[Vision2020] US Government Spyware

Art Deco deco at moscow.com
Tue May 30 07:57:31 PDT 2006 

While checking for spyware this morning I came across a well known spyware program used by many firms called Backweb.  Before quarantining this program I decided to see who was receiving the information this program is sending.

The IP being sent to is 6.1.4.68.

This IP is registered to:

OrgName:    DoD Network Information Center 
OrgID:      DNIC
Address:    3990 E. Broad Street
City:       Columbus
StateProv:  OH
PostalCode: 43218
Country:    US

NetRange:   6.0.0.0 - 6.255.255.255 
CIDR:       6.0.0.0/8 
NetName:    YUMA-NET
NetHandle:  NET-6-0-0-0-1
Parent:     
NetType:    Direct Allocation
NameServer: NS01.ARMY.MIL
NameServer: NS02.ARMY.MIL
NameServer: NS03.ARMY.MIL
Comment:    Army Information Systems Center
Comment:    U.S. Army Yuma Proving Ground
Comment:    Building 2105
Comment:    Yuma, AZ 85365-9110 US
RegDate:    
Updated:    2002-10-07

OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName:   Network DoD 
OrgTechPhone:  +1-800-365-3642
OrgTechEmail:  HOSTMASTER at nic.mil

# ARIN WHOIS database, last updated 2006-05-29 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

OrgName:    DoD Network Information Center
OrgID:      DNIC
Address:    3990 E. Broad Street
City:       Columbus
StateProv:  OH
PostalCode: 43218
Country:    US
Comment:    
RegDate:    
Updated:    2005-09-30

AdminHandle: MIL-HSTMST-ARIN
AdminName:   Network DoD 
AdminPhone:  +1-800-365-3642
AdminEmail:  HOSTMASTER at nic.mil

TechHandle: MIL-HSTMST-ARIN
TechName:   Network DoD 
TechPhone:  +1-800-365-3642
TechEmail:  HOSTMASTER at nic.mil



Very curious.  Is this an instance of more domestic spying?

If you wish to check your computers for this particular version of this spyware:

Use Windows Explorer to open the Programs folder on your main hard disk, probably C:
Click on Search
Click on all files and folders
Enter backweb in the top search parameter
Carefully look at the results, if any.

The Receiving IP can be sometimes be found in the file entry, for example:
C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\backweb.tlb

Comments or discoveries?


Art Deco (Wayne A. Fox)
deco at moscow.com









# ARIN WHOIS database, last updated 2006-05-29 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.fsr.com/pipermail/vision2020/attachments/20060530/7855cc8a/attachment.htm

More information about the Vision2020 mailing list