FW: [Malvern] AOL spyware ?

Ian Pascoe ianpascoe at btinternet.com
Sun Feb 11 20:43:46 GMT 2007 

Hi Rik

Could you explain, in simple terms, how this attack is made?

I'm not sure if you are saying that when a voice  connection is established
using your PSTN line, that the spyware is transmitted to that remote site by
the telephone call or by the broadband connection.

Assuming it is the former, it would have to lie outside of the normal voice
frequency range as you would hear the attack.  It could not start on the
calling person's line outside the voice frequency range as the exchange line
cards dump any frequencies outside that range before doing the A to D
conversion.  This only leave the broadband connection, and unless you are
using VoIP technology for that call, how does it find that particular IP
address amoungst the millions of others.

Tres confusment de Barnards Vert.

Ian

-----Original Message-----
From: malvern-bounces at mailman.lug.org.uk
[mailto:malvern-bounces at mailman.lug.org.uk]On Behalf Of Richard Forster
Sent: 11 February 2007 13:11
To: Malvern at mailman.lug.org.uk
Subject: Re: [Malvern] AOL spyware ?




Geoff Bagley wrote:
> Hi Rick.
> Thanks for the mail (below).
>
> Firstly, I am not able to understand the significance of any telephone
> conversation.
> My ADSL Modem/Firewall/Router is "always on".

Always on means always connected to the internet. But when you are on
the phone to someone else there is a separate link through the *speech
circuits* not just between your phone handsets but also between any
other devices plugged into the phone sockets such as the broadband
routers. This is why I always use my mobile phone and why new mobile
phones with WiFi are dangerous because they can link to wireless ADSL
routers.


>
> I guess than an infected computer could attack my system whether I was
> on the phone or not.
Not in this new way. That is what makes it such a nasty (and
particularly clever) attack method. It can't be detected by normal means
because it doesn't go over the internet.

>
> As it happens, I have another (later version) of the Netgear box (which
> I have bought for my son).  I have tried it,  and it works OK, but  I
> haven't tried nmapping it yet.
>
> However,  armed with the knowledge that port 5190 is (presumably) open,
> are you
> personally able to probe it ?  If so, please have a go !
1. My outgoing firewalls stop me doing this.
2. This may still be illegal even with your permission. It is certainly
against the terms & conditions of my broadband contract.
3. I don't know your IP address.


>
> Another approach might be to get a sofware update, which I presume to be
> possible.
>
> Is there any way to "bomb" the bastard behind this attack ?

Such actions would be illegal, even for me to condone, never mind advise
on. In any case the 'source' of the attacks is invariably an unknowing
PC owned by someone who can't keep their system updated and virus free.




_______________________________________________
Malvern mailing list
Malvern at mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/malvern

More information about the Malvern mailing list