[Malvern] AOL spyware ?

[Richard Forster]

What I think happened is that one of your friends who uses AOL (and 
windows) somehow caught a computer virus/spyware. Probably they went 
online or something. Then when they telephoned you during a time when 
both of you were online the infected computer probed your computer 
network over the phone line and realised that your router/firewall is 
old and has bugs in it's proprietary software. The spyware then sent 
software over the phone line while you were still talking with your 
friend (you couldn't hear it because of the microfilters) and this 
infected your router.
Now your infected router monitors all traffic going through it and 
collects information about all the sites you visit, emails you send and 
receive and bank details from any web sites you use. It then sends this 
information to a AOL chat account (port 5190) probably running on 
another compromised PC where it is encrypted before being sent on to the 
hacker ultimately responsible for all this. As it is your router that is 
infected you won't be able to tell anything about what is going on from 
your PC. You will have to monitor the connection outside your router 
(the phone line) to detect the traffic, which of course you can't do. 
That's what makes this latest spyware attack so clever.



Geoff Bagley wrote:
> I  have never used the ISP AOL, though a few of my friends use it.
> 
> I find (using nmap) that I have a TCP port 5190 on my firewall/router.
> When I try to get rid of it, it pleads "belongs to another application",
> or words to that effect.
> 
> How might it have got there,  and how do I find out about it ?
> I have wireshark (once ethereal), and nmap.
> 
> It appears to be associated with aol messenger - a chat-room thing.
> I have never used a chat room.
> 
> Any suggestions please ?
> 
> Geoff.
> 
> _______________________________________________
> Malvern mailing list
> Malvern at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/malvern
> 
>