I keep getting a message in nortain security center that says an intrusion attempt by YOUR-4DACD0EA75 was blocked but it keeps happening every second. Any idea what this is?
Yes.. It seems to be a ddos attack from a bot using a hijacked server. I think it's trying to force install hijacking malware on your machine.
Your best defence is probably pull the plug for a while and it will go away and annoy somebody else.
I dug this out of my old server logs, but it doesn't give me much info... maybe it will throw some light for the more malware/java savvy people here?
Quote:10:47:18,406 INFO [
BrokerService] ActiveMQ JMS Message Broker (possibly-unique-broker,
ID:your-4dacd0ea75-139
9-1159454836203-1:0) started
10:47:18,468 INFO [TransportConnector] Connector vm://localhost
Started
10:47:18,515 INFO [TransportServerThreadSupport] Listening for
connections at: stomp://yo
ur-4dacd0ea75:61613
10:47:18,515 INFO [TransportConnector] Connector
stomp://your-4dacd0ea75:61613 Started
10:47:18,531 INFO [TransportServerThreadSupport] Listening for
connections at: tcp://0.0.
0.0:61616
10:47:18,531 INFO [TransportConnector] Connector tcp://0.0.0.0:61616
Started
Now I may be completely off target here and all it is is some perfectly innocent system function trying to do what it does, and is triggering norton's alarms.
I think you should run a portscan on localhost (127.0.0.1) and see which ports are open and listening, investigating and closing anything that doesn't seem right.
Also check network traffic in and out.. there may be a bot already installed and running, and norton is catching it's attempts to phone home for instructions....
