[Dshield] What kind of !#@$%! Is this?!?

Doug White doug at clickdoug.com
Sun Aug 24 13:24:03 GMT 2003


That is one of the pop-up messages directed to those who have messaging running

======================================
Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
Suggested corporate Anti-virus policy: http://www.dshield.org/antivirus.pdf
======================================
If you are not satisfied with my service, my job isn't done!

----- Original Message ----- 
From: "Ronnie & Stacy Clark" <rsclark at kingwoodcable.net>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Sunday, August 24, 2003 12:30 AM
Subject: [Dshield] What kind of !#@$%! Is this?!?


| While watching traffic on my home network, I get this packet:
|
| 00:23:39.112665 64.174.34.21.32781 > aaa.bbb.ccc.xxx.1026: udp 552
| 0x0000   4500 0244 77ed 0000 f211 4a35 40ae 2215        E..Dw.....J5 at .".
| 0x0010   aabb ccxx 800d 0402 0230 ba3c 0400 2800        .........0.<..(.
| 0x0020   1000 0000 0000 0000 0000 0000 0000 0000        ................
| 0x0030   0000 0000 f891 7b5a 00ff d011 a9b2 00c0        ......{Z........
| 0x0040   4fb6 e6fc 1e1b 2dcc 9968 d2e0 fbcb cc8f        O.....-..h......
| 0x0050   ad4a 1fef 0000 0000 0100 0000 0000 0000        .J..............
| 0x0060   0000 ffff ffff d801 0000 0000 0e00 0000        ................
| 0x0070   0000 0000 0e00 0000 414c 4552 5420 5345        ........ALERT.SE
| 0x0080   5256 4943 4500 0000 0400 0000 0000 0000        RVICE...........
| 0x0090   0400 0000 594f 5500 a001 0000 0000 0000        ....YOU.........
| 0x00a0   a001 0000 2020 2020 2020 2020 2057 4152        .............WAR
| 0x00b0   4e49 4e47 3a20 594f 5552 2043 4f4d 5055        NING:.YOUR.COMPU
| 0x00c0   5445 5220 4953 204f 5045 4e20 544f 2041        TER.IS.OPEN.TO.A
| 0x00d0   5454 4143 4b53 210a 0a59 6f75 7220 636f        TTACKS!..Your.co
| 0x00e0   6d70 7574 6572 2068 6173 2062 6565 6e20        mputer.has.been.
| 0x00f0   6465 7465 6374 6564 2074 6f20 6265 206f        detected.to.be.o
| 0x0100   7065 6e20 746f 2048 6163 6b65 7273 2077        pen.to.Hackers.w
| 0x0110   686f 2063 616e 2073 7465 616c 2079 6f75        ho.can.steal.you
| 0x0120   720a 7072 6976 6174 6520 696e 666f 726d        r.private.inform
| 0x0130   6174 696f 6e20 616e 6420 696e 7661 6465        ation.and.invade
| 0x0140   2079 6f75 7220 636f 6d70 7574 6572 2077        .your.computer.w
| 0x0150   6974 6820 4d65 7373 656e 6765 7220 506f        ith.Messenger.Po
| 0x0160   7055 7073 0a6c 696b 6520 7468 6973 210a        pUps.like.this!.
| 0x0170   0a47 6f20 746f 2077 7777 2e45 4e44 4144        .Go.to.www.ENDAD
| 0x0180   532e 636f 6d20 746f 2070 726f 7465 6374        S.com.to.protect
| 0x0190   2079 6f75 7273 656c 6620 616e 6420 7374        .yourself.and.st
| 0x01a0   6f70 2074 6865 7365 2061 6473 2069 6e20        op.these.ads.in.
| 0x01b0   6d69 6e75 7465 732e 0a0a 5072 6573 7369        minutes...Pressi
| 0x01c0   6e67 204f 4b20 7769 6c6c 206e 6f74 2074        ng.OK.will.not.t
| 0x01d0   616b 6520 796f 7520 746f 2077 7777 2e45        ake.you.to.www.E
| 0x01e0   4e44 4144 532e 636f 6d20 736f 200a 7772        NDADS.com.so..wr
| 0x01f0   6974 6520 646f 776e 2074 6865 2077 6562        ite.down.the.web
| 0x0200   7369 7465 2062 6566 6f72 6520 7072 6573        site.before.pres
| 0x0210   7369 6e67 204f 4b2e 0a0a 2020 2020 2020        sing.OK.........
| 0x0220   2020 2020 2020 2020 2020 2020 2020 2020        ................
| 0x0230   2077 7777 2e44 4553 5452 4f59 4144 532e        .www.DESTROYADS.
| 0x0240   636f 6d00
|
| What kind of junk is this?!?. At least my FW dropped it.
|
| Ron Clark
|
| _______________________________________________
| list mailing list
| list at dshield.org
| To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
|
|




More information about the list mailing list