Bugtraq mailing list archives
Re: trojaned Reality Fusion app
From: Henrik Nordstrom <hno () HEM PASSAGEN SE>
Date: Mon, 5 Mar 2001 00:43:54 +0100
Seems to be some automatic advertising / content push thingy, but who knows what other functions there might be in the client. The digit string is supposed to be a HTTP/1.1 ETag value, but I have to agree with you that this server behaves more than odd with the ETag values which MIGHT indicate the usage of hidden HTTP/1.1 cookies. However, I haven't actually tested how IIS/5.0 behaves wrt ETag support so the seen irregularities might simply be bugs/misfeatures in the server.. -- Henrik Nordstrom J Edgar Hoover wrote:
The executable rfupd.exe included in the Reality Fusion products bundled with many popular cameras sends the following data to 204.176.10.168 port 80 every time you use the app, reboot your computer or change configuration. ----- GET /GCSE/Messages/todolist04.tag HTTP/1.1 If-Modified-Since: Sat, 03 Mar 2001 00:43:39 GMT If-None-Match: "e9ffe1fc7aa3c01:87a" User-Agent: RFUPD Host: www.RealityFusion.com Connection: Keep-Alive ----- This is particularly disturbing since the application by its nature enables video/audio surveillance of the user. I'm real curious what kind of information is obfuscated in the string If-None-Match: "e9ffe1fc7aa3c01:87a" too. Anyone interested in dissecting the (windows) application can find it at http://totally.righteous.net/rfupd.exe Cheers, zorch
Current thread:
- trojaned Reality Fusion app J Edgar Hoover (Mar 04)
- Re: trojaned Reality Fusion app Henrik Nordstrom (Mar 05)
- Re: trojaned Reality Fusion app Mike Adams (Mar 05)