[nSLUG] RE: [OT] What's WebGuard.Cab?

Daryl MacDonald dgmacd at eastlink.ca
Tue Jan 24 00:23:09 AST 2006


When I googled it, I came up with this


http://www.au-kbc.org/research_areas/crypto/wg.html


Seems like it is some kind of firewall for servers to prevent hackers
from changing info on a server and if it does happen, it uses a cache
server to give the correct page instead of a broken page. 

Not sure why it would be probing out though ...




Message: 2
Date: Mon, 23 Jan 2006 04:41:41 -0400
From: mspencer at tallships.ca (Mike Spencer)
Subject: [NSLUG] [OT] What's WebGuard.Cab?
To: nslug at nslug.ns.ca
Message-ID: <200601230841.k0N8ffX12086 at bogus.nodomain.nowhere>


I keep getting these port 80 probes -- several per hour -- from a
couple of Eastlink machines.  If, in turn, I probe to see what those
hosts are offering on port 80, I get some HTML with an
<OBJECT...WebGuard.cab... tag and some javascript.

After grovelling through Google, I'm no wiser.  My curiosity is
aroused: If this is a defensive security thing, why are these machines
probing me?  If it's some kind of malware, how come I can't google
anything that reports it as such?

For anyone with a frivolous inclination to respond to this OT query,
a specimen request and response is included infra.

Thanks,
- Mike



!DSPAM:43d5ac0e307963015312376!




More information about the nSLUG mailing list