[Dshield] What kind of !#@$%! Is this?!?

Ronnie & Stacy Clark rsclark at kingwoodcable.net
Sun Aug 24 05:30:50 GMT 2003


While watching traffic on my home network, I get this packet:

00:23:39.112665 64.174.34.21.32781 > aaa.bbb.ccc.xxx.1026: udp 552
0x0000   4500 0244 77ed 0000 f211 4a35 40ae 2215        E..Dw.....J5 at .".
0x0010   aabb ccxx 800d 0402 0230 ba3c 0400 2800        .........0.<..(.
0x0020   1000 0000 0000 0000 0000 0000 0000 0000        ................
0x0030   0000 0000 f891 7b5a 00ff d011 a9b2 00c0        ......{Z........
0x0040   4fb6 e6fc 1e1b 2dcc 9968 d2e0 fbcb cc8f        O.....-..h......
0x0050   ad4a 1fef 0000 0000 0100 0000 0000 0000        .J..............
0x0060   0000 ffff ffff d801 0000 0000 0e00 0000        ................
0x0070   0000 0000 0e00 0000 414c 4552 5420 5345        ........ALERT.SE
0x0080   5256 4943 4500 0000 0400 0000 0000 0000        RVICE...........
0x0090   0400 0000 594f 5500 a001 0000 0000 0000        ....YOU.........
0x00a0   a001 0000 2020 2020 2020 2020 2057 4152        .............WAR
0x00b0   4e49 4e47 3a20 594f 5552 2043 4f4d 5055        NING:.YOUR.COMPU
0x00c0   5445 5220 4953 204f 5045 4e20 544f 2041        TER.IS.OPEN.TO.A
0x00d0   5454 4143 4b53 210a 0a59 6f75 7220 636f        TTACKS!..Your.co
0x00e0   6d70 7574 6572 2068 6173 2062 6565 6e20        mputer.has.been.
0x00f0   6465 7465 6374 6564 2074 6f20 6265 206f        detected.to.be.o
0x0100   7065 6e20 746f 2048 6163 6b65 7273 2077        pen.to.Hackers.w
0x0110   686f 2063 616e 2073 7465 616c 2079 6f75        ho.can.steal.you
0x0120   720a 7072 6976 6174 6520 696e 666f 726d        r.private.inform
0x0130   6174 696f 6e20 616e 6420 696e 7661 6465        ation.and.invade
0x0140   2079 6f75 7220 636f 6d70 7574 6572 2077        .your.computer.w
0x0150   6974 6820 4d65 7373 656e 6765 7220 506f        ith.Messenger.Po
0x0160   7055 7073 0a6c 696b 6520 7468 6973 210a        pUps.like.this!.
0x0170   0a47 6f20 746f 2077 7777 2e45 4e44 4144        .Go.to.www.ENDAD
0x0180   532e 636f 6d20 746f 2070 726f 7465 6374        S.com.to.protect
0x0190   2079 6f75 7273 656c 6620 616e 6420 7374        .yourself.and.st
0x01a0   6f70 2074 6865 7365 2061 6473 2069 6e20        op.these.ads.in.
0x01b0   6d69 6e75 7465 732e 0a0a 5072 6573 7369        minutes...Pressi
0x01c0   6e67 204f 4b20 7769 6c6c 206e 6f74 2074        ng.OK.will.not.t
0x01d0   616b 6520 796f 7520 746f 2077 7777 2e45        ake.you.to.www.E
0x01e0   4e44 4144 532e 636f 6d20 736f 200a 7772        NDADS.com.so..wr
0x01f0   6974 6520 646f 776e 2074 6865 2077 6562        ite.down.the.web
0x0200   7369 7465 2062 6566 6f72 6520 7072 6573        site.before.pres
0x0210   7369 6e67 204f 4b2e 0a0a 2020 2020 2020        sing.OK.........
0x0220   2020 2020 2020 2020 2020 2020 2020 2020        ................
0x0230   2077 7777 2e44 4553 5452 4f59 4144 532e        .www.DESTROYADS.
0x0240   636f 6d00

What kind of junk is this?!?. At least my FW dropped it. 

Ron Clark




More information about the list mailing list