Hi, I also discovered this some months ago in a similar program named NetVampire. I contacted the publisher, who stated that the included ADVERT.DLL provides banner advertising inside the application. This DLL apparently uses port 1975 for its communication with the server. With port 1975 closed, the banner adverts inside these applications are not updated. This DLL is made by -surprise - Aureate Media, http://www.aureate.com, the makers og GO!Zilla Regards > Eric V. Iversen, Systems Engineer, IT dept, Bates-gruppen as > Tel. +47 22 87 96 19 - Fax +47 22 87 97 70 > Hoffsveien 1 - PO Box 484 Skøyen - N-0212 Oslo, Norway > E-mail address book: http://www.bates.no/contacts/greenpages.asp > > "There is no reason for any individual to have a computer in their home." > -Ken Olson, President, Digital Equipment, 1977 > > > -----Original Message----- From: GossiTheDog [mailto:gossiat_private] Sent: Tuesday, April 20, 1999 10:35 PM Subject: Go!Zilla, possible trojan I'm a little concerned about a program called Go!Zilla (a Windows 9x Internet download manager) - basically upon detecting network connections it appears to send about 2-4k of data to a remote machine on port 1975. There appears to be no reference to this made in the documentation, and I'm a little concerned about what it is actually sending to the server (and also what is being logged at the server end). Anybody want to pull Go!Zilla apart or run a network sniffer and see what it's doing? I might just be jumping to conclusions, but with what happened with ProMail I don't think we can afford to have another trojan available on all the big download sites... Regards, ----------------------------------------------------- [Name] GossiTheDog [Email] gossiat_private [Telephone] (+44) 0702 09 353 08 [Web Site] http://www.spleen.ukgateway.net [PGP Key] http://www.spleen.ukgateway.net/gossi.asc -----------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:43:28 PDT