б^H tries to connect to the internet
Today I have found bunch of interesting entries in my firewall log. Apparently an application named б^H was trying to access the internet at various times. Now, I don't know about you - but if I see a weird sting like that I get suspicious. So I started digging.
From the logs I figured that this thing was trying to do DNS lookups (all the hits were aiming at port 53 on the remote hosts). This is not unusuall - any piece of mallware could be doing this... But, since my anti-virus and spybot scans that run just this morning did not find anything, I started looking for legit apps that could generate port 53 traffic.
I spotted my DynDNS Updater icon in the taskbar which was red (to indicate failure to update). I did a few quick tests, enabling and disabling the rule for my mysterious application and I got it. It was the damn DynDNS updater!
Question is, why the hell does it show up in my logs as б^H? Why haven't I noticed this before? And what the hell were they thinking?
0 Comments:
Post a Comment
<< Home