'[Full-disclosure] Re: Backdoor in RelevantKnowledge adware (What'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] Re: Backdoor in RelevantKnowledge adware (What
From:       "Dave \"No, not that one\" Korn" <davek_throwaway () hotmail ! com>
Date:       2006-05-30 14:19:47
Message-ID: e5hka5$dv$1 () sea ! gmane ! org
[Download RAW message or body]

3APA3A wrote:

> RelevantKnowledge   was   found  to  contain  backdoor  proxy
> component
> rlvknlg.exe   (Marketscore  OSSProxy),  which  is  configured  to
> allow
> incoming  network  connections  on TCP/8254, probably acts as open
> proxy
> and  also performs keylogging and monitoring for active windows
> content.
> Component can not be disabled by user.
>
> Details (by YAG KOHHA, Lame):

Good analysis, but you're not the first:

http://www.cit.cornell.edu/computer/security/marketscore/technical.html

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic