Recently i was searching something at wiki at my friends place and clicked on an interesting link to find this page which says
[b]User is blocked
You have been blocked from editing.
xx.xxx.xxx.xxx (an account, IP address or range of addresses) was blocked by Syrthiss for the following reason (see our blocking policy):
open proxy or zombie (see WikiProject on open proxies for information)
Your IP address is xx.xx.xxx.xxx, and your block has been set to expire: indefinite. [/b]
Now i am curious because i have just checked my yahoo mail before landing at wiki and this msg pops up and i read through the links about zombie / open proxies i am scared of email password theft now.
now at my friends place he has all of the security ex:firewall (Comodo latest version and virus, anti-spyware,etc) and he scans the computer daily and comes clean.
can a firewall,anti virus, anti-spywares protect email password theft? even if i was running a computer on an ISP which is a zombie/open proxy or anything like that?
I beleive that it is not possible, bcos nowdays all the email service are using https.Even though you have to accept a truth that all the security products are working on signature update and it also depends on the popuarity of the maware…
I don’t know if this applies - there has been a recent series of exploits involving servers using the Linux/Apache system. The reports that I have seen report that the exploits are run by phishing hackers. I don’t know if you have to be a registered user, but you may be able to view the report here: http://blogs.techrepublic.com.com/security/?p=396
Obviously, their intent is to capture banking and other password information. You would be well advised to change your passwords. This would only apply to passwords that you used while online over that connection. The hackers just record your online transactions - they don’t have direct access to your computer’s data.
The threat reported at http://www.linux.com/feature/125548 is totally different.Even if are not using proxy you may fall as a prey for this exploit.This is totally doing a pharming attack through rootkits on de web server.
It is really hard to get the password detils, when you are using genuine https login page.For phising and pharming attacks you can use comodo v-engine, which will save you from phising and pharming attack.
Call me paranoid, but I was assuming the worst - the compromised servers were being used to forward connections to a proxy server that then recorded all traffic. The secure connection only would exist between the proxy server and the mail page - but I am not sure if that is the case. Just my paranoia talking (just because I’m paranoid doesn’t mean that they aren’t out to get me!).