Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » NIS 2009 Found This... What is it?
Search Topic:
Uniqs:
654		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
(topic move) Skype through wireless router »
« Can't connect to airfrance.com but everybody else can  
AuthorAll Replies
-


owlyn
Premium,MVM
join:2004-06-05
Newtown, PA
clubs:

reply to therube
Re: NIS 2009 Found This... What is it?

said by therube See Profile :

Looks like this, Niranhadas.com.
Okay, I visited the link, but I don't know what the information ther means. It was obviously a code snippet, but iu don't know what it does. Looks like it wants to cause a buffer overflow, and then install a (malware?)helper to Adobe reader? Just a guess...
to forum · permalink · · 2008-10-22 16:40:55 · Reply to this


therube

join:2004-11-11
Randallstown, MD		reply to owlyn
Looks like this, Niranhadas.com.
to forum · permalink · · 2008-10-22 15:34:51 · Reply to this


owlyn
Premium,MVM
join:2004-06-05
Newtown, PA
clubs:		reply to amysheehan
Thanks. I checked the whois on it before posting, but I still wasn't sure. I sure hope my Trend Micro software was protecting me prior to the NIS install...
to forum · permalink · · 2008-10-22 11:15:23 · Reply to this


Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
·AT&T U-Verse

reply to owlyn
SnapShot Viewer ActiveX? That sure sounds like a social engineering ploy to get a trojan installed (such as Zlob).

I wouldn't call it a FP.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
to forum · permalink · · 2008-10-22 11:07:44 · Reply to this


amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable

reply to owlyn
NIS states that wsxhost.net was the webpage you were visiting

WHO IS INFO
Result for wsxhost.net
--> /usr/local/bin/fwhois wsxhost.net@whois.internic.net
[whois.internic.net]

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered

Domain Name: WSXHOST.NET
Registrar: REGTIME LTD.
Whois Server: whois.regtime.net
Referral URL: »www.webnames.ru
Name Server: NS1.NAMESELF.COM
Name Server: NS2.NAMESELF.COM
Status: ok
Updated Date: 19-sep-2008
Creation Date: 19-sep-2008
Expiration Date: 19-sep-2009

The Registry database contains ONLY .COM, .NET, .EDU domains and
--> /usr/local/bin/fwhois wsxhost.net@whois.regtime.net
[www.regtime.net]
% RegTime.net WHOIS server

Domain name: wsxhost.net

Name servers:
ns1.nameself.com
ns2.nameself.com

Registrar: RegTime.net Limited
Creation date: 2008-09-19
Expiration date: 2009-09-19

Registrant:
Rey
Email: palfreycrossvw@gmail.com
Organization: Cross Co
Address: 228 WIECKING CTR
City: MANKATO
State: MN
ZIP: 56001
Country: US
Phone: +1.5073891822
Fax: +1.5073891822
Administrative Contact:
Rey
Email: palfreycrossvw@gmail.com
Organization: Cross Co
Address: 228 WIECKING CTR
City: MANKATO
State: MN
ZIP: 56001
Country: US
Phone: +1.5073891822
Fax: +1.5073891822
Technical Contact:
Rey
Email: palfreycrossvw@gmail.com
Organization: Cross Co
Address: 228 WIECKING CTR
City: MANKATO
State: MN
ZIP: 56001
Country: US
Phone: +1.5073891822
Fax: +1.5073891822
Billing Contact:
Rey
Email: palfreycrossvw@gmail.com
Organization: Cross Co
Address: 228 WIECKING CTR
City: MANKATO
State: MN
ZIP: 56001
Country: US
Phone: +1.5073891822
Fax: +1.5073891822

Domain name registered recently using IP name servers in HongKong for registrants in Minnesota thru a Russian registrar service -- IMO I would thank NIS. Doesn't sound kosher
--
Proud Member of ASAP
DSLR Phishtracker
to forum · permalink · · 2008-10-22 07:14:14 · Reply to this


amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable

reply to owlyn
Here is some info about that IP
»www.dshield.org/ipinfo.html?ip=58.65.234.9
Hostname: 58-65-234-9.myrdns.com

ISP in HongKong

I wouldn't call it a false positive unless you were unable to view a web page correctly that may have contained something from this IP.

NIS blocked it so if you didn't notice a web page loading properly hosted in HongKong I wouldn't worry NIS did its job
--
Proud Member of ASAP
DSLR Phishtracker
to forum · permalink · · 2008-10-22 06:59:06 · Reply to this


owlyn
Premium,MVM
join:2004-06-05
Newtown, PA
clubs:

Click for full size
What is this attack? Looks like an FP to me, but I'm not really sure...
to forum · permalink · · 2008-10-22 06:41:49 · Reply to this
Forums » Up and Running » Security » Security(topic move) Skype through wireless router »
« Can't connect to airfrance.com but everybody else can  

Friday, 04-Dec 21:45:05 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [163] Comcast Releasing Promised Usage Meter
· [145] Avast Antivirus Has Gone Mad
· [126] Comcast Makes NBC Universal Acquisition Official
· [104] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [101] Google Invades ISP, OpenDNS Turf With Google Public DNS
· [83] FCC Ponders Moving From PSTN To IP Voice
· [81] Latest Consumer Reports Survey Not Kind To AT&T
· [74] Sprint Defuses GPS Privacy Media Bomb
· [70] Baltimore To Ban Lazy Cable Installs
· [67] The Bandwidth Hog Does Not Exist
Most people now reading
· False positive in Avast! or is it real? [Security]
· Farewell [Bell Canada]
· Windows 7 boot manager editing questions [Microsoft Help]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· [Unlock] TUTORIAL: VONAGE WRTP54G/RTP300 WITH 5.01.04 [VOIP Tech Chat]
· Evading throttling with uTP / uTorrent 1.9a [TekSavvy]
· Soo I wanna get a tattoo. [Canadian Chat]
· ZR1 VS The USN Blue Angels! [56k Lookout (Broadband Heavy)]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]