• Welcome to Valhalla Legends Archive.
 

BinaryChat gets teh action

Started by Spht, March 31, 2004, 05:33 PM

Previous topic - Next topic
Print
|
Go Down Pages1
User actions

Spht

March 31, 2004, 05:33 PM
Happened to be tracing UDP traffic, and this was sent to one of my BinaryChat instances:

UDP :Source Port: 3026, Destination Port: 1026
     Length: 317, CheckSum: 0xA82D
DATA:00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
     00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
     00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
     00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
     00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
     00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
     00 00 00 00 00 00 01 00-00 00 00 00 00 00 00 00   ................
     FF FF FF FF 00 00 00 00-00 00 05 00 00 00 00 00   ÿÿÿÿ............
     00 00 05 00 00 00 00 00-00 00 00 00 00 00 05 00   ......Lisa......
     00 00 00 00 00 00 05 00-00 00 48 65 79 20 00 00   ..........Hey ..
     00 00 B1 00 00 00 00 00-00 00 B1 00 00 00 48 69   ..±.......±...Hi
     20 74 68 65 72 65 20 73-77 65 65 74 69 65 2C 0D    there sweetie,.
     0A 20 0D 0A 68 61 76 65-20 79 6F 75 20 73 65 65   . ..have you see
     6E 20 6D 79 20 61 77 65-73 6F 6D 65 20 6E 65 77   n my awesome new
     20 68 6F 6D 65 70 61 67-65 20 79 65 74 3F 0D 0A    homepage yet?..
     0D 0A 69 20 68 61 76 65-20 66 6F 75 6E 64 20 61   ..i have found a
     6C 6C 20 6F 66 20 74 68-65 20 66 72 65 65 20 70   ll of the free p
     6F 72 6E 20 6F 6E 20 74-68 65 20 6E 65 74 20 66   orn on the net f
     6F 72 20 79 6F 75 0D 0A-0D 0A 43 75 6D 20 53 65   or you....Cum Se
     65 20 20 20 20 20 20 57-57 57 2E 32 53 45 58 45   e      WWW.2SEXE
     2E 43 4F 4D 0D 0A 0D 0A-4C 49 53 41 20 58 58 58   .COM....LISA XXX
     58 58 58 58 58 58 58 58-58 58 58 58 58 58 00      XXXXXXXXXXXXXX.


You bad boy, BinaryChat. Meow.

Newby

#1
March 31, 2004, 06:42 PM
It's gonna go BinaryPorning  8)
- Newby

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote<TehUser> Man, I can't get Xorg to work properly.  This sucks.
<torque> you should probably kill yourself
<TehUser> I think I will.  Thanks, torque.

iago

#2
March 31, 2004, 06:54 PM
Is that a protocol for an IM'er or something?
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

MyndFyre

#3
March 31, 2004, 07:11 PM Last Edit: March 31, 2004, 07:11 PM by Myndfyre
Quote from: iago on March 31, 2004, 06:54 PM
Is that a protocol for an IM'er or something?

I would guess that's the windows Messenger service that makes those annoying popups pop up.

Either that, or Yoni/Skywing wrote a new .bcp plugin for Binary Chat....  :P

[edit]
That's what the new protocol version is for :P
[/edit]
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Spht

#4
March 31, 2004, 11:19 PM
Others that appeared afterwards:

     00 00 10 00 00 00 53 50-59 57 41 52 45 20 43 48   ......SPYWARE CH
     45 43 4B 45 52 00 10 00-00 00 00 00 00 00 10 00   ECKER...........
     00 00 55 53 45 52 00 00-00 00 00 00 00 00 00 00   ..USER..........
     00 00 A1 02 00 00 00 00-00 00 A1 02 00 00 44 6F   ..¡.......¡...Do
     20 79 6F 75 20 6B 6E 6F-77 20 69 66 20 79 6F 75    you know if you
     72 20 63 6F 6D 70 75 74-65 72 20 69 73 20 69 6E   r computer is in
     66 65 63 74 65 64 20 77-69 74 68 20 53 70 79 77   fected with Spyw
     61 72 65 3F 0D 0A 0D 0A-53 70 79 77 61 72 65 20   are?....Spyware 
     61 72 65 20 70 72 6F 67-72 61 6D 73 20 74 68 61   are programs tha
     74 20 68 69 64 65 20 6F-6E 20 79 6F 75 72 20 63   t hide on your c
     6F 6D 70 75 74 65 72 20-61 6E 64 20 61 72 65 20   omputer and are 
     6B 6E 6F 77 6E 20 74 6F-20 73 74 65 61 6C 20 69   known to steal i
     6E 66 6F 72 6D 61 74 69-6F 6E 20 73 75 63 68 20   nformation such 
     61 73 0D 0A 63 72 65 64-69 74 20 63 61 72 64 20   as..credit card 
     6E 75 6D 62 65 72 73 2C-20 65 2D 6D 61 69 6C 20   numbers, e-mail 
     61 64 64 72 65 73 73 65-73 2C 20 79 6F 75 72 20   addresses, your 
     73 75 72 66 69 6E 67 20-68 61 62 69 74 73 20 61   surfing habits a
     6E 64 20 6D 6F 72 65 2E-0D 0A 0D 0A 41 6E 64 20   nd more.....And 
     79 6F 75 72 20 61 6E 74-69 2D 76 69 72 75 73 20   your anti-virus 
     6F 72 20 66 69 72 65 77-61 6C 6C 20 73 6F 66 74   or firewall soft
     77 61 72 65 20 63 61 6E-27 74 20 73 74 6F 70 20   ware can't stop 
     69 74 2E 0D 0A 0D 0A 49-66 20 79 6F 75 20 61 72   it.....If you ar
     65 20 6E 6F 74 20 31 30-30 25 20 70 6F 73 69 74   e not 100% posit
     69 76 65 20 74 68 61 74-20 79 6F 75 72 20 63 6F   ive that your co
     6D 70 75 74 65 72 20 69-73 20 63 6C 65 61 6E 2C   mputer is clean,
     20 77 65 20 72 65 63 6F-6D 6D 65 6E 64 20 79 6F    we recommend yo
     75 20 63 68 65 63 6B 20-69 74 20 66 6F 72 20 53   u check it for S
     70 79 77 61 72 65 2E 0D-0A 0D 0A 54 79 70 65 20   pyware.....Type 
     74 68 69 73 20 61 64 64-72 65 73 73 20 69 6E 20   this address in 
     79 6F 75 72 20 77 65 62-20 62 72 6F 77 73 65 72   your web browser
     20 66 6F 72 20 6D 6F 72-65 20 69 6E 66 6F 72 6D    for more inform
     61 74 69 6F 6E 3A 0D 0A-0D 0A 20 20 20 20 20 77   ation:....     w
     77 77 2E 73 70 77 33 63-2E 63 6F 6D 0D 0A 0D 0A   ww.spw3c.com....
     4E 4F 54 45 3A 20 50 72-65 73 73 69 6E 67 20 4F   NOTE: Pressing O
     4B 20 77 69 6C 6C 20 6E-6F 74 20 74 61 6B 65 20   K will not take 
     79 6F 75 20 74 6F 20 77-77 77 2E 73 70 77 33 63   you to www.spw3c
     2E 63 6F 6D 0D 0A 50 6C-65 61 73 65 20 77 72 69   .com..Please wri
     74 65 20 64 6F 77 6E 20-77 77 77 2E 73 70 77 33   te down www.spw3
     63 2E 63 6F 6D 20 61 6E-64 20 74 68 65 6E 20 74   c.com and then t
     79 70 65 20 69 74 20 69-6E 20 79 6F 75 72 20 77   ype it in your w
     65 62 20 62 72 6F 77 73-65 72 0D 0A 0D 0A 20 20   eb browser....  
     20 20 20 20 20 20 20 20-20 20 20 20 20 20 20 20                   
     20 20 20 20 20 20 20 20-20 20 20 20 20 20 20 20                   
     20 20 20 20 20 20 20 20-20 20 20 20 20 20 20 20                   
     20 20 20 20 20 20 20 20-20 20 20 20 20 20 20 20                   
     20 77 77 77 2E 73 70 77-33 63 2E 63 6F 6D 00       www.spw3c.com.


     00 00 0E 00 00 00 4B 61-72 65 6E 20 43 61 6D 67   ......Karen Camg
     69 72 6C 00 00 00 0E 00-00 00 00 00 00 00 0E 00   irl.............
     00 00 48 65 79 20 73 65-78 79 00 00 00 00 00 00   ..Hey sexy......
     00 00 2A 01 00 00 00 00-00 00 2A 01 00 00 0D 0A   ..*.......*.....
     2A 2A 2A 2A 2A 20 46 52-45 45 20 57 65 62 63 61   ***** FREE Webca
     6D 20 47 69 72 6C 20 41-63 63 65 73 73 20 66 6F   m Girl Access fo
     72 20 4C 49 46 45 20 2A-2A 2A 2A 2A 0D 0A 0D 0A   r LIFE *****....
     57 65 20 61 72 65 20 47-49 56 49 4E 47 20 41 57   We are GIVING AW
     41 59 20 31 30 2C 30 30-30 20 46 72 65 65 20 57   AY 10,000 Free W
     45 42 43 41 4D 20 50 61-73 73 65 73 20 54 6F 64   EBCAM Passes Tod
     61 79 2E 0D 0A 0D 0A 4E-4F 20 52 45 43 55 52 52   ay.....NO RECURR
     49 4E 47 20 43 48 41 52-47 45 53 2E 0D 0A 4E 4F   ING CHARGES...NO
     20 53 49 47 4E 55 50 20-43 48 41 52 47 45 53 2E    SIGNUP CHARGES.
     0D 0A 54 68 69 73 20 69-73 20 61 20 31 30 30 25   ..This is a 100%
     20 46 52 45 45 20 4C 69-66 65 74 69 6D 65 20 4D    FREE Lifetime M
     65 6D 62 65 72 73 68 69-70 2E 0D 0A 0D 0A 54 61   embership.....Ta
     6C 6B 20 77 69 74 68 20-6D 65 2C 20 4B 61 72 65   lk with me, Kare
     6E 2C 20 6F 72 20 61 6E-79 20 6F 66 20 74 68 65   n, or any of the
     20 6F 74 68 65 72 20 32-30 30 30 20 57 65 62 63    other 2000 Webc
     61 6D 20 47 69 72 6C 73-21 0D 0A 0D 0A 43 75 6D   am Girls!....Cum
     20 67 65 74 20 75 73 2E-0D 0A 57 57 57 2E 46 52    get us...WWW.FR
     45 45 50 41 53 53 45 53-54 4F 44 41 59 2E 43 4F   EEPASSESTODAY.CO
     4D 0D 0A 0D 0A 0D 0A 00-                          M.......


Most likely infected systems sending messages to a range of IPs, to a service I don't have running.
Print
|
Go Up Pages1
User actions