Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Port 1975 again
From: bejtlich () TEXAS NET (Richard Bejtlich)
Date: Fri, 31 Dec 1999 02:14:31 -0000

Hello,

The outbound connections you are seeing are most likely the result of 
advert.dll, installed with one of the shareware programs listed at 
this link:

http://www.aureate.com/downloads/network_members.html

advert.dll implements advertisements in shareware products like CuteFTP.  
It pulls ads from remote servers and displays them in the application.  
These ads are the "price" for some shareware these days.

Here is Aureate's FAQ on the advertising system:

http://manage.aureate.com/developers/sdk_doc/faq.html

A person calling himself "Kept_Anonymous" detailed his experience with 
advert.dll, port 1975, and CuteFTP here:

http://crazyboy.com/fravia/fravia.org/sha2adw.htm

I do not know if you can cripple the ad retrieval system without damaging 
the underlying application.

Happy new year,

Richard

  By Date           By Thread  

Current thread:
  • Re: Port 1975 again Richard Bejtlich (Dec 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]