[Malvern] AOL spyware ?

Geoff Bagley geoff.bagley at btinternet.com
Sat Feb 10 20:38:43 GMT 2007 

Hi Rick.
Thanks for the mail (below).

Firstly, I am not able to understand the significance of any telephone 
conversation.
My ADSL Modem/Firewall/Router is "always on".

I guess than an infected computer could attack my system whether I was
on the phone or not.

As it happens, I have another (later version) of the Netgear box (which 
I have bought for my son).  I have tried it,  and it works OK, but  I 
haven't tried nmapping it yet.

However,  armed with the knowledge that port 5190 is (presumably) open,  
are you
personally able to probe it ?  If so, please have a go !

Another approach might be to get a sofware update, which I presume to be 
possible.

Is there any way to "bomb" the bastard behind this attack ?

I often get various pings  or DOS attacks from China !

Best regards,

Geoff



Richard Forster wrote:
> What I think happened is that one of your friends who uses AOL (and 
> windows) somehow caught a computer virus/spyware. Probably they went 
> online or something. Then when they telephoned you during a time when 
> both of you were online the infected computer probed your computer 
> network over the phone line and realised that your router/firewall is 
> old and has bugs in it's proprietary software. The spyware then sent 
> software over the phone line while you were still talking with your 
> friend (you couldn't hear it because of the microfilters) and this 
> infected your router.
> Now your infected router monitors all traffic going through it and 
> collects information about all the sites you visit, emails you send 
> and receive and bank details from any web sites you use. It then sends 
> this information to a AOL chat account (port 5190) probably running on 
> another compromised PC where it is encrypted before being sent on to 
> the hacker ultimately responsible for all this. As it is your router 
> that is infected you won't be able to tell anything about what is 
> going on from your PC. You will have to monitor the connection outside 
> your router (the phone line) to detect the traffic, which of course 
> you can't do. That's what makes this latest spyware attack so clever.
>
>
>
> Geoff Bagley wrote:
>> I  have never used the ISP AOL, though a few of my friends use it.
>>
>> I find (using nmap) that I have a TCP port 5190 on my firewall/router.
>> When I try to get rid of it, it pleads "belongs to another application",
>> or words to that effect.
>>
>> How might it have got there,  and how do I find out about it ?
>> I have wireshark (once ethereal), and nmap.
>>
>> It appears to be associated with aol messenger - a chat-room thing.
>> I have never used a chat room.
>>
>> Any suggestions please ?
>>
>> Geoff.
>>
>> _______________________________________________
>> Malvern mailing list
>> Malvern at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/malvern
>>
>>
>
>
>
> _______________________________________________
> Malvern mailing list
> Malvern at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/malvern
>

More information about the Malvern mailing list