TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
>>Is anyone familiar with this traffic and what it is
>>related to?
A little probing with WHOIS reveals that CMS1.NET is registered to an
Israeli software company called CYDOOR Technologies:
Registrant:
Cydoor Technologies (CMS16-DOM)
22 Maskit St., P.O.Box 12627
Herzliya, 46733
IL
Domain Name: CMS1.NET
Administrative Contact:
Meir, Zohar (ZM569) [EMAIL PROTECTED]
Cydoor Technologies
22 Maskit St.
Herzliya
46733
IL
972-9-9554405 (FAX) 972-9-9555421
According to one of their web pages
(http://www.cydoor.com/Cydoor/services.htm), they have several services they
offer. One is a component that other software vendors can license to put
banner ads inside their software. There is a press release on their site
that indicates they have licensed this technology to OPERA
(http://www.opera.com/) which is an alternative web browser that has a free
version supported by banner ads. (See press release here:
http://www.cydoor.com/Cydoor/news20.htm).
Another is a component that allows software vendors to be given a channel of
communication back from users who download their software.
I'm guessing your user probably downloaded some piece of software that uses
this technology, and the software is just trying to "phone home" to fetch a
banner ad or register itself or something like that. Probably harmless.
A Google search on "www.cms1.net" turns up several firewall and proxy logs
for other sites that also show lots of traffic to this domain.
Those goofy filenames are a bit troubling, however. They would bear some
further investigation.
=====================================
Tim Farley
Senior Researcher
Internet Security Systems
[EMAIL PROTECTED]
(404) 236-2600
http://www.iss.net
Internet Security Systems - The Power to Protect
=====================================
-----Original Message-----
From: Blaine [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 10, 2001 10:43 AM
To: [EMAIL PROTECTED]
Subject: www.cms1.net
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
We first saw traffic directed to this site about 3
months ago from only 1 PC and the traffic was not
getting through the firewall so I was not too
concerned. We scanned the PC and did not find any
obvious signs of a trojan or viri with the exception
of 2 or three files with filenames like � � � .
I noticed today that another PC is connecting to this
site and transfering data. Here is an example:
http://www.cms1.net/scripts/cms/CmsInit.ASP?ID=7380317&D2=??OACSCH????????&A
W=168&LV=2036&CU=342957346
Is anyone familiar with this traffic and what it is
related to?
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
