Full Disclosure mailing list archives
Re: Increase probe on UDP port 1026
From: Paul Dokas <dokas () cs umn edu>
Date: Tue, 2 Dec 2003 15:21:17 -0600
On Tue, 02 Dec 2003 10:16:23 +0100 Nicob <nicob () nicob net> wrote:
I captured some packets and it appears to be (only) a Windows Messenger "spam" for a "penis enlargement" product.
I caught one last night scanning 1026/UDP and 1030/UDP and doing popups directing people to www.PopAdStop.com. The 1026/UDP and related traffic is *definitely* popup spam related. At this point, I suspect that the malware is getting onto computers via .HTA mime or ADODB.Stream vulnerabilites in IE. However, I have no proof of this yet. BTW, I did `wget http://www.PopAdStop.com` a little bit ago. Looks like they could win an obfuscated JavaScript contest. Paul -- Paul Dokas dokas () cs umn edu ====================================================================== Don Juan Matus: "an enigma wrapped in mystery wrapped in a tortilla." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Increase probe on UDP port 1026 Irwan Hadi (Dec 01)
- Re: Increase probe on UDP port 1026 srenna (Dec 01)
- Re: Increase probe on UDP port 1026 bowwow (Dec 03)
- <Possible follow-ups>
- RE: Increase probe on UDP port 1026 Rodrigues, Philip (Dec 01)
- RE: Increase probe on UDP port 1026 Nicob (Dec 02)
- RE: Increase probe on UDP port 1026 Rodrigues, Philip (Dec 02)
- Re: Increase probe on UDP port 1026 Paul Dokas (Dec 02)
- Re: Increase probe on UDP port 1026 George Capehart (Dec 02)
- Re: Increase probe on UDP port 1026 Nick FitzGerald (Dec 02)
- RE: Increase probe on UDP port 1026 Bill Royds (Dec 02)
- Re: Increase probe on UDP port 1026 Brian Eckman (Dec 03)
- RE: Increase probe on UDP port 1026 Nicob (Dec 02)