| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000101c37d55$281087d0$0202a8c0@teliahomebase> From: kruse at krusesecurity.dk (Peter Kruse) Subject: SV: AMDPatchB & InstallStub Hi, Some kind of spyware/adware installed by the user?? Maybe a legit application?? Check: http://63.246.134.50/index.php Would be nice with a sample, thy. Kind regards // Med venlig hilsen Peter Kruse Securityconsultant / Virusanalyst CSIS / Kruse Security ApS http://www.krusesecurity.dk - www.csis.dk > -----Oprindelig meddelelse----- > Fra: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] P? vegne af > Michael Linke > Sendt: 17. september 2003 21:06 > Til: full-disclosure@...ts.netsys.com > Emne: [Full-Disclosure] AMDPatchB & InstallStub > > > At one of our Computers with Internet Access, I found a > strange program running. > amdpatchB.exe(38 KB) > > This program is trying to get Internet Access while starting. > amdpatchB.exe is connecting 63.246.134.50:9900. There is a > text based protocol running on 63.246.134.50 at a service on > port 9900. See Telnet output: > ________________________________________________________ > telnet 63.246.134.50 9900 > Trying 63.246.134.50... > Connected to 63.246.134.50. > Escape character is '^]'. > NOTICE AUTH :*** Looking up your hostname > NOTICE AUTH :*** Checking Ident > NOTICE AUTH :*** Found your hostname > help > :Drones2.newiso.org 451 * :Register first.
Powered by blists - more mailing lists