August 31st, 2006, 02:42 PM
I'll do a scan and post what I find
August 31st, 2006, 04:18 PM
Perhaps you should concentrate on the machine that's causing the requests instead of trying to find out what the login.fric.cn host is?
As phish already pointed out.. It's probably linked to Cool Web Search.. Now go and clean that machine
The (default) page does indeed show a form:
It's probably a stub. If you really want to know what it does take a closer look at the requests the infected machine is sending.. Fire up your favorite sniffer and capture that traffic..
dice@maelcum:~>nc 18.104.22.168 80
GET / HTTP/1.1
HTTP/1.1 200 OK
<FORM ACTION="http://www.microsoft.com" METHOD=POST>
<input type=submit value=" Go! ">
Whois on the IP shows it's owned by Hurricane Electric Internet Services.
Experience is something you don't get until just after you need it.
August 31st, 2006, 04:32 PM
Thanks for that. I can get to that address, but can't resolve via dns.
Oh well, doesn't really matter anyway.
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
August 31st, 2006, 10:42 PM
Yes, I've seen that it looks at that webpage everytime i connect to some webpage with IE, so its probably coolwebsearch or something simmilar, however, i'm curious about what it actually sends so I'll keep for some time to find out hehehe.