Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Office Software > Spyware in Office XP?

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Spyware in Office XP?

Reply to Message Icon

Name: Sci-Guy
Date: November 7, 2004 at 18:23:33 Pacific
OS: XP Pro SP1
CPU/Ram: Athlon XP 2600+ / 1024Mb
Comment:

Today, I opened a Word document while I had Protowall running and noticed some activity by Protowall. This aroused my suspicions enough to close everything running on my computer. I then started Protowall, and opened the Word document again. Protowall showed signs of activity, so I checked the log and found that at the exact time the Word document was opening, Protowall was blocking packets. Here is an excerpt from the log that corresponds with the opening of the Word document:
------------------
2004/11/08 12:04:42 [<-] BLOCKED [!] - Destination is PornDirect/Sitefinder/Verisign[Spyware] (64.94.110.11) [protocol: TCP / destport: 80]
2004/11/08 12:04:45 [<-] BLOCKED [!] - Destination is PornDirect/Sitefinder/Verisign[Spyware] (64.94.110.11) [protocol: TCP / destport: 80]
2004/11/08 12:04:51 [<-] BLOCKED [!] - Destination is PornDirect/Sitefinder/Verisign[Spyware] (64.94.110.11) [protocol: TCP / destport: 80]
2004/11/08 12:05:02 [<-] BLOCKED [!] - Destination is Microsoft Corp trackers 2 AP2P (131.107.103.243) [protocol: TCP / destport: 80]
2004/11/08 12:05:05 [<-] BLOCKED [!] - Destination is Microsoft Corp trackers 2 AP2P (131.107.103.243) [protocol: TCP / destport: 80]
2004/11/08 12:05:11 [<-] BLOCKED [!] - Destination is Microsoft Corp trackers 2 AP2P (131.107.103.243) [protocol: TCP / destport: 80]
-----------------
I then closed the Word document and opened Word from the Program Files menu, and Protowall showed activity again. The log showed packets being blocked to the same IP addresses as before. This would seem to indicate that Word 2002 is not only phoning home, but contacting a known spyware site as well. Opening the other programs in the Office suite didn't produce this suspicious activity.
Any thoughts on this?




Sponsored Link
Ads by Google

Response Number 1
Name: Sci-Guy
Date: November 7, 2004 at 21:38:45 Pacific
Reply:

After uninstalling Office XP, I installed Office 2003. Protowall still shows activty when opening word, but at least it no longer has to block packets being sent to 64.94.110.11. It is still having to block packets being sent to Microsoft Corp trackers 2 AP2P (131.107.103.243). I'd be interested to know what exactly is being sent to Microsoft.



0
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Office Software Forum Home


Sponsored links
Ads by Google


Results for: Spyware in Office XP?
No vertical scrollbar in Office xp www.computing.net/answers/office/no-vertical-scrollbar-in-office-xp/262.html

Block Sender in Office XP www.computing.net/answers/office/block-sender-in-office-xp/1961.html

Can't open or save files in Office www.computing.net/answers/office/cant-open-or-save-files-in-office-/5797.html