Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BUGTRAQ Digest - 20 Apr 1999 to 21 Apr 1999 (#1999-92)

From: eric.iversen () BATES NO (Iversen, Eric)
Date: Thu, 22 Apr 1999 11:40:54 +0100

Hi,

I also discovered this some months ago in a similar program named
NetVampire.

I contacted the publisher, who stated that the included ADVERT.DLL
provides banner advertising inside the application.

This DLL apparently uses port 1975 for its communication with
the server.

With port 1975 closed, the banner adverts inside these applications
are not updated.


This DLL is made by -surprise - Aureate Media, http://www.aureate.com,
the makers og GO!Zilla


Regards


Eric V. Iversen,      Systems Engineer, IT dept, Bates-gruppen as
Tel. +47 22 87 96 19 - Fax +47 22 87 97 70
Hoffsveien 1 - PO Box 484 Skøyen - N-0212 Oslo, Norway
E-mail address book: http://www.bates.no/contacts/greenpages.asp

"There is no reason for any individual to have a computer in their home."
-Ken Olson, President, Digital Equipment, 1977




-----Original Message-----
From: GossiTheDog [mailto:gossi () EIDOSNET CO UK]
Sent: Tuesday, April 20, 1999 10:35 PM
Subject: Go!Zilla, possible trojan


I'm a little concerned about a program called Go!Zilla (a Windows 9x
Internet download manager) - basically upon detecting network
connections it appears to send about 2-4k of data to a remote machine
on port 1975.

There appears to be no reference to this made in the documentation,
and I'm a little concerned about what it is actually sending to the
server (and also what is being logged at the server end).

Anybody want to pull Go!Zilla apart or run a network sniffer and see
what it's doing?

I might just be jumping to conclusions, but with what happened with
ProMail I don't think we can afford to have another trojan available
on all the big download sites...

Regards,

-----------------------------------------------------
[Name]      GossiTheDog
[Email]     gossi () eidosnet co uk
[Telephone] (+44) 0702 09 353 08
[Web Site]  http://www.spleen.ukgateway.net
[PGP Key]   http://www.spleen.ukgateway.net/gossi.asc
-----------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: