i just scanned a sub net of verizons where i have a remote location. i got one hit on 4444. did a GET /http1.0 and got the adsubtract response. and stopped at that.

does anyone know if this worm is using the adsubtract proxy as one of its components like some irc.backdoors use mIRC. or is it just trying to appear like an adsubtract sever (which also listens on port 4444) to avoid detection. even though chances of that are slim to none now

im tempeted (but not convinced) to d/l the dammed thing just to join the MS party on saturday.

palemoon! how in hell are you? haven't seen you in a coons age!