Who/what is Dsurf? There are several variations on the theme (DSurf15a 01 PSurf15a VA RSurf15a 41 DSurf15a 01 DSurf15a 21 DSurf15a 51 DSurf15a 91 DSurf15a VA)
What have we got here? Seems to be coming in from several unrelated (almost random) ip's. Some are isp based. Some sort of sleeper/zombie doing someone elses bidding from compromised machines?
PsychoTekk
12:34 pm on May 11, 2002 (gmt 0)
[google.com...] seems like this [sucs.soton.ac.uk] is about it
they come from ISPs client's IPs rather than companies? many variations as seen from the names... if it was a tool i suppose there would be some releases, too, but not like RSurf, DSurf and so on... the article you pointed out says that it might search for email addresses... maybe it is some kind of spyware, some app that has no ads but therefor makes money collecting emailaddresses?
HandwovenRug
6:03 pm on May 11, 2002 (gmt 0)
Brett_Tappke: I've examined 2 months of my logs and found out that DSurf and the like came only from a few IP-adress-ranges which resolves to just a handful of dial-in providers. Sometimes the UAs are random capital letters, as discussed about in another thread. Each and every request is for the same 2-3 html pages, regardless which IP or UA. Because there are only pages with a lot of external links or links to downloads requested - never the homepage (index.html) itself - there could be some kind of submission or link checking tool at work.
Kev
9:41 am on May 12, 2002 (gmt 0)
I've had DSurf down as an email harvester of some ilk - it visits home pages and guestbooks only on 3 seperate domains, on an almost daily basis.
