Erik notices a big increase in UDP packets sent to port 1026 and 1027 occasionally. He enters the following at the command prompt. $ nc -l -p 1026 -u -v In response, he sees the following message. cell(?(c)???? STOPALERT77STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION. Windows has found 47 Critical Errors. To fix the errors please do the following:
1.Download Registry Repair from: www.reg-patch.com
2.Install Registry Repair
3. Run Registry Repair
4. Reboot your computer FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!
What would you infer from this alert?
A.
The machine is redirecting traffic to www.reg-patch.com using adware
B.
It is a genuine fault of windows registry and the registry needs to be backed up
C.
An attacker has compromised the machine and backdoored ports 1026 and 1027
D.
It is a messenger spam. Windows creates a listener on one of the low dynamic ports from 1026 to 1029 and the message usually promotes malware disguised as legitimate utilities
Isn’t this supposed to be C. I have a strong feeling D is incorrect.
“Ports 1026/udp – 1027/udp are usually used by Messenger Popup Spam as well.”
“Port 1026 Commonly used to send MS Messenger spam”
I didn’t pick c because why would a back doored port be receive messages like that?