It doesn't look like a backdoor. The URL in question redirects you http://www.aol.com. As long as you have aol blocked, it shouldn't work. Another intersting feature of this URL is it also has the same IP as ads.web.aol.com. The whole Class C is AOL's You're probably getting a lot of users hitting web ads from AOL.. The webmail services are getting quite creative in the number of IP's and hostnames they use. They are actively looking to circumvent your firewall. Same goes for IM services. Remember, they are in business to enable their users to get to their page, they could care less about your security. ar.atwola.com resolves to 64.12.184.25 64.12.184.89 64.12.184.121 64.12.174.153 64.12.174.185 152.163.226.25 152.163.226.89 152.163.226.57 152.163.226.121 152.163.226.153 152.163.226.185 205.188.165.57 205.188.165.121 205.188.165.185 205.188.165.249 64.12.184.57 Block 'em all! From: Jeffrey_Korte/Security/FCNB/Spgla@privateat_private on 06/24/2002 12:30 PM Sent by: owner-crime@private To: crime@private cc: bcc: Subject: CRIME AOL Backdoor? Information Classification: Public. I have recently come across a scenario that I've not been able to find a satisfactory answer to and I hope someone can assist me. Due to security/virus concerns, several months ago I killed access to Internet based E-mail services at our Bank. (Yahoo, MSN, AOL, etc.) After monitoring several Internet usage reports, I found traffic in the thousands to: http://ar.atwola.com. Once you visit the sight it immediately takes you to the "AOL Anywhere" portal. I have also found numerous hits to http://toolbar.aol.com. Can anyone in the group confirm for me whether or not a backdoor into AOL exists allowing a user to by-pass Firewall restrictions in order to retrieve their E-mails? Regards, Jeffrey B. Korte, Corporate Security Manager First Consumers National Bank Voice: 503.520.8398 The information contained in this E-mail message and its attachments, if any, may be privileged, confidential and protected from disclosure. This information is the property of First Consumers National Bank. If you are not the intended recipient, any disclosure, copying, distribution, reading, or the taking of any action in reliance on or in response to this information (except as specifically permitted in this notice) is strictly prohibited. If you have received this transmission and you are not a named recipient or a person authorized to receive email and email attachments on behalf of a named recipient, or if you think you have received this E-mail message in error, please E-mail the sender at jeffrey_korte@private
This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 19:09:31 PDT