[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] VB WinHTTP User Agent alerts
From: dxp2532 () gmail ! com (dxp)
Date: 2008-05-09 13:45:27
Message-ID: 1210340727.6789.6.camel () kinta
[Download RAW message or body]
I'm not sure if all vendors do this but recently a friend of mine
obtained a HP laptop which came preloaded with Vista and without any
installation media. Instead, there was a piece of paper in the box
stating that HP laptops now come with a restore/repair partition and
physical installation media is no longer required.
This may not be a problem for many people on this list but what about
other folks out there.
I guess she can always call HP and demand a disc but I have a feeling
that might be fruitless.
On Thu, 2008-05-08 at 09:29 -0400, Joel Esler wrote:
> This is why you should wipe all computers you receive with a fresh
> copy of your OS.
>
> J
>
> On May 8, 2008, at 8:52 AM, Jack Pepper wrote:
>
> > sid=2002970
> >
> > 192.168.10.154 MALWARE VB WinHTTP User Agent - Possible Malware
> >
> >
> > That WinHTTP alert is cause by some new software that DELL is
> > preloading on their computers. It appears to be uploading hardware
> > configuration data once per day.
> >
> >
> > 12:21:50.345343 IP 192.168.10.154.1330 > 12.129.31.109.80: P
> > 1584357475:1584357908(433) ack 1809964304 win 64860
> > 0x0000 4500 01d9 48b8 4000 8006 b936 c0a8 0a9a E...H. at ....
> > 6....
> > 0x0010 0c81 1f6d 0532 0050 5e6f 6063 6be1 dd10 ...m.
> > 2.P^o`ck...
> > 0x0020 5018 fd5c 0a83 0000 504f 5354 202f 7364 P..
> > \....POST./sd
> > 0x0030 6378 7573 6572 2f61 7370 2f64 656c 6c70 cxuser/asp/
> > dellp
> > 0x0040 726f 6669 6c65 696e 666f 2e61 7370 2048
> > rofileinfo.asp.H
> > 0x0050 5454 502f 312e 310d 0a43 6f6e 7465 6e74 TTP/
> > 1.1..Content
> > 0x0060 2d74 7970 653a 2061 7070 6c69 6361 7469 -
> > type:.applicati
> > 0x0070 6f6e 2f78 2d77 7777 2d66 6f72 6d2d 7572 on/x-www-
> > form-ur
> > 0x0080 6c65 6e63 6f64 6564 0d0a 436f 6e74 656e
> > lencoded..Conten
> > 0x0090 742d 4c65 6e67 7468 3a20 3137 310d 0a41 t-Length:.
> > 171..A
> > 0x00a0 6363 6570 743a 202a 2f2a 0d0a 5573 6572 ccept:.*/
> > *..User
> > 0x00b0 2d41 6765 6e74 3a20 4d6f 7a69 6c6c 612f -
> > Agent:.Mozilla/
> > 0x00c0 342e 3020 2863 6f6d 7061 7469 626c 653b 4.0.
> > (compatible;
> > 0x00d0 2057 696e 3332 3b20 5769 6e48 7474
> > 702e .Win32;.WinHttp.
> > 0x00e0 5769 6e48 7474 7052 6571 7565 7374 2e35
> > WinHttpRequest.5
> > 0x00f0 290d 0a48 6f73 743a 2077 7777 2e64
> > 656c )..Host:.www.del
> > 0x0100 6c73 7570 706f 7274 6365 6e74 6572 2e63
> > lsupportcenter.c
> > 0x0110 6f6d 0d0a 436f 6e6e 6563 7469 6f6e 3a20
> > om..Connection:.
> > 0x0120 4b65 6570 2d41 6c69 7665 0d0a 0d0a 636c Keep-
> > Alive....cl
> > 0x0130 6965 6e74 5f67 7569 643d 3433 3833 6664
> > ient_guid=4383fd
> > 0x0140 6433 2d30 3732 382d 3437 3364 2d61 3635 d3-0728-473d-
> > a65
> > 0x0150 352d 3031 6664 6435 3936 3930 6130 2673
> > 5-01fdd59690a0&s
> > 0x0160 6572 7669 6365 5f74 6167 3d34 5651 5351
> > ervice_tag=4VQSQ
> > 0x0170 4231 266d 6f64 656c 3d58 5053 204d 3132
> > B1&model=XPS.M12
> > 0x0180 3130 266c 6f62 3d58 5053 2673 6567 6d65
> > 10&lob=XPS&segme
> > 0x0190 6e74 3d32 3926 636f 756e 7472 793d 7573
> > nt=29&country=us
> > 0x01a0 2672 6567 696f 6e3d 5553 2663 6c69 656e
> > ®ion=US&clien
> > 0x01b0 745f 6c61 6e67 7561 6765 3d65 6e26 7761
> > t_language=en&wa
> > 0x01c0 7272 616e 7479 5f65 7870 5f64 6174 653d
> > rranty_exp_date=
> > 0x01d0 392f 3130 2f32 3030 39 9/10/2009
> >
> > --
> >
> > Framework? I don't need no stinking framework!
> >
> > ----------------------------------------------------------------
> > @fferent Security Labs: Isolate/Insulate/Innovate
> > http://www.afferentsecurity.com
> >
> > _______________________________________________
> > Emerging-sigs mailing list
> > Emerging-sigs at emergingthreats.net
> > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> >
>
>
> --
> Joel Esler ? joel.esler at sourcefire.com
>
>
>
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
--
-=[ dxp ]=-
0xA3F3C6E3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20080509/efe73b1a/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20080509/efe73b1a/attachment-0001.bin
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic