Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

SV: AMDPatchB & InstallStub

From: "Peter Kruse" <kruse () krusesecurity dk>
Date: Wed, 17 Sep 2003 21:51:59 +0200
Hi,

Some kind of spyware/adware installed by the user??
Maybe a legit application??

Check: http://63.246.134.50/index.php

Would be nice with a sample, thy.

Kind regards // Med venlig hilsen

Peter Kruse
Securityconsultant / Virusanalyst
CSIS / Kruse Security ApS
http://www.krusesecurity.dk - www.csis.dk


-----Oprindelig meddelelse-----
Fra: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] På vegne af 
Michael Linke
Sendt: 17. september 2003 21:06
Til: full-disclosure () lists netsys com
Emne: [Full-Disclosure] AMDPatchB & InstallStub


At one of our Computers with Internet Access, I found a 
strange program running. 
amdpatchB.exe(38 KB)

This program is trying to get Internet Access while starting. 
amdpatchB.exe is connecting 63.246.134.50:9900. There is a 
text based protocol running on 63.246.134.50 at a service on 
port 9900. See Telnet output: 
________________________________________________________
telnet 63.246.134.50 9900
Trying 63.246.134.50...
Connected to 63.246.134.50.
Escape character is '^]'.
NOTICE AUTH :*** Looking up your hostname
NOTICE AUTH :*** Checking Ident
NOTICE AUTH :*** Found your hostname
help
:Drones2.newiso.org 451 *  :Register first. 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: