[prev in list] [next in list] [prev in thread] [next in thread]
List: incidents
Subject: RE: UDP port 1026 probe?
From: "James C Slora Jr" <Jim.Slora () phra ! com>
Date: 2005-04-18 15:59:43
Message-ID: 20050418160303.DC81970E616 () mail49-ash ! bigfish ! com
[Download RAW message or body]
Kero-Chan III wrote Sunday, April 17, 2005 10:08 PM
> I saw a big increase in UDP packets sent to port 1026 (and 1027
occasionally)...
> $ nc -l -p 1026 -u -v
> listening on [any] 1026 ...
> 61.235.154.90: inverse host lookup failed: Unknown host connect to
[my.ip.addr] from
> (UNKNOWN) [61.235.154.90] 36240 (ø{ZÿÐ(c)²ÀO¶æüÿÿÿÿ{STOPALERT77STOP!
WINDOWS REQUIRES
> IMMEDIATE ATTENTION.
> Windows has found 47 Critical Errors.
> To fix the errors please do the following:
> 1. Download Registry Repair from: www.reg-patch.com 2. Install Registry
Repair 3. Run > Registry Repair 4. Reboot your computer FAILURE TO ACT NOW
MAY LEAD TO DATA LOSS AND > CORRUPTION!
> What is this? ICQ buffer overflow? Or something totally different?
This looks like just Messenger spam. It is designed to pop up a message on
the target's Windows desktop. The messages commonly promote malware
disguised as legitimate utilities. They send commonly these to any or all of
1025 through 1029, since Windows creates a listener on one of the low
dynamic ports. Usually I see an accompanying attempt against UDP 137 with
the same content.
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic