Valhalla Legends Archive

Happened to be tracing UDP traffic, and this was sent to one of my BinaryChat instances:

UDP :Source Port: 3026, Destination Port: 1026
     Length: 317, CheckSum: 0xA82D
DATA:00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
     00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
     00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
     00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
     00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
     00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
     00 00 00 00 00 00 01 00-00 00 00 00 00 00 00 00   ................
     FF FF FF FF 00 00 00 00-00 00 05 00 00 00 00 00   ÿÿÿÿ............
     00 00 05 00 00 00 00 00-00 00 00 00 00 00 05 00   ......Lisa......
     00 00 00 00 00 00 05 00-00 00 48 65 79 20 00 00   ..........Hey ..
     00 00 B1 00 00 00 00 00-00 00 B1 00 00 00 48 69   ..±.......±...Hi
     20 74 68 65 72 65 20 73-77 65 65 74 69 65 2C 0D    there sweetie,.
     0A 20 0D 0A 68 61 76 65-20 79 6F 75 20 73 65 65   . ..have you see
     6E 20 6D 79 20 61 77 65-73 6F 6D 65 20 6E 65 77   n my awesome new
     20 68 6F 6D 65 70 61 67-65 20 79 65 74 3F 0D 0A    homepage yet?..
     0D 0A 69 20 68 61 76 65-20 66 6F 75 6E 64 20 61   ..i have found a
     6C 6C 20 6F 66 20 74 68-65 20 66 72 65 65 20 70   ll of the free p
     6F 72 6E 20 6F 6E 20 74-68 65 20 6E 65 74 20 66   orn on the net f
     6F 72 20 79 6F 75 0D 0A-0D 0A 43 75 6D 20 53 65   or you....Cum Se
     65 20 20 20 20 20 20 57-57 57 2E 32 53 45 58 45   e      WWW.2SEXE
     2E 43 4F 4D 0D 0A 0D 0A-4C 49 53 41 20 58 58 58   .COM....LISA XXX
     58 58 58 58 58 58 58 58-58 58 58 58 58 58 00      XXXXXXXXXXXXXX.

You bad boy, BinaryChat. Meow.

It's gonna go BinaryPorning  8)

Is that a protocol for an IM'er or something?

Quote from: iago on March 31, 2004, 06:54 PM
Is that a protocol for an IM'er or something?

I would guess that's the windows Messenger service that makes those annoying popups pop up.

Either that, or Yoni/Skywing wrote a new .bcp plugin for Binary Chat....  :P

[edit]
That's what the new protocol version is for :P
[/edit]

Others that appeared afterwards:

     00 00 10 00 00 00 53 50-59 57 41 52 45 20 43 48   ......SPYWARE CH
     45 43 4B 45 52 00 10 00-00 00 00 00 00 00 10 00   ECKER...........
     00 00 55 53 45 52 00 00-00 00 00 00 00 00 00 00   ..USER..........
     00 00 A1 02 00 00 00 00-00 00 A1 02 00 00 44 6F   ..¡.......¡...Do
     20 79 6F 75 20 6B 6E 6F-77 20 69 66 20 79 6F 75    you know if you
     72 20 63 6F 6D 70 75 74-65 72 20 69 73 20 69 6E   r computer is in
     66 65 63 74 65 64 20 77-69 74 68 20 53 70 79 77   fected with Spyw
     61 72 65 3F 0D 0A 0D 0A-53 70 79 77 61 72 65 20   are?....Spyware 
     61 72 65 20 70 72 6F 67-72 61 6D 73 20 74 68 61   are programs tha
     74 20 68 69 64 65 20 6F-6E 20 79 6F 75 72 20 63   t hide on your c
     6F 6D 70 75 74 65 72 20-61 6E 64 20 61 72 65 20   omputer and are 
     6B 6E 6F 77 6E 20 74 6F-20 73 74 65 61 6C 20 69   known to steal i
     6E 66 6F 72 6D 61 74 69-6F 6E 20 73 75 63 68 20   nformation such 
     61 73 0D 0A 63 72 65 64-69 74 20 63 61 72 64 20   as..credit card 
     6E 75 6D 62 65 72 73 2C-20 65 2D 6D 61 69 6C 20   numbers, e-mail 
     61 64 64 72 65 73 73 65-73 2C 20 79 6F 75 72 20   addresses, your 
     73 75 72 66 69 6E 67 20-68 61 62 69 74 73 20 61   surfing habits a
     6E 64 20 6D 6F 72 65 2E-0D 0A 0D 0A 41 6E 64 20   nd more.....And 
     79 6F 75 72 20 61 6E 74-69 2D 76 69 72 75 73 20   your anti-virus 
     6F 72 20 66 69 72 65 77-61 6C 6C 20 73 6F 66 74   or firewall soft
     77 61 72 65 20 63 61 6E-27 74 20 73 74 6F 70 20   ware can't stop 
     69 74 2E 0D 0A 0D 0A 49-66 20 79 6F 75 20 61 72   it.....If you ar
     65 20 6E 6F 74 20 31 30-30 25 20 70 6F 73 69 74   e not 100% posit
     69 76 65 20 74 68 61 74-20 79 6F 75 72 20 63 6F   ive that your co
     6D 70 75 74 65 72 20 69-73 20 63 6C 65 61 6E 2C   mputer is clean,
     20 77 65 20 72 65 63 6F-6D 6D 65 6E 64 20 79 6F    we recommend yo
     75 20 63 68 65 63 6B 20-69 74 20 66 6F 72 20 53   u check it for S
     70 79 77 61 72 65 2E 0D-0A 0D 0A 54 79 70 65 20   pyware.....Type 
     74 68 69 73 20 61 64 64-72 65 73 73 20 69 6E 20   this address in 
     79 6F 75 72 20 77 65 62-20 62 72 6F 77 73 65 72   your web browser
     20 66 6F 72 20 6D 6F 72-65 20 69 6E 66 6F 72 6D    for more inform
     61 74 69 6F 6E 3A 0D 0A-0D 0A 20 20 20 20 20 77   ation:....     w
     77 77 2E 73 70 77 33 63-2E 63 6F 6D 0D 0A 0D 0A   ww.spw3c.com....
     4E 4F 54 45 3A 20 50 72-65 73 73 69 6E 67 20 4F   NOTE: Pressing O
     4B 20 77 69 6C 6C 20 6E-6F 74 20 74 61 6B 65 20   K will not take 
     79 6F 75 20 74 6F 20 77-77 77 2E 73 70 77 33 63   you to www.spw3c
     2E 63 6F 6D 0D 0A 50 6C-65 61 73 65 20 77 72 69   .com..Please wri
     74 65 20 64 6F 77 6E 20-77 77 77 2E 73 70 77 33   te down www.spw3
     63 2E 63 6F 6D 20 61 6E-64 20 74 68 65 6E 20 74   c.com and then t
     79 70 65 20 69 74 20 69-6E 20 79 6F 75 72 20 77   ype it in your w
     65 62 20 62 72 6F 77 73-65 72 0D 0A 0D 0A 20 20   eb browser....  
     20 20 20 20 20 20 20 20-20 20 20 20 20 20 20 20                   
     20 20 20 20 20 20 20 20-20 20 20 20 20 20 20 20                   
     20 20 20 20 20 20 20 20-20 20 20 20 20 20 20 20                   
     20 20 20 20 20 20 20 20-20 20 20 20 20 20 20 20                   
     20 77 77 77 2E 73 70 77-33 63 2E 63 6F 6D 00       www.spw3c.com.

     00 00 0E 00 00 00 4B 61-72 65 6E 20 43 61 6D 67   ......Karen Camg
     69 72 6C 00 00 00 0E 00-00 00 00 00 00 00 0E 00   irl.............
     00 00 48 65 79 20 73 65-78 79 00 00 00 00 00 00   ..Hey sexy......
     00 00 2A 01 00 00 00 00-00 00 2A 01 00 00 0D 0A   ..*.......*.....
     2A 2A 2A 2A 2A 20 46 52-45 45 20 57 65 62 63 61   ***** FREE Webca
     6D 20 47 69 72 6C 20 41-63 63 65 73 73 20 66 6F   m Girl Access fo
     72 20 4C 49 46 45 20 2A-2A 2A 2A 2A 0D 0A 0D 0A   r LIFE *****....
     57 65 20 61 72 65 20 47-49 56 49 4E 47 20 41 57   We are GIVING AW
     41 59 20 31 30 2C 30 30-30 20 46 72 65 65 20 57   AY 10,000 Free W
     45 42 43 41 4D 20 50 61-73 73 65 73 20 54 6F 64   EBCAM Passes Tod
     61 79 2E 0D 0A 0D 0A 4E-4F 20 52 45 43 55 52 52   ay.....NO RECURR
     49 4E 47 20 43 48 41 52-47 45 53 2E 0D 0A 4E 4F   ING CHARGES...NO
     20 53 49 47 4E 55 50 20-43 48 41 52 47 45 53 2E    SIGNUP CHARGES.
     0D 0A 54 68 69 73 20 69-73 20 61 20 31 30 30 25   ..This is a 100%
     20 46 52 45 45 20 4C 69-66 65 74 69 6D 65 20 4D    FREE Lifetime M
     65 6D 62 65 72 73 68 69-70 2E 0D 0A 0D 0A 54 61   embership.....Ta
     6C 6B 20 77 69 74 68 20-6D 65 2C 20 4B 61 72 65   lk with me, Kare
     6E 2C 20 6F 72 20 61 6E-79 20 6F 66 20 74 68 65   n, or any of the
     20 6F 74 68 65 72 20 32-30 30 30 20 57 65 62 63    other 2000 Webc
     61 6D 20 47 69 72 6C 73-21 0D 0A 0D 0A 43 75 6D   am Girls!....Cum
     20 67 65 74 20 75 73 2E-0D 0A 57 57 57 2E 46 52    get us...WWW.FR
     45 45 50 41 53 53 45 53-54 4F 44 41 59 2E 43 4F   EEPASSESTODAY.CO
     4D 0D 0A 0D 0A 0D 0A 00-                          M.......

Most likely infected systems sending messages to a range of IPs, to a service I don't have running.