Re: unknown outgoing tcp traffic - should I be worried?

Hi all,

My name is Alex Chudnovsky and I am the founder of the Majestic-12
project referenced above.

In the last couple of weeks we were getting reports of fake MJ12bot
user-agent coming from various IPs, the main flag showing that it is a
fake was very old version v1.0.8 of the user-agent just like above.

This is NOT us who do it - we are effectively a victim here as whoever
does this fakes user-agent in the same way spammers fake From: email
address :-(

I am very keen to get to the bottom of exactly what happens - if you
look at our bots page here : 'Majestic-12 : DSearch : MJ12bot'
( you will see message about fake bot
and lots of IP addresses from all over the world. I was thinking for
some time that some botnet with compromised PCs were being used to crawl
the web (probably for spamming purposes) using fake user-agents.

Can you try installing Process Explorer from Microsoft:

Do you have any of the firewalls installed like Kerio or ZoneAlarm?
These should have prompted for network traffic coming out asking for

it gives much greater detail about which processes do what, and it
allows to look at network stats for applications as well. I hope this
will allow to locate exact application that is doing this stuff. It sure
isn't ours (MJ12node.exe) :/

View this thread: