[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SV: [Full-Disclosure] AMDPatchB & InstallStub
- To: <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: SV: [Full-Disclosure] AMDPatchB & InstallStub
- From: "Peter Kruse" <kruse@xxxxxxxxxxxxxxxx>
- Date: Wed, 17 Sep 2003 21:51:59 +0200
Hi,
Some kind of spyware/adware installed by the user??
Maybe a legit application??
Check: http://63.246.134.50/index.php
Would be nice with a sample, thy.
Kind regards // Med venlig hilsen
Peter Kruse
Securityconsultant / Virusanalyst
CSIS / Kruse Security ApS
http://www.krusesecurity.dk - www.csis.dk
> -----Oprindelig meddelelse-----
> Fra: full-disclosure-admin@xxxxxxxxxxxxxxxx
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] På vegne af
> Michael Linke
> Sendt: 17. september 2003 21:06
> Til: full-disclosure@xxxxxxxxxxxxxxxx
> Emne: [Full-Disclosure] AMDPatchB & InstallStub
>
>
> At one of our Computers with Internet Access, I found a
> strange program running.
> amdpatchB.exe(38 KB)
>
> This program is trying to get Internet Access while starting.
> amdpatchB.exe is connecting 63.246.134.50:9900. There is a
> text based protocol running on 63.246.134.50 at a service on
> port 9900. See Telnet output:
> ________________________________________________________
> telnet 63.246.134.50 9900
> Trying 63.246.134.50...
> Connected to 63.246.134.50.
> Escape character is '^]'.
> NOTICE AUTH :*** Looking up your hostname
> NOTICE AUTH :*** Checking Ident
> NOTICE AUTH :*** Found your hostname
> help
> :Drones2.newiso.org 451 * :Register first.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html