feds Start Wait List For DTV Converter Coupons
· [47] Verizon Again Tweaks DSL Bundles
· [38] Netflix Via LG HDTVs
· [37] New Zealand's 'One Strike' Piracy Law

Most people now reading
· Is Blue-Ray here to stay? [General Questions]
· How to download windows 7 beta [Microsoft help]
· Ubuntu v's Windows [Security]
· MLPPP: Fail - ERX06 [TekSavvy]
· cashing a check for my child [General Questions]
· [video] Freak accident- revolving doors [56k lookout! (broadband heavy)]
· [Femtocell] The Beginning of the End of Residential VOIP [VOIP Tech Chat]
· Has Bell figured out how to overcome MLPPP? [TekSavvy]
· So what is bell/rogers going to do next.? [TekSavvy]
· Comcast 8-10mbit download but slow on BT [Comcast HSI]