Security Incidents mailing list archives
Re: udp and dst port 1026
From: Bill McCarty <bmccarty () pt-net net>
Date: Tue, 02 Dec 2003 16:07:35 -0800
Hi all,Using a sacrificial PC, I surfed over to the web site mentioned in Cedric's packet dump, www.popadstop.com. The web page uses Javascript to obfuscate its contents, but invites users to download and install a free tool that allegedly blocks pop-up spam <g>. I suspect that the user who downloads the tool thereby obtains a Trojan that causes their system to begin sending such invitations to others. I spent a few minutes trying to unobfuscate the web page, but didn't yet entirely succeed in doing so.
So far, my sacrificial PC has not begun emitting probes. But, it's behind a NATing firewall. So, it may not be in communication with the mother ship, if indeed one exists.
Cheers, --------------------------------------------------- Bill McCarty --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- udp and dst port 1026 Jens Hektor (Dec 01)
- Re: udp and dst port 1026 Bill McCarty (Dec 01)
- Re: udp and dst port 1026 Cedric Foll (Dec 02)
- Re: udp and dst port 1026 Bill McCarty (Dec 02)
- Re: udp and dst port 1026 Bill McCarty (Dec 02)
- Re: udp and dst port 1026 Thomas Preissler (Dec 03)
- Re: udp and dst port 1026 Ockey (Dec 03)
- RE: udp and dst port 1026 Lawrence Baldwin (Dec 04)
- RE: udp and dst port 1026 Jeff Bryner (Dec 05)
- RE: udp and dst port 1026 jamesworld (Dec 07)
- Re: udp and dst port 1026 Cedric Foll (Dec 02)
- Re: udp and dst port 1026 Bill McCarty (Dec 01)