[unisog] anyone else seeing lots of popup spam/malware?
pete at shadows.uottawa.ca
Wed Oct 26 19:08:34 GMT 2005
On Wed, Oct 26, 2005 at 05:51:23PM +1300, Russell Fulton wrote:
> Over the last couple of weeks we have noticed an increasing amount of
> UDP traffic with a source port of 0 and destination port of 102x (
> x=5,6) packets are always a variation of this:
I started seeing them in early August, and we've been getting
them steadily since then. Heck, probably 5% of Argus's logs
are that... Here was one of our messages:
Microsoft Windows has encountered an Internal Error.
kYour windows registry is corrupted. We recommend a
complete system scan. Visit http://FixReg32.com. To repair now.
> URL varies but always seems to redirect to
> which does not respond.
It did for me then, and does now. You can 'get a scan', or
buy something. TO get a scan, you download and run a file called
install.exe. If you want to buy ..whatever.. they start asking
for your credit card info before even asking for an address.
> All these packets hit the bit bucket at our perimeter firewall so the
> are not currently a threat to us. The do however have me puzzled.
That was why I started trapping them and looking at the content.
At first, I though it was popup spam.
Pete Hickey /~\ The ASCII
The University of Ottawa \ / Ribbon Campaign
Ottawa, Ontario X Against HTML
Canada / \ Email!
More information about the unisog