Backdoors? AdWare? Worms?

View Poll Results: Is Time Travel Possible?

Voters
36. You may not vote on this poll
  • Definatley!

    18 50.00%
  • What year is it?

    5 13.89%
  • Undecided

    5 13.89%
  • Whats Time Travel mean?

    0 0%
  • Definately Not!

    8 22.22%
Results 1 to 5 of 5

Thread: Backdoors? AdWare? Worms?

  1. #1
    Junior Member
    Join Date
    Jul 2003
    Posts
    24

    Backdoors? AdWare? Worms?

    HI,

    on my box, i have installed many proxy servers and filters that guarantees that i see nothing bu the things i want to see when surfing theweb, i block banners popups javascript and tons of other things that suck. A coupleof days ago i started digging into my logfiles and noticed many requests made by some software to strange URL's and accessing the web in a smart way without my permission for this, i will be here posting some of these URL's maybe somebody can help me identify them or help me with any information regarding this topic, take a look.....

    http://ads8.speedbit.com/cgi-bin/ads...NR=3&SI=0&KA=1
    [connects once each 15-20 minutes]

    http://cb.icq.com/cb/icqsrp/545/srp....colc=4colerr=5
    [connects every 30 seconds]

    http://cb.icq.com/cb/icqsrp/545/srp....eon=1640flow=1
    [every 30 seconds - 1 minute]

    http://toolbar.google.com/version?dl...5.00.3502.1000
    [two times in 24h]

    http://www.siber.com/roboform/versio...ALNKKLBNKLHKKL
    [Undefined Refresh Time, Appears 3-5 Times Weekly]

    http://www.hit4hit.net/banner4.php4?...l=400x40&sub=1
    [PS.. 404 error, no such domain, but returns 200 HTTP/1.0 code]

    http://idn.verisign-grs.com/plug-in/...2003&encoded=0
    [many times daily]

    PS>>
    i have update feature turned OFF in all software, so anyway these connections are made without my permission, is this legal, do they have the right to do so??
    Ruslan K. Abu Zant
    eReg(c) Internet Services
    http://ereg.info/ | http://gold-directory.com/ | http://xui.info/

  2. #2
    Senior Member
    Join Date
    Aug 2001
    Posts
    100
    http://cb.icq.com/cb/icqsrp/545/srp...6colc=4colerr=5 and http://cb.icq.com/cb/icqsrp/545/srp...40fl
    something from icq (as the adress sais...). icq has to connect every minute to check if users are online, etc.

    http://toolbar.google.com/version?d...=5.00.3502.1000
    google sends an identifications string if you post a search request with the toolbar.

    http://www.siber.com/roboform/versi... ALNKKLBNKLHKKL
    roboform toolbar.completes forms in websites.seems to be only a version information for update

    hit4hit.net seems to be a banner for websites

    http://idn.verisign-grs.com/plug-in...02003&encoded=0
    some software to translate webadresses into your language.
    (see at: http://idn.verisign-grs.com/index.jsp)

    if you turned update features of there should normally be no connection regarding the version info from the software. whether it is illegal or not i cannot say. you can't just say its spyware. it could also be that this information is used for statistics (i think google does this.)
    \"Knowledge is the Real Power\"

  3. #3
    Junior Member
    Join Date
    Jul 2003
    Posts
    24
    Hi again...
    i of coure would say thanks for this, but i knew before posting the thread what each of them is, and here is a correction for the information you posted ....

    Originally posted here by meister

    http://cb.icq.com/cb/icqsrp/545/srp...6colc=4colerr=5 and http://cb.icq.com/cb/icqsrp/545/srp...40fl
    something from icq (as the adress sais...). icq has to connect every minute to check if users are online, etc.
    Nope, ICQ do NOT use HTTP to check online users status.

    http://toolbar.google.com/version?d...=5.00.3502.1000
    google sends an identifications string if you post a search request with the toolbar.
    Nope, that is a different one, the identification string looks like this...
    http://216.239.57.104/search?client=...hread%2Ephp%3F



    http://www.siber.com/roboform/versi... ALNKKLBNKLHKKL
    roboform toolbar.completes forms in websites.seems to be only a version information for update

    hit4hit.net seems to be a banner for websites
    this is right, but i am interested what program software is it attched to on my PC, maybe a SpyWare or an AdWare ?

    http://idn.verisign-grs.com/plug-in...02003&encoded=0
    some software to translate webadresses into your language.
    (see at: http://idn.verisign-grs.com/index.jsp)
    The Same As Above...

    if you turned update features of there should normally be no connection regarding the version info from the software. whether it is illegal or not i cannot say. you can't just say its spyware. it could also be that this information is used for statistics (i think google does this.)



    ------
    Andonemore important thing, is this action by service providers or vendors considered legal ?
    Thanks In Advance...
    Ruslan K. Abu Zant
    eReg(c) Internet Services
    http://ereg.info/ | http://gold-directory.com/ | http://xui.info/

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    100
    o.k. thanks for the correction and sorry for the false information
    i got curious and did a research for the icq thing.
    on this site they propose to put cb.icq.com in the host file. (see here: http://www.cexx.org/icq.htm)
    the hit4hit adress seems only to be a pay per click banner site. i didn't find any information refering to an software.
    the last one verisign is a plugin for internet explorer. verisign should not promote spyware, but if you don't need it uninstall it. (see under 5) : http://www.idnnow.com/faqs.jsp)
    \"Knowledge is the Real Power\"

  5. #5
    Junior Member
    Join Date
    Jul 2003
    Posts
    24
    yes of course, thanx...
    i also am working on this for a couple of hours already, and i discovered what the verisign one was...

    it is a russian domain name translator, try this nice looking link
    www.киевстар.com

    the mentioned plugin translated this name to www.bq--aq5dqnjsifbdaqa.mltbd.com and serves the request....
    Ruslan K. Abu Zant
    eReg(c) Internet Services
    http://ereg.info/ | http://gold-directory.com/ | http://xui.info/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •