[unisog] windows networking and udp 1026

Bill McCarty bmccarty at pt-net.net
Wed Dec 3 18:42:32 GMT 2003


Hi Peter,

--On Wednesday, December 03, 2003 10:26 AM -0800 Peter Moody 
<peter at ucsc.edu> wrote:

> With this recent increase in udp/1026 scans and popup spam coming in on
> said port I'm wondering, do I have to be worried about some sort of
> blaster/nachi variant coming through that vector as well?
>
> Has anyone else seen anything to either support or refute this?

The traffic has dropped off here, and DShield.org shows the same is true of 
the Internet generally.

The traffic seems to have been related to a malware species that sends 
pop-up spam inviting folks to download a free pop-up spam blocker. The 
blocker is likely a Trojan horse that causes the victim's computer to begin 
sending pop-up spam. Reverse engineering of the blocker and the web page 
offering it are not yet complete. So, my conclusions are somewhat 
speculative. But, at this point, I'd wager dollars to doughnuts <g>.

Cheers,

---------------------------------------------------
Bill McCarty, Ph.D.
Associate Professor of Information Technology
Azusa Pacific University




More information about the unisog mailing list