http://www.turnstep.com/spambot/

How do I use the cgi script on this website. The author does not really give
good explanations. The one I am specifically interest in is at this link:
http://www.turnstep.com/Spambot/harassment.html#infinospam

It is called infinospam. What are the consequences of doing something like
this?

"Josh Collins" > wrote in message
...
> http://www.turnstep.com/spambot/
>
>

I took a look at the files that avg caught and it looks like avg might have
jumped the gun....... the code looked ok, but I only taught javascript to
myself, so it's hard to tell. But that's ok with me cause you can never be
to sure. I did go back to that site and this time avg didn't catch anything.
Strange.

<snip>

purplehaz03, while banging their head on a wall, wrote:

> I took a look at the files that avg caught and it looks like avg might have
> jumped the gun....... the code looked ok, but I only taught javascript to
> myself, so it's hard to tell. But that's ok with me cause you can never be
> to sure. I did go back to that site and this time avg didn't catch anything.
> Strange.
>
> <snip>

So, is he *not* a "little boy", a "FOOL", and as ignorant as you accused him
of being? Maybe you ought to tell him how ****ed up your reply was to him and
that you're as stupid as you said *he* was.

John
--
http://www.pclinuxonline.com/modules.php?name=News&file=article&sid=6797

I never clicked on any of the scripts or files on the site, I simply went
there and then went to another page, (navigated away) then the popups came
up. I've been there 30 or so times now and I got popups twice. Some sites
only popup every 100 hits(or whatever they want to number to be). This may
be the case with this site. As I said in my other follow up posts the
trouble script comes from www.lexmarx.com -- goto that site and you're
nortons will catch the potential virus script. I confirmed this on four
different machines three with AVG anti-virus and one with Nortons 2002 AV.
Goto the site you will see and the file will be in your temp int files. The
lexmarx.com site was the one that came up in the popup. I checked my history
for the day and I have only visited google, tower records, microsoft kb's,
my bank, searchnetworking.com, that's it. The popups didn't come from any of
those sites. The site you posted was the only other site. This is on a
machine with av installed, spybot run daily, behind lan firewall and
corporate firewall, messenger service disabled, all patches and updates and
sp's, IE6 sp1. The only popup this computer can get is from a webpage.
Here's what nortons says about it when it caught it:
http://securityresponse.symantec.com/avcenter/venc/data/js.exception.exploit.html

"Josh Collins" > wrote in message
...
> You hung yourself. I don't think anyone is going to take you seriously
now.
> Thank you for your professionalism <snide>
>
> Before you click on any of the codes on that site you are told in plain
> English that they are scripts and you are even given warnings to use at
your
> own risk if you don't know what you are doing. Also, I could not find the
> file in my tmp folder that you spoke of.
>
> I also just found this website listed in PCMag's "AntiSpam Tools" in the
> February 25, 2003 issue.
>
> One more thing. I received absolutely no popups when I go to this website.
> Therefore I restate what I said.....the problem is on your end.
>
> http://www.turnstep.com/spambot/
>
>
> "purplehaz03" > wrote in message
> ...
> > AVG caught three potential virus files from that site and/or the popups
> that
> > come up after you leave the site. They were javascript files and
deposited
> > in my temp internet files. There is NO problem on my end. These .js file
> can
> > carry virus code in them and AVG saw the code in these files as
> potentially
> > unsafe, thus the warning. It may just be a bad coded javascript file,
but
> my
> > concearn is why does this site even load .js(javascript) files onto my
> > machine. There's no reason for a site to do that. Anything that needs a
> > javascript file to run should be done server side, not client side. That
> > IMHO makes the site one to stay away from. That being said, Nortons
blows
> > and you can trust it if you want, it's your choice, I choose to stay
away
> > from nortons junk. Also I can tell you, little boy, that I know alot
more
> > about exploits and scripts than you could ever hope to. If you can't
even
> > figure out how to run a spambot and harvest emails, then I guarantee you
> > know nothing about javascript. Check your temp int files, there's
probably
> a
> > a file named autohome.js(can't remember the other names). If your so
sure,
> > find the file and run it. See what happens. Or if you want I'll send you
a
> > javascript file and you can see exactly how an exploit can be done.
> > Fool........ all I did was post a warning that my AV software found
> > something. There is something fishy with that site cause I can hit
> thousands
> > of sites and avg says nothing, but it doesn't like the javascripts from
> that
> > site, that's for sure.
> >
> > "Josh Collins" > wrote in message
> > ...
> > > The problem is on your end; not the spambot beware site. My Norton
> > Antivirus
> > > has detected nothing. Spybot has detected nothing either. I also
think
> > you
> > > need to do some reading up on exploit scripts.
> > >
> > > "purplehaz03" > wrote in message
> > > ...
> > > > I went to this site and upon leaving this site, either the site
itself
> > or
> > > > the re-direct / pop-up sites that come up, have a exploit/script
> > reported
> > > > and found as a virus by my AVG anti-virus.
> > > > DO NOT GOTO THIS SITE.
> > > >
> > > > "Josh Collins" > wrote in message
> > > > ...
> > > > > http://www.turnstep.com/spambot/
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

purplehaz03 wrote:
> I never clicked on any of the scripts or files on the site, I simply
> went
> there and then went to another page, (navigated away) then the popups
> came
> up. I've been there 30 or so times now and I got popups twice. Some
> sites
> only popup every 100 hits(or whatever they want to number to be).
> This may
> be the case with this site. As I said in my other follow up posts the
> trouble script comes from www.lexmarx.com -- goto that site and you're
> nortons will catch the potential virus script. I confirmed this on
> four different machines three with AVG anti-virus and one with
> Nortons 2002 AV.
> Goto the site you will see and the file will be in your temp int
> files. The lexmarx.com site was the one that came up in the popup. I
> checked my history
> for the day and I have only visited google, tower records, microsoft
> kb's,
> my bank, searchnetworking.com, that's it. The popups didn't come from
> any of those sites. The site you posted was the only other site. This
> is on a
> machine with av installed, spybot run daily, behind lan firewall and
> corporate firewall, messenger service disabled, all patches and
> updates and sp's, IE6 sp1. The only popup this computer can get is
> from a webpage.
> Here's what nortons says about it when it caught it:
>
http://securityresponse.symantec.com/avcenter/venc/data/js.exception.exploit.html
>


Confirmed here also with NAV 2003, something fishy on the Lexmark.com site.

--

Michael Stevens MS-MVP XP

http://michaelstevenstech.com


> "Josh Collins" > wrote in message
> ...
>> You hung yourself. I don't think anyone is going to take you
>> seriously
> now.
>> Thank you for your professionalism <snide>
>>
>> Before you click on any of the codes on that site you are told in
>> plain English that they are scripts and you are even given warnings
>> to use at
> your
>> own risk if you don't know what you are doing. Also, I could not
>> find the
>> file in my tmp folder that you spoke of.
>>
>> I also just found this website listed in PCMag's "AntiSpam Tools" in
>> the February 25, 2003 issue.
>>
>> One more thing. I received absolutely no popups when I go to this
>> website. Therefore I restate what I said.....the problem is on your
>> end.
>>
>> http://www.turnstep.com/spambot/
>>
>>
>> "purplehaz03" > wrote in message
>> ...
>>> AVG caught three potential virus files from that site and/or the
>>> popups
>> that
>>> come up after you leave the site. They were javascript files and
> deposited
>>> in my temp internet files. There is NO problem on my end. These .js
>>> file
>> can
>>> carry virus code in them and AVG saw the code in these files as
>> potentially
>>> unsafe, thus the warning. It may just be a bad coded javascript
>>> file, but my concearn is why does this site even load
>>> .js(javascript) files onto my machine. There's no reason for a site
>>> to do that. Anything that needs a javascript file to run should be
>>> done server side, not client side. That IMHO makes the site one to
>>> stay away from. That being said, Nortons
> blows
>>> and you can trust it if you want, it's your choice, I choose to stay
> away
>>> from nortons junk. Also I can tell you, little boy, that I know alot
> more
>>> about exploits and scripts than you could ever hope to. If you can't
> even
>>> figure out how to run a spambot and harvest emails, then I
>>> guarantee you know nothing about javascript. Check your temp int
>>> files, there's probably a a file named autohome.js(can't remember
>>> the other names). If your so
> sure,
>>> find the file and run it. See what happens. Or if you want I'll
>>> send you
> a
>>> javascript file and you can see exactly how an exploit can be done.
>>> Fool........ all I did was post a warning that my AV software found
>>> something. There is something fishy with that site cause I can hit
>> thousands
>>> of sites and avg says nothing, but it doesn't like the javascripts
>>> from
>> that
>>> site, that's for sure.
>>>
>>> "Josh Collins" > wrote in message
>>> ...
>>>> The problem is on your end; not the spambot beware site. My Norton
>>>> Antivirus has detected nothing. Spybot has detected nothing
>>>> either. I also think you need to do some reading up on exploit
>>>> scripts.
>>>>
>>>> "purplehaz03" > wrote in message
>>>> ...
>>>>> I went to this site and upon leaving this site, either the site
>>>>> itself or the re-direct / pop-up sites that come up, have a
>>>>> exploit/script reported and found as a virus by my AVG anti-virus.
>>>>> DO NOT GOTO THIS SITE.
>>>>>
>>>>> "Josh Collins" > wrote in message
>>>>> ...
>>>>>> http://www.turnstep.com/spambot/

Yes, 3 viral infected script/exploit files were promptly detected, this
time, with AVG at 05:18 GMT+1. They were equally promptly removed.


--
Bee.
I have found my Shangri-La, at the moment, in ntlworld.


--------------------------------------------------
"Michael Stevens" > wrote in message
...
> purplehaz03 wrote:
> > I never clicked on any of the scripts or files on the site, I simply
> > went
> > there and then went to another page, (navigated away) then the popups
> > came
> > up. I've been there 30 or so times now and I got popups twice. Some
> > sites
> > only popup every 100 hits(or whatever they want to number to be).
> > This may
> > be the case with this site. As I said in my other follow up posts the
> > trouble script comes from www.lexmarx.com -- goto that site and you're
> > nortons will catch the potential virus script. I confirmed this on
> > four different machines three with AVG anti-virus and one with
> > Nortons 2002 AV.
> > Goto the site you will see and the file will be in your temp int
> > files. The lexmarx.com site was the one that came up in the popup. I
> > checked my history
> > for the day and I have only visited google, tower records, microsoft
> > kb's,
> > my bank, searchnetworking.com, that's it. The popups didn't come from
> > any of those sites. The site you posted was the only other site. This
> > is on a
> > machine with av installed, spybot run daily, behind lan firewall and
> > corporate firewall, messenger service disabled, all patches and
> > updates and sp's, IE6 sp1. The only popup this computer can get is
> > from a webpage.
> > Here's what nortons says about it when it caught it:
> >
>
http://securityresponse.symantec.com/avcenter/venc/data/js.exception.exploit
..html
> >
>
>
> Confirmed here also with NAV 2003, something fishy on the Lexmark.com
site.
>
> --
>
> Michael Stevens MS-MVP XP
>
> http://michaelstevenstech.com
>
>
> > "Josh Collins" > wrote in message
> > ...
> >> You hung yourself. I don't think anyone is going to take you
> >> seriously
> > now.
> >> Thank you for your professionalism <snide>
> >>
> >> Before you click on any of the codes on that site you are told in
> >> plain English that they are scripts and you are even given warnings
> >> to use at
> > your
> >> own risk if you don't know what you are doing. Also, I could not
> >> find the
> >> file in my tmp folder that you spoke of.
> >>
> >> I also just found this website listed in PCMag's "AntiSpam Tools" in
> >> the February 25, 2003 issue.
> >>
> >> One more thing. I received absolutely no popups when I go to this
> >> website. Therefore I restate what I said.....the problem is on your
> >> end.
> >>
> >> http://www.turnstep.com/spambot/
> >>
> >>
> >> "purplehaz03" > wrote in message
> >> ...
> >>> AVG caught three potential virus files from that site and/or the
> >>> popups
> >> that
> >>> come up after you leave the site. They were javascript files and
> > deposited
> >>> in my temp internet files. There is NO problem on my end. These .js
> >>> file
> >> can
> >>> carry virus code in them and AVG saw the code in these files as
> >> potentially
> >>> unsafe, thus the warning. It may just be a bad coded javascript
> >>> file, but my concearn is why does this site even load
> >>> .js(javascript) files onto my machine. There's no reason for a site
> >>> to do that. Anything that needs a javascript file to run should be
> >>> done server side, not client side. That IMHO makes the site one to
> >>> stay away from. That being said, Nortons
> > blows
> >>> and you can trust it if you want, it's your choice, I choose to stay
> > away
> >>> from nortons junk. Also I can tell you, little boy, that I know alot
> > more
> >>> about exploits and scripts than you could ever hope to. If you can't
> > even
> >>> figure out how to run a spambot and harvest emails, then I
> >>> guarantee you know nothing about javascript. Check your temp int
> >>> files, there's probably a a file named autohome.js(can't remember
> >>> the other names). If your so
> > sure,
> >>> find the file and run it. See what happens. Or if you want I'll
> >>> send you
> > a
> >>> javascript file and you can see exactly how an exploit can be done.
> >>> Fool........ all I did was post a warning that my AV software found
> >>> something. There is something fishy with that site cause I can hit
> >> thousands
> >>> of sites and avg says nothing, but it doesn't like the javascripts
> >>> from
> >> that
> >>> site, that's for sure.
> >>>
> >>> "Josh Collins" > wrote in message
> >>> ...
> >>>> The problem is on your end; not the spambot beware site. My Norton
> >>>> Antivirus has detected nothing. Spybot has detected nothing
> >>>> either. I also think you need to do some reading up on exploit
> >>>> scripts.
> >>>>
> >>>> "purplehaz03" > wrote in message
> >>>> ...
> >>>>> I went to this site and upon leaving this site, either the site
> >>>>> itself or the re-direct / pop-up sites that come up, have a
> >>>>> exploit/script reported and found as a virus by my AVG anti-virus.
> >>>>> DO NOT GOTO THIS SITE.
> >>>>>
> >>>>> "Josh Collins" > wrote in message
> >>>>> ...
> >>>>>> http://www.turnstep.com/spambot/
>
>
>

Michael Stevens, while banging their head on a wall, wrote:

> purplehaz03 wrote:

<snip>

>>The site you posted was the only other site. This
>> is on a
>> machine with av installed, spybot run daily, behind lan firewall and
>> corporate firewall, messenger service disabled, all patches and
>> updates and sp's, IE6 sp1. The only popup this computer can get is
>> from a webpage.
>> Here's what nortons says about it when it caught it:
>>
>
http://securityresponse.symantec.com/avcenter/venc/data/js.exception.exploit.html
>>
>
>
> Confirmed here also with NAV 2003, something fishy on the Lexmark.com site.
>
> --
>
> Michael Stevens MS-MVP XP

It's just a redirect page, though W3C couldn't verify it, but I don't think it
has any 'nasties' in it:

<html>
<head>

<title></title>

<script language="JavaScript">
<!--
if (window != window.top)
top.location.href = location.href;
// -->
</script>

<meta http-equiv="refresh" CONTENT="3;
URL=http://www.site-loading.com/expired_domain.htm">

</head>
<BODY>
<p>&nbsp;</p><p align="center"><a
href="http://www.site-loading.com/expired_domain.htm">
<font face="Arial">Please wait (or click here) to be forwarded to a
sponsor.</font></a></p>
<p align="center"><a ?subject=Question">
<font face="Arial">C</font></a><font face="Arial"><a
?subject=Question">lick
here to email the domain owner with any questions.</a><br>
</body>

</html>

That's all it's made up of. Maybe your Java security settings are a little too
high? Doesn't bother my linux box one bit...*any* of the sites it redirects me
to, nor does the java popup redirection.

John
--
http://www.pclinuxonline.com/modules.php?name=News&file=article&sid=6797