Possível malware moneybookers?

Navegue suas respostas
0

Sou usuário de Mac e há alguns minutos precisei verificar meu tráfego de rede com o tcpdump e fiquei surpreso com a saída. Eu envio toneladas de pedidos para g1.moneybookers.com Pelo que vejo, envio mais de uma solicitação a cada segundo. Isso parece muito estranho para mim. Eu deveria estar preocupado?

Você tem alguma ideia de como detectar o processo que gera esse tráfego e elimina & remova-o.

PS: Eu não visitei moneybookers.com na minha vida! 

192.168.1.100.59146 > g1.moneybookers.com.60709: [udp sum ok] UDP, length 57 14:26:49.499837 IP (tos 0x0, ttl 121, id 28452, offset 0, flags [none], proto UDP (17), length 94)
    g1.moneybookers.com.60709 > 192.168.1.100.59146: [udp sum ok] UDP, length 66 14:26:49.500236 IP (tos 0x0, ttl 64, id 22909, offset 0, flags [none], proto UDP (17), length 94)
    192.168.1.100.59146 > 89.246.238.132.55468: [udp sum ok] UDP, length 66 14:26:49.506597 IP (tos 0x0, ttl 53, id 27849, offset 0, flags [none], proto UDP (17), length 84)
    89.246.238.132.55468 > 192.168.1.100.59146: [udp sum ok] UDP, length 56 14:26:49.507068 IP (tos 0x0, ttl 64, id 21292, offset 0, flags [none], proto UDP (17), length 84)
    192.168.1.100.59146 > g1.moneybookers.com.60709: [udp sum ok] UDP, length 56 14:26:49.519959 IP (tos 0x0, ttl 121, id 28453, offset 0, flags [none], proto UDP (17), length 94)
    g1.moneybookers.com.60709 > 192.168.1.100.59146: [udp sum ok] UDP, length 66 14:26:49.520153 IP (tos 0x0, ttl 64, id 34327, offset 0, flags [none], proto UDP (17), length 94)
    192.168.1.100.59146 > 89.246.238.132.55468: [udp sum ok] UDP, length 66 14:26:49.529112 IP (tos 0x0, ttl 53, id 46292, offset 0, flags [none], proto UDP (17), length 87)
    89.246.238.132.55468 > 192.168.1.100.59146: [udp sum ok] UDP, length 59 14:26:49.529214 IP (tos 0x0, ttl 64, id 36385, offset 0, flags [none], proto UDP (17), length 87)
    192.168.1.100.59146 > g1.moneybookers.com.60709: [udp sum ok] UDP, length 59 14:26:49.542552 IP (tos 0x0, ttl 121, id 28454, offset 0, flags [none], proto UDP (17), length 97)
    g1.moneybookers.com.60709 > 192.168.1.100.59146: [udp sum ok] UDP, length 69 14:26:49.543022 IP (tos 0x0, ttl 64, id 6198, offset 0, flags [none], proto UDP (17), length 97)
    192.168.1.100.59146 > 89.246.238.132.55468: [udp sum ok] UDP, length 69 14:26:49.544072 IP (tos 0x0, ttl 53, id 36231, offset 0, flags [none], proto UDP (17), length 95)
    89.246.238.132.55468 > 192.168.1.100.59146: [udp sum ok] UDP, length 67 14:26:49.544484 IP (tos 0x0, ttl 64, id 17246, offset 0, flags [none], proto UDP (17), length 95)
    192.168.1.100.59146 > g1.moneybookers.com.60709: [udp sum ok] UDP, length 67 14:26:49.550502 IP (tos 0x0, ttl 121, id 28456, offset 0, flags [none], proto UDP (17), length 100)
    g1.moneybookers.com.60709 > 192.168.1.100.59146: [udp sum ok] UDP, length 72 14:26:49.550926 IP (tos 0x0, ttl 64, id 62296, offset 0, flags [none], proto UDP (17), length 100)
    192.168.1.100.59146 > 89.246.238.132.55468: [udp sum ok] UDP, length 72 14:26:49.565034 IP (tos 0x0, ttl 53, id 19672, offset 0, flags [none], proto UDP (17), length 124)
    89.246.238.132.55468 > 192.168.1.100.59146: [udp sum ok] UDP, length 96 14:26:49.565489 IP (tos 0x0, ttl 64, id 55130, offset 0, flags [none], proto UDP (17), length 124)
    192.168.1.100.59146 > g1.moneybookers.com.60709: [udp sum ok] UDP, length 96 14:26:49.571635 IP (tos 0x0, ttl 121, id 28458, offset 0, flags [none], proto UDP (17), length 93)
    g1.moneybookers.com.60709 > 192.168.1.100.59146: [udp sum ok] UDP, length 65 14:26:49.571936 IP (tos 0x0, ttl 64, id 14362, offset 0, flags [none], proto UDP (17), length 93)
    192.168.1.100.59146 > 89.246.238.132.55468: [udp sum ok] UDP, length 65 14:26:49.589118 IP (tos 0x0, ttl 53, id 41719, offset 0, flags [none], proto UDP (17), length 158)
    89.246.238.132.55468 > 192.168.1.100.59146: [udp sum ok] UDP, length 130 14:26:49.589430 IP (tos 0x0, ttl 64, id 19578, offset 0, flags [none], proto UDP (17), length 158)
    192.168.1.100.59146 > g1.moneybookers.com.60709: [udp sum ok] UDP, length 130 14:26:49.591446 IP (tos 0x0, ttl 121, id 28459, offset 0, flags [none], proto UDP (17), length 98)
    g1.moneybookers.com.60709 > 192.168.1.100.59146: [udp sum ok] UDP, length 70 14:26:49.591749 IP (tos 0x0, ttl 64, id 8799, offset 0, flags [none], proto UDP (17), length 98)
    192.168.1.100.59146 > 89.246.238.132.55468: [udp sum ok] UDP, length 70 14:26:49.600590 IP (tos 0x0, ttl 53, id 58581, offset 0, flags [none], proto UDP (17), length 124)
    89.246.238.132.55468 > 192.168.1.100.59146: [udp sum ok] UDP, length 96 14:26:49.600754 IP (tos 0x0, ttl 64, id 61442, offset 0, flags [none], proto UDP (17), length 124)
    192.168.1.100.59146 > g1.moneybookers.com.60709: [udp sum ok] UDP, length 96 14:26:49.611373 IP (tos 0x0, ttl 121, id 28460, offset 0, flags [none], proto UDP (17), length 93)
    g1.moneybookers.com.60709 > 192.168.1.100.59146: [udp sum ok] UDP, length 65 14:26:49.611546 IP (tos 0x0, ttl 64, id 52091, offset 0, flags [none], proto UDP (17), length 93)
    192.168.1.100.59146 > 89.246.238.132.55468: [udp sum ok] UDP, length 65 14:26:49.623448 IP (tos 0x0, ttl 53, id 20175, offset 0, flags [none], proto UDP (17), length 129)
    89.246.238.132.55468 > 192.168.1.100.59146: [udp sum ok] UDP, length 101 14:26:49.623868 IP (tos 0x0, ttl 64, id 1574, offset 0, flags [none], proto UDP (17), length 129)
    192.168.1.100.59146 > g1.moneybookers.com.60709: [udp sum ok] UDP, length 101 14:26:49.634022 IP (tos 0x0, ttl 121, id 28461, offset 0, flags [none], proto UDP (17), length 94)
    g1.moneybookers.com.60709 > 192.168.1.100.59146: [udp sum ok] UDP, length 66 14:26:49.634431 IP (tos 0x0, ttl 64, id 40568, offset 0, flags [none], proto UDP (17), length 94)
    192.168.1.100.59146 > 89.246.238.132.55468: [udp sum ok] UDP, length 66 14:26:49.651183 IP (tos 0x0, ttl 53, id 42714, offset 0, flags [none], proto UDP (17), length 155)
    89.246.238.132.55468 > 192.168.1.100.59146: [udp sum ok] UDP, length 127 14:26:49.651415 IP (tos 0x0, ttl 64, id 12561, offset 0, flags [none], proto UDP (17), length 155)
    192.168.1.100.59146 > g1.moneybookers.com.60709: [udp sum ok] UDP, length 127 14:26:49.652708 IP (tos 0x0, ttl 121, id 28462, offset 0, flags [none], proto UDP (17), length 103)
    g1.moneybookers.com.60709 > 192.168.1.100.59146: [udp sum ok] UDP, length 75 14:26:49.652982 IP (tos 0x0, ttl 64, id 42529, offset 0, flags [none], proto UDP (17), length 103)
    192.168.1.100.59146 > 89.246.238.132.55468: [udp sum ok] UDP, length 75 14:26:49.670068 IP (tos 0x0, ttl 53, id 47327, offset 0, flags [none], proto UDP (17), length 142)
    89.246.238.132.55468 > 192.168.1.100.59146: [udp sum ok] UDP, length 114 14:26:49.670301 IP (tos 0x0, ttl 64, id 8759, offset 0, flags [none], proto UDP (17), length 142)
    192.168.1.100.59146 > g1.moneybookers.com.60709: [udp sum ok] UDP, length 114 14:26:49.672592 IP (tos 0x0, ttl 121, id 28463, offset 0, flags [none], proto UDP (17), length 152)
    g1.moneybookers.com.60709 > 192.168.1.100.59146: [udp sum ok] UDP, length 124 14:26:49.672875 IP (tos 0x0, ttl 64, id 569, offset 0, flags [none], proto UDP (17), length 152)
    192.168.1.100.59146 > 89.246.238.132.55468: [udp sum ok] UDP, length 124 14:26:49.680573 IP (tos 0x0, ttl 53, id 37605, offset 0, flags [none], proto UDP (17), length 151)
    89.246.238.132.55468 > 192.168.1.100.59146: [udp sum ok] UDP, length 123 14:26:49.680800 IP (tos 0x0, ttl 64, id 30751, offset 0, flags [none], proto UDP (17), length 151)
    192.168.1.100.59146 > g1.moneybookers.com.60709: [udp sum ok] UDP, length 123 14:26:49.692750 IP (tos 0x0, ttl 121, id 28464, offset 0, flags [none], proto UDP (17), length 155)
    g1.moneybookers.com.60709 > 192.168.1.100.59146: [udp sum ok] UDP, length 127 14:26:49.693022 IP (tos 0x0, ttl 64, id 38948, offset 0, flags [none], proto UDP (17), length 155)
    192.168.1.100.59146 > 89.246.238.132.55468: [udp sum ok] UDP, length 127 14:26:49.703590 IP (tos 0x0, ttl 53, id 1737, offset 0, flags [none], proto UDP (17), length 153)
    89.246.238.132.55468 > 192.168.1.100.59146: [udp sum ok] UDP, length 125 14:26:49.703978 IP (tos 0x0, ttl 64, id 7771, offset 0, flags [none], proto UDP (17), length 153)
    192.168.1.100.59146 > g1.moneybookers.com.60709: [udp sum ok] UDP, length 125 14:26:49.716977 IP (tos 0x0, ttl 121, id 28465, offset 0, flags [none], proto UDP (17), length 153)
    g1.moneybookers.com.60709 > 192.168.1.100.59146: [udp sum ok] UDP, length 125 14:26:49.717401 IP (tos 0x0, ttl 64, id 46124, offset 0, flags [none], proto UDP (17), length 153)
    192.168.1.100.59146 > 89.246.238.132.55468: [udp sum ok] UDP, length 125 14:26:49.727574 IP (tos 0x0, ttl 53, id 19391, offset 0, flags [none], proto UDP (17), length 143)
    89.246.238.132.55468 > 192.168.1.100.59146: [udp sum ok] UDP, length 115 14:26:49.727919 IP (tos 0x0, ttl 64, id 30270, offset 0, flags [none], proto UDP (17), length 143)
    192.168.1.100.59146 > g1.moneybookers.com.60709: [udp sum ok] UDP, length 115
    
por Ivan Dokov 08.08.2013 / 13:38

0 respostas

Tags

O que acontece com as permissões de arquivo quando um arquivo Mac é movido para um computador Windows? NX do MacOS para o servidor Ubuntu