NIS 2009 Found This... What is it? in Security

NIS 2009 Found This... What is it? in Security http://www.dslreports.com/forum/r21306810 en Fri, 27 Nov 2009 09:58:05 EDT Fri, 27 Nov 2009 09:58:05 EDT Re: NIS 2009 Found This... What is it? http://www.dslreports.com/forum/remark,21309490 owlyn :

said by therube

:

Looks like this, Niranhadas.com.

Okay, I visited the link, but I don't know what the information ther means. It was obviously a code snippet, but iu don't know what it does. Looks like it wants to cause a buffer overflow, and then install a (malware?)helper to Adobe reader? Just a guess...]]> http://www.dslreports.com/forum/remark,21309490 Wed, 22 Oct 2008 16:40:55 EDT Re: NIS 2009 Found This... What is it? http://www.dslreports.com/forum/remark,21309171 therube : Looks like this, Niranhadas.com.]]> http://www.dslreports.com/forum/remark,21309171 Wed, 22 Oct 2008 15:34:51 EDT Re: NIS 2009 Found This... What is it? http://www.dslreports.com/forum/remark,21307791 owlyn : Thanks. I checked the whois on it before posting, but I still wasn't sure. I sure hope my Trend Micro software was protecting me prior to the NIS install...]]> http://www.dslreports.com/forum/remark,21307791 Wed, 22 Oct 2008 11:15:23 EDT Re: NIS 2009 Found This... What is it? http://www.dslreports.com/forum/remark,21307749 Doctor Four : SnapShot Viewer ActiveX? That sure sounds like a social engineering ploy to get a trojan installed (such as Zlob).

I wouldn't call it a FP.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
]]> http://www.dslreports.com/forum/remark,21307749 Wed, 22 Oct 2008 11:07:44 EDT Re: NIS 2009 Found This... What is it? http://www.dslreports.com/forum/remark,21306861 amysheehan : NIS states that wsxhost.net was the webpage you were visiting

WHO IS INFO
Result for wsxhost.net
--> /usr/local/bin/fwhois wsxhost.net@whois.internic.net
[whois.internic.net]

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered

Domain Name: WSXHOST.NET
Registrar: REGTIME LTD.
Whois Server: whois.regtime.net
Referral URL: »www.webnames.ru
Name Server: NS1.NAMESELF.COM
Name Server: NS2.NAMESELF.COM
Status: ok
Updated Date: 19-sep-2008
Creation Date: 19-sep-2008
Expiration Date: 19-sep-2009

The Registry database contains ONLY .COM, .NET, .EDU domains and
--> /usr/local/bin/fwhois wsxhost.net@whois.regtime.net
[www.regtime.net]
% RegTime.net WHOIS server

Domain name: wsxhost.net

Name servers:
ns1.nameself.com
ns2.nameself.com

Registrar: RegTime.net Limited
Creation date: 2008-09-19
Expiration date: 2009-09-19

Registrant:
Rey
Email: palfreycrossvw@gmail.com
Organization: Cross Co
Address: 228 WIECKING CTR
City: MANKATO
State: MN
ZIP: 56001
Country: US
Phone: +1.5073891822
Fax: +1.5073891822
Administrative Contact:
Rey
Email: palfreycrossvw@gmail.com
Organization: Cross Co
Address: 228 WIECKING CTR
City: MANKATO
State: MN
ZIP: 56001
Country: US
Phone: +1.5073891822
Fax: +1.5073891822
Technical Contact:
Rey
Email: palfreycrossvw@gmail.com
Organization: Cross Co
Address: 228 WIECKING CTR
City: MANKATO
State: MN
ZIP: 56001
Country: US
Phone: +1.5073891822
Fax: +1.5073891822
Billing Contact:
Rey
Email: palfreycrossvw@gmail.com
Organization: Cross Co
Address: 228 WIECKING CTR
City: MANKATO
State: MN
ZIP: 56001
Country: US
Phone: +1.5073891822
Fax: +1.5073891822

Domain name registered recently using IP name servers in HongKong for registrants in Minnesota thru a Russian registrar service -- IMO I would thank NIS. Doesn't sound kosher :)
--
Proud Member of ASAP
DSLR Phishtracker]]> http://www.dslreports.com/forum/remark,21306861 Wed, 22 Oct 2008 07:14:14 EDT Re: NIS 2009 Found This... What is it? http://www.dslreports.com/forum/remark,21306833 amysheehan : Here is some info about that IP
»www.dshield.org/ipinfo.html?ip=58.65.234.9
Hostname: 58-65-234-9.myrdns.com

ISP in HongKong

I wouldn't call it a false positive unless you were unable to view a web page correctly that may have contained something from this IP.

NIS blocked it so if you didn't notice a web page loading properly hosted in HongKong I wouldn't worry NIS did its job :)
--
Proud Member of ASAP
DSLR Phishtracker]]> http://www.dslreports.com/forum/remark,21306833 Wed, 22 Oct 2008 06:59:06 EDT NIS 2009 Found This... What is it? http://www.dslreports.com/forum/remark,21306810 owlyn : What is this attack? Looks like an FP to me, but I'm not really sure...

]]> http://www.dslreports.com/forum/remark,21306810 Wed, 22 Oct 2008 06:41:49 EDT