SV: [Full-Disclosure] AMDPatchB & InstallStub

From: Peter Kruse (kruse_at_krusesecurity.dk)
Date: 09/17/03

  • Next message: bugzilla_at_redhat.com: "[RHSA-2003:279-02] Updated OpenSSH packages fix potential vulnerabilities" 
    To: <full-disclosure@lists.netsys.com>
Date: Wed, 17 Sep 2003 21:51:59 +0200

    Hi,

    Some kind of spyware/adware installed by the user??
    Maybe a legit application??

    Check: http://63.246.134.50/index.php

    Would be nice with a sample, thy.

    Kind regards // Med venlig hilsen

    Peter Kruse
    Securityconsultant / Virusanalyst
    CSIS / Kruse Security ApS
    http://www.krusesecurity.dk - www.csis.dk

    > -----Oprindelig meddelelse-----
    > Fra: full-disclosure-admin@lists.netsys.com
    > [mailto:full-disclosure-admin@lists.netsys.com] På vegne af
    > Michael Linke
    > Sendt: 17. september 2003 21:06
    > Til: full-disclosure@lists.netsys.com
    > Emne: [Full-Disclosure] AMDPatchB & InstallStub
    >
    >
    > At one of our Computers with Internet Access, I found a
    > strange program running.
    > amdpatchB.exe(38 KB)
    >
    > This program is trying to get Internet Access while starting.
    > amdpatchB.exe is connecting 63.246.134.50:9900. There is a
    > text based protocol running on 63.246.134.50 at a service on
    > port 9900. See Telnet output:
    > ________________________________________________________
    > telnet 63.246.134.50 9900
    > Trying 63.246.134.50...
    > Connected to 63.246.134.50.
    > Escape character is '^]'.
    > NOTICE AUTH :*** Looking up your hostname
    > NOTICE AUTH :*** Checking Ident
    > NOTICE AUTH :*** Found your hostname
    > help
    > :Drones2.newiso.org 451 * :Register first.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: bugzilla_at_redhat.com: "[RHSA-2003:279-02] Updated OpenSSH packages fix potential vulnerabilities"

    Relevant Pages