cyberwart

This find is due to Sara. A quick check in the traffic logs for a host sent to the help desk showed a bit odd network traffic. We saw the computer polling laptopantivirus.microsoft.com/block.php. Looking quickly you think, well that’s Microsoft – it’s okay! Well, Microsoft using PHP? That’s not overly likely and the “laptopantivirus” part seems sketchy. If you look at the IP address it’s 195.88.190.54 – Registered to Bigness Group based in Russia.

See below

This entry was posted on Wednesday, January 27th, 2010 at 2:04 pm and is filed under . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.