Security Incidents mailing list archives
Re: Port 1975 again
From: bejtlich () TEXAS NET (Richard Bejtlich)
Date: Fri, 31 Dec 1999 02:14:31 -0000
Hello, The outbound connections you are seeing are most likely the result of advert.dll, installed with one of the shareware programs listed at this link: http://www.aureate.com/downloads/network_members.html advert.dll implements advertisements in shareware products like CuteFTP. It pulls ads from remote servers and displays them in the application. These ads are the "price" for some shareware these days. Here is Aureate's FAQ on the advertising system: http://manage.aureate.com/developers/sdk_doc/faq.html A person calling himself "Kept_Anonymous" detailed his experience with advert.dll, port 1975, and CuteFTP here: http://crazyboy.com/fravia/fravia.org/sha2adw.htm I do not know if you can cripple the ad retrieval system without damaging the underlying application. Happy new year, Richard
Current thread:
- Re: Port 1975 again Richard Bejtlich (Dec 30)