Re: blocking gator and it's kin at the firewall

Rusty wrote:

> Hi,
>
> My wife was surfing today and got our win2kpro (and I just installed
> it yesterday!) infected w/ gain/gator dateminder etc simply because
> she didn't press the don't install button in the 5 seconds it allowed
> her while it was hidden behind a dozen pop-up ads.
>
> Im running RH 8.0 with an iptables firewall natting to the inside.
>
> Im wondering if there's product that will run on the linux box and do
> regular automatic lookups from a "spamassassin" type list, build a new
> chain based on existing rules and add those addresses blocking all
> connection attempts from those addresses, established or not.
>
> Thanks
> Rusty
Why not just remove Gator? It's not that hard to find the files it uses.
Just remove them.

In article <IzGXa.47566$(E-Mail Removed) >, JM wrote:
> Why not just remove Gator? It's not that hard to find the files it uses.
> Just remove them.

Why not just prevent it from ever coming back? It's not that hard to do,
and once it's done it's done forever.

I implemented my DNS-based gator eradication at a customer site running
appx. 75 Windows machines. When I trapped the gator we quickly (through
apache error logs) identified over 20 infected machines. How often do
you think we should go around removing Gators? Is that a good way for us
to spend our client's money? Sure, a lot of busywork for our Windows
man, but I don't like to do business that way. It's better for us in the
long run if we provide real value for the customer's money.

Gator's gone. Other vicious creatures will rear their ugly heads, and
when they do we'll permanently eradicate them as well.
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply