FTP Scans - Universities only? : BHODemon followup
FTP Scans
Thank you for those that have reported in as requested from yesterday's diary about ftp scans. So far, everyone who has reported in with matching behavior appears to be reporting on a university network. If you have or can obtain a list of IP addresses associated with this behavior, please send them in. If anyone has seen this activity that is not from a university, we'd be interested in knowing.
BHODemon update
Or why popularity isn't necessarily a good thing
Not too long ago, we mentioned a tool called BHODemon that can help to identify any browser helper objects installed an a system. Jason, an ISC diary reader, reported in that it seemed as if something was amiss. He noted that the link to BHODemon v 1.0 was broken and that BHODemon v 2.0 was only 40kb instead of the reported 1417kb.
After contacting Definitive Solutions, the maker of BHODemon, we were able to learn of the reason behind this mysterious observation. The following is from Larry Leonard:
"My bandwidth limit was incorrectly set on my hosting site, and I burned through
about $10,000 of bandwidth before I knew it. From the mention on the ISC, it
went to SlashDot, and then NPR (National Public Radio).
So right now, I'm negotiating to get that forgiven while the website is essentially shutdown. The 40K program was *supposed* to be a tiny app that simply displayed an explanatory message. Unfortunately, it requires the latest versions of Microsoft DLLs (MFC71.DLL), which many people don't have yet - it doesn't come with even WinXP Pro, for some unfathomable reason. So I'm working on that, too."
Note that the problem with the DLL dependency problem now appears to be corrected and at this time the BHODemon 2 file is approximately 56kb, but this may change. Those wishing to obtain a copy of this program might try searching Google for "BHODemon" to find alternative locations to get the application or check back at Definitive Solutions site next month.
T. Brian Granier
Handler on Duty
Thank you for those that have reported in as requested from yesterday's diary about ftp scans. So far, everyone who has reported in with matching behavior appears to be reporting on a university network. If you have or can obtain a list of IP addresses associated with this behavior, please send them in. If anyone has seen this activity that is not from a university, we'd be interested in knowing.
BHODemon update
Or why popularity isn't necessarily a good thing
Not too long ago, we mentioned a tool called BHODemon that can help to identify any browser helper objects installed an a system. Jason, an ISC diary reader, reported in that it seemed as if something was amiss. He noted that the link to BHODemon v 1.0 was broken and that BHODemon v 2.0 was only 40kb instead of the reported 1417kb.
After contacting Definitive Solutions, the maker of BHODemon, we were able to learn of the reason behind this mysterious observation. The following is from Larry Leonard:
"My bandwidth limit was incorrectly set on my hosting site, and I burned through
about $10,000 of bandwidth before I knew it. From the mention on the ISC, it
went to SlashDot, and then NPR (National Public Radio).
So right now, I'm negotiating to get that forgiven while the website is essentially shutdown. The 40K program was *supposed* to be a tiny app that simply displayed an explanatory message. Unfortunately, it requires the latest versions of Microsoft DLLs (MFC71.DLL), which many people don't have yet - it doesn't come with even WinXP Pro, for some unfathomable reason. So I'm working on that, too."
Note that the problem with the DLL dependency problem now appears to be corrected and at this time the BHODemon 2 file is approximately 56kb, but this may change. Those wishing to obtain a copy of this program might try searching Google for "BHODemon" to find alternative locations to get the application or check back at Definitive Solutions site next month.
T. Brian Granier
Handler on Duty
Keywords:
0 comment(s)
×
Diary Archives
Comments