[Dshield] port 1026-1031 update

Bill McCarty bmccarty at pt-net.net
Wed Dec 3 19:05:52 GMT 2003

Hi Bjorn,

--On Wednesday, December 03, 2003 10:04 AM -0700 Bjorn Stromberg 
<bjorn at thechemistrylab.com> wrote:

We concur: There doesn't seem to be anything malicious behind the 
obfuscation on the web page. However, I continue to suspect that the 
offered download is malicious. I know of one group that's working to 
reverse engineer it. So, perhaps we'll soon know.

If the download also proves to be benign, I'll fall back on my conjecture 
that the related traffic was scanning for vulnerable hosts, with a 
malicious payload yet to come. I find it hard to believe that there'd be 
this much fuss merely to deliver a pop-up spam blocker.


Bill McCarty

More information about the list mailing list