New Bagle opens another spam backdoor
Grok Headline matches for New Bagle opens another spam backdoor
Special Report: Beware of backdoor
planted by Bagle/Beagle worm
Special Report: Beware of backdoor
planted by Bagle/Beagle worm
01/23/2004 02:19 PMCNET Jan 23 2004 8:47AM GMT
Bagle Virus Riding on the Coattails of
Spam; Deceiving Spam and Virus Filters
Bagle Virus Riding on the Coattails of
Spam; Deceiving Spam and Virus Filters
08/12/2004 02:51 AMSpam Inspector Software Developers Working to Stay Ahead of Bagle to
Keep Users Protected [PRWEB Aug 12, 2004]
Serving Bagle with spam
Serving Bagle with spam
07/16/2004 08:15 AMZDNet Jul 16 2004 12:07PM GMT
Mail Server Flaw Opens MS Exchange to
Spam
Mail Server Flaw Opens MS Exchange to
Spam
11/18/2003 01:24 AMMail server flaw opens Exchange to spam
Mail server flaw opens Exchange to spam
11/14/2003 08:42 PMAdministrators of e-mail systems based on Microsoft's Exchange might
have spammers using their servers to send unsolicited bulk e-mail
under their noses, a consultant warns.
Gates Opens Comdex with Focus on
Security, Spam and Tablet PC
Gates Opens Comdex with Focus on
Security, Spam and Tablet PC
11/18/2003 02:28 AMExtreme Tech Nov 18 2003 1:57AM ET
Netriplex Opens Fifth Data Center for
its 100% Effective Anti-Spam Solution
Netriplex Opens Fifth Data Center for
its 100% Effective Anti-Spam Solution
06/14/2004 02:07 AMNetriplex announced today that due to increased demand for its 100%
effective anti-spam solution, it has completed implementation of its
Seattle data center. The Seattle location brings the total number of
data centers to five. [PRWEB Jun 14, 2004]
Spam, spam, spam, spam ... Canada
targets unwanted email (AFP)
Spam, spam, spam, spam ... Canada
targets unwanted email (AFP)
05/12/2004 04:17 AMAFP - Canada unveiled a new action plan to combat unsolicited
commercial e-mail, nicknamed spam, which jams inboxes and clogs
Internet traffic worldwide.
Akamai or Backdoor?
Akamai or Backdoor?
10/28/2003 11:07 PMRecently my brother contacted me via IM to ask about some strange
network behavior on his machine. He was using sysinternals
tcpview, and noticed that svchost.exe was opening connections to two
IP addresses; one on 80.66.x.x subnet, and another somewhere beneath a
different 80.x.x.x subnet. He was concerned because the IP
addresses in question showed up as "unassigned EU block" in the RIPE
database. The closest assigned block to one of the addresses
showed up as being assigned to a company in the Netherlands, and the
other to a company in Germany (and GeoIP returned the same information
using the original IP addresses).
More interesting was the traceroute. The address that GeoIP
reported being in Germany routed to Hurricane Electric in Fremont,
California; with the last hop before 80.x.x.x being a 64.x.x.x router
in Fremont. Could someone in Germany actually be within one hop
of a router in Fremont?
After more investigation, we found a google news posting pointing
the finger at Windows Update; and particularly to Akamai servers in
the 80.x.x.x range. With a bit more coaxing, we were able to get
the RIPE database to reveal that some small subnets within the
unassigned blocks were actually assigned to Akamai. I knew that
Windows Update and many other MSFT sites contract to Akamai for
edge-caching services, so this was a very plausible resolution.
However, I am left with a few nagging questions:
- Are there any better tools or techniques to find out exactly what
chunk of code is accessing the network? Knowing that svchost.exe
is initiating the connection is not very useful. More useful
would be the exact DLL.
- Akamai works by configuring DNS to resolve differently depending
on geographic location (ping download.windowsupdate.com to see this in
action). This is a common architecture for our large globally
distributed customers' sites who use routing products like Cisco
Global Director and F5 3DNS to accomplish this. However, it
leads to a problem -- using reverse DNS from an IP address is
rather unlikely to return the same FQDN that was used to resolve the
address in the first place. So starting with an IP address like
80.67.66.16, you have no way of finding out if that was initiated by a
call to download122.windowsupdate.com or
spywareupload22.gator.com. And considering the way that Akamai
provides services to spyware vendors as well as to MSFT, you can't
necessarily trust a network connection just because it is connecting
to a block owned by Akamai. It would be ideal if Akamai offered
an IP address lookup service that could be used to verify which of
Akamai customers was being serviced by a particular IP.
Without at least one of the two above requests, the only way to
verify that the connections were indeed made on behalf of Windows
Update was to bounce the service and watch the connections die (and
assume Windows Update DLL hadn't been hacked of course).
~
When I first heard that McDonald's was planning to launch a new ad
campaign themed "Lovin' It", I immediately got visions of the
horribly tacky "Mentos, the Freshmaker!" commercials. I
envisioned some German ad agency telling hapless McDonald's
executives, "We know how to make more teens go to McDonald's;
we'll use some real groovy stuff and say the words Lovin' It because
then kids will think you are cool!" So today I saw one of
the new ads for the first time, and it wasn't all that bad.
Actually it was kind of nice. It's kind of a feel-good, "happy
memories of carefree times" theme, kind of like the Pepsi spots a few
years back.
FTC Bars Popup Backdoor Ads
FTC Bars Popup Backdoor Ads
08/10/2004 12:21 PMSlashdot Aug 10 2004 4:15PM GMT
Dynalink routers backdoor?
Dynalink routers backdoor?
09/03/2004 02:29 PMfabio (Sep 02 2004)
US bars backdoor pop-up adverts
US bars backdoor pop-up adverts
08/10/2004 06:56 AMA US company exploiting a little-known Windows feature has been banned
from sending pop-up ads to PC users.
Backdoor program gets backdoored
Backdoor program gets backdoored
06/13/2004 04:51 PMBackdoor.Autoupder Removal
Backdoor.Autoupder Removal
08/12/2004 03:56 AMNetgear's Amusing "fix" for WG602v1
Backdoor
Netgear's Amusing "fix" for WG602v1
Backdoor
06/08/2004 10:40 AMLinux kernel backdoor blocked
Linux kernel backdoor blocked
11/07/2003 08:52 AMHints at smarter hacks
Re: Backdoor in Fortinet´s firewall
Fortigate
Re: Backdoor in Fortinet´s firewall
Fortigate
06/05/2005 11:39 PMPosted by Derek Martin, Friday, 3 June
Qwest's Backdoor Enterprise Strategy
Qwest's Backdoor Enterprise Strategy
11/04/2003 09:23 PMBoston.Internet.com Nov 4 2003 8:40PM ET
'DVD Jon' reopens iTunes backdoor
'DVD Jon' reopens iTunes backdoor
03/23/2005 10:20 AMApple Computer's music store is once again exposed to
copy-protection-free sales.
Re: Backdoor in X-Micro WLAN 11b
Broadband Router
Re: Backdoor in X-Micro WLAN 11b
Broadband Router
04/16/2004 01:02 PMMariano Firpo (Apr 16 2004)
Backdoor in X-Micro WLAN 11b Broadband
Router
Backdoor in X-Micro WLAN 11b Broadband
Router
04/10/2004 03:27 PMRISKO Gergely (Apr 10 2004)
NEW backdoor in X-Micro WLAN 11b
Broadband Router
NEW backdoor in X-Micro WLAN 11b
Broadband Router
04/17/2004 04:43 PMRISKO Gergely (Apr 16 2004)
Finance Spam Passing Drug Spam While
Porn Spam Is Washed Up
Finance Spam Passing Drug Spam While
Porn Spam Is Washed Up
05/24/2004 05:37 PMThe latest study on spam trends appears to show that
financial spam is outpacing pharmaceutical spam
- though, honestly, so much of both is coming out that it's really
hard to imagine that this matters at all. Meanwhile, it seems that
porn spam is increasingly less interesting to spammers as the numbers
have been on a noticeable decline for quite some time. No matter
what, though, it appears that CAN-SPAM has done absolutely nothing to
slow down the amount of spam sent.
backdoor menu on conexant chipset dsl
router (Zoom X3)
backdoor menu on conexant chipset dsl
router (Zoom X3)
07/06/2004 06:36 PMAdam Laurie (Jul 06 2004)
Kerry: Bush army plan is "backdoor
draft"
Kerry: Bush army plan is "backdoor
draft"
06/03/2004 03:26 PMRe: APC 9606 SmartSlot Web/SNMP
management card "backdoor"
Re: APC 9606 SmartSlot Web/SNMP
management card "backdoor"
02/18/2004 04:09 PMFredrik Björk (Feb 18 2004)
Zindos enters MyDoom backdoor to attack
Microsoft
Zindos enters MyDoom backdoor to attack
Microsoft
07/28/2004 09:37 AMComputer Shopper Jul 28 2004 2:17PM GMT
APC 9606 SmartSlot Web/SNMP management
card "backdoor"
APC 9606 SmartSlot Web/SNMP management
card "backdoor"
02/17/2004 01:04 PMDave Tarbatt (Feb 16 2004)
Sophos warns of new backdoor trojan
security threat, Uproot-A
Sophos warns of new backdoor trojan
security threat, Uproot-A
01/05/2004 07:28 AMComputer Buyer Jan 5 2004 6:43AM ET
Re: Fw: APC 9606 SmartSlot Web/SNMP
management card "backdoor" - MORE
PROBLEMS
Re: Fw: APC 9606 SmartSlot Web/SNMP
management card "backdoor" - MORE
PROBLEMS
02/18/2004 05:19 PMThomas M. Payerle (Feb 17 2004)
Fw: APC 9606 SmartSlot Web/SNMP
management card "backdoor" - MORE
PROBLEMS
Fw: APC 9606 SmartSlot Web/SNMP
management card "backdoor" - MORE
PROBLEMS
02/17/2004 05:11 PMthiago.vazquez_at_light.com.br (Feb 17 2004)
APC 9606 SmartSlot Web/SNMP management
card "backdoor" - Telnet can't be
disabled.
APC 9606 SmartSlot Web/SNMP management
card "backdoor" - Telnet can't be
disabled.
02/19/2004 03:30 PMDavid Monosov (Feb 19 2004)
Re: APC 9606 SmartSlot Web/SNMP
management card "backdoor" - Telnet
can't be disabled.
Re: APC 9606 SmartSlot Web/SNMP
management card "backdoor" - Telnet
can't be disabled.
02/19/2004 06:14 PMKeith Clifton (Feb 19 2004)
Remove: Backdoor.Agent.B, Evaman.C,
Erkez.B@mm, Korgo and Donk.Q worms
Remove: Backdoor.Agent.B, Evaman.C,
Erkez.B@mm, Korgo and Donk.Q worms
09/20/2004 08:52 AMFrom spam drops to spam spray to spam
stream
From spam drops to spam spray to spam
stream
06/05/2004 07:31 PM I am now getting 2,000+ spams a day. There are 1,440 minutes in a day
The rate of incoming spams is therefore getting close to the interval
it takes me to check my email and dispose of a single spam: By the
time I'm done checking, more spam has arrived. That is the point at
which the spam droplets form a continuous stream. And that is the
point at which no interval of my life will ever be spam-free again....
Bagle keeps on toasting PCs
Bagle keeps on toasting PCs
07/19/2004 04:55 PMPublicly available source code means the latest variant of the virus
won't be the last.
"Bagle -- you are a looser!!!"
"Bagle -- you are a looser!!!"
03/06/2004 01:59 AMNo coffee, but here's another Bagle
No coffee, but here's another Bagle
02/17/2004 03:43 PMA variant of the mass-mailing Bagle virus seems to have taken off a
bit faster than the original--and its intent could be spam-related.
Other News: Bagle.B
Other News: Bagle.B
02/18/2004 10:41 AMThe latest Windows worm is upgraded to "Level 1", and we'll probably
see the usual Mac side-effects, even if it needs an Intel processor to
run.
Grok Description matches for New Bagle opens another spam backdoor
GrokA matches for New Bagle opens another spam backdoor
New Bagle opens another spam backdoor
