[DM-MUG] Finder Issue

Jon Thompson jthompson-lists at dmevolve.com
Mon Nov 30 12:52:50 CST 2009 

Sans.org is a website devoted to computer security. I agree that this is a
feature that is being utilized, however, I am not sure what the feature is,
as I have never seen it in this fashion.
-- 
Jon Thompson
Evolve
www.dmevolve.com


On Mon, Nov 30, 2009 at 12:12 PM, Alan Maupin <alan.maupin at gmail.com> wrote:

> The Finder issue continues:   I now have the www.sans.org url in the
> Finder - Shared - All, category.  I uninstalled the Antivirus on my MacBook
> to see if the changes stuck, and they did.  So gigya.com is out and
> sans.org is in.  Oh by the way, The Antivirus turned up absolutely no
> viruses or malware and subsequently made no changes to the MacBook. I don't
> think this Finder issue is a problem, I now believe its a feature.  A
> feature thats wasting a lot of time since it resembles a Trojan.
>
>
>
> On Nov 30, 2009, at 10:26 AM, Jon Thompson wrote:
>
> try doing the command in terminal
>
> dscacheutil -flushcache
>
> See if that helps
> --
> Jon Thompson
> Evolve
> www.dmevolve.com
>
>
> On Mon, Nov 30, 2009 at 10:23 AM, Alan Maupin <alan.maupin at gmail.com>wrote:
>
>> Yes still there.
>>
>> On Nov 30, 2009, at 10:13 AM, Jon Thompson wrote:
>>
>> I wasn't concerned with the trojan being on your computer as so much as
>> the trojan modifying your DNS settings, which are tied with the mDNS that
>> you see in the Shared list.
>>
>> Am I correct in you saying that the items are still there?
>> --
>> Jon Thompson
>> Evolve
>> www.dmevolve.com
>>
>>
>> On Mon, Nov 30, 2009 at 10:02 AM, Alan Maupin <alan.maupin at gmail.com>wrote:
>>
>>> Jon here is a newer article that mentions the trojan spoke of in the
>>> previous article you sent, with an updated look at Snow Leopards defense:
>>> http://blogs.zdnet.com/security/?p=4139
>>>
>>> On Nov 30, 2009, at 8:51 AM, Jon Thompson wrote:
>>>
>>> Alan,
>>>
>>> Try running the commands in this article, as these types of things could
>>> appear if you are using a DNS server that is not one given to you by your
>>> ISP.
>>>
>>> http://www.macworld.com/article/60823/2007/10/trojanhorse.html
>>>
>>> I'm giving you this as a precaution, as well as to eliminate it as a
>>> possibility.
>>> --
>>> Jon Thompson
>>> Evolve
>>> www.dmevolve.com
>>>
>>>
>>> On Mon, Nov 30, 2009 at 2:13 AM, Alan Maupin <alan.maupin at gmail.com>wrote:
>>>
>>>> AB thank you very much for this information.  You are quite the internet
>>>> sleuth!
>>>>
>>>>
>>>> On Nov 29, 2009, at 7:21 PM, AB wrote:
>>>>
>>>> When typing in wildfire.gigya.com I got a "directory not listed"
>>>> message, see screenshot.
>>>> I went to the gigya.com website. It is a social media and content
>>>> management internet based company with offices in CA, NY, and Israel.
>>>>
>>>> Perhaps they can investigate their own security on their servers since
>>>> the discussion thread mentioned it was a leak in the respective company's
>>>> network servers.
>>>>
>>>> here's the contact info for them.
>>>>
>>>> Whether you have a comment, a bug to report,
>>>> or a press or business inquiry, please use the following contact
>>>> information.
>>>> We will get back to you as soon as possible.
>>>>
>>>>  Liza Hausman, Gigya
>>>> 650.353.4178 Office
>>>>
>>>> Mark Naples, WIT
>>>> 215.893.0581 Direct
>>>> 646.265.7372 Cell
>>>>  Customer Support and Product Feedback Inquiries: support at gigya-inc.com
>>>>  Sales related inquiries: sales at gigya-inc.com
>>>>  Partner and Business Development Inquiries: bizdev at gigya-inc.com
>>>> Questions Relating to Terms of Use and/or our Privacy Policy:
>>>> privacy at gigya-inc.com
>>>>   Our offices Palo Alto Office (Corporate Headquarters)
>>>> 855 El Camino Real
>>>> Building 4, Suite 290
>>>> Palo Alto, CA 94301
>>>> 650.353.7230
>>>>  New York Office. 817 Broadway, 10th Floor
>>>> New York, NY 10003-4709
>>>> 646.722.8137
>>>>  Tel Aviv Office
>>>> 132 Begin road
>>>> Azrieli round tower (13 floor)
>>>> Tel Aviv, Israel 67021
>>>> +972.73.7852400
>>>>
>>>> --- On *Sun, 11/29/09, Victoria L. Herring <vlh at herringlaw.com>* wrote:
>>>>
>>>> From: Victoria L. Herring <vlh at herringlaw.com>
>>>> Subject: Re: [DM-MUG] Finder Issue
>>>> To: "Des Moines Mac Users Group" <dmmug at dmmug.org>
>>>> Cc: alan.maupin at gmail.com
>>>> Date: Sunday, November 29, 2009, 5:57 PM
>>>>
>>>> you can go to Apple.com and set up a phone support call and explain the
>>>> whole problem in the message so the person you speak to has an idea of the
>>>> reason for the support call.  Seems easier than going out to the Apple Store
>>>> - maybe a first step.
>>>>
>>>> I certainly don't know but if you are having things show up in the
>>>> finder window you might go to the Prefs for Finder and check on what is
>>>> listed as contents on sidebar =- I don't know what Neighborhood would be
>>>> other than perhaps you have Bluetooth or Bonjour enabled???  And they/it are
>>>> picking up signals??
>>>>
>>>> On Thu, Nov 26, 2009 at 3:33 PM, Alan Maupin <alan.maupin at gmail.com>wrote:
>>>> The problem is located in Finder application, on the Shared menu, under
>>>> the submenu All:   random named URL's are showing up and are listed as
>>>> Neighborhood.
>>>>
>>>> The most recent URL to show up is "wildfire.gigya.com"
>>>>
>>>> It does not go away with a reboot.
>>>>
>>>> Does anyone know what causes this issue?  Is it a security issue?
>>>>
>>>>
>>>> Thanks in advance,
>>>> Alan
>>>>
>>>> <Screen shot 2009-11-29 at 6.11.32 PM.png>
>>>> _______________________________________________
>>>>
>>>> DMMUG mailing list
>>>> Use this Address to send mail to the list:
>>>> DMMUG at dmmug.org
>>>> Use this page to modify subscription options:
>>>> http://cialug.org/mailman/listinfo/dmmug
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> DMMUG mailing list
>>>> Use this Address to send mail to the list:
>>>> DMMUG at dmmug.org
>>>> Use this page to modify subscription options:
>>>> http://cialug.org/mailman/listinfo/dmmug
>>>>
>>>
>>> _______________________________________________
>>> DMMUG mailing list
>>> Use this Address to send mail to the list:
>>> DMMUG at dmmug.org
>>> Use this page to modify subscription options:
>>> http://cialug.org/mailman/listinfo/dmmug
>>>
>>>
>>>
>>> _______________________________________________
>>> DMMUG mailing list
>>> Use this Address to send mail to the list:
>>> DMMUG at dmmug.org
>>> Use this page to modify subscription options:
>>> http://cialug.org/mailman/listinfo/dmmug
>>>
>>
>> _______________________________________________
>> DMMUG mailing list
>> Use this Address to send mail to the list:
>> DMMUG at dmmug.org
>> Use this page to modify subscription options:
>> http://cialug.org/mailman/listinfo/dmmug
>>
>>
>>
>> _______________________________________________
>> DMMUG mailing list
>> Use this Address to send mail to the list:
>> DMMUG at dmmug.org
>> Use this page to modify subscription options:
>> http://cialug.org/mailman/listinfo/dmmug
>>
>
> _______________________________________________
> DMMUG mailing list
> Use this Address to send mail to the list:
> DMMUG at dmmug.org
> Use this page to modify subscription options:
> http://cialug.org/mailman/listinfo/dmmug
>
>
>
> _______________________________________________
> DMMUG mailing list
> Use this Address to send mail to the list:
> DMMUG at dmmug.org
> Use this page to modify subscription options:
> http://cialug.org/mailman/listinfo/dmmug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/dmmug/attachments/20091130/88befa37/attachment-0001.htm

More information about the DMMUG mailing list