Main Nav

Message from jtatum1@utk.edu

Does anyone know if the 360.cn website, or associated software is legitimate antivirus and antimalware?

 

I’ve noticed some odd traffic heading to qurl.f.360.cn on port 53.  They’re not DNS queries, but seems to be a large payload of encoded data.

 

Jeff Tatum

Network Admin III, Office of Information Technology

Communications: Network Services

 

The University of Tennessee

103D6 Kingston Pike Building 

2309 Kingston Pike

Knoxville, TN  37996

Phone: 865-974-7424

 

Comments

That's a tough call for various reasons.  It's most likely from Chinese nationals who are using the free 360.cn antivirus software on their computers.  That software seems quite popular but is of questionable value from a protection perspective and there is speculation it provides a backdoor for Chinese government monitoring of individuals and a bridgehead into remote network for malicious activity on the part of the Chinese government or independent agents. 

Like so many things China-related, it's at least semi-legitimate but not something I'd ever trust personally.

See here for more:
http://research.zscaler.com/2011/05/is-360cn-evil.html

Kevin

On 11/19/2012 2:13 PM, Tatum, Jeff wrote:

Does anyone know if the 360.cn website, or associated software is legitimate antivirus and antimalware?

 

I’ve noticed some odd traffic heading to qurl.f.360.cn on port 53.  They’re not DNS queries, but seems to be a large payload of encoded data.

 

Jeff Tatum

Network Admin III, Office of Information Technology

Communications: Network Services

 

The University of Tennessee

103D6 Kingston Pike Building 

2309 Kingston Pike

Knoxville, TN  37996

Phone: 865-974-7424

 

Sorry for not seeing this earlier. I have heard of just such a scheme, namely, using TCP and UDP 53 for non-DNS traffic that they (the bad guys) are hoping will not be noticed. Typically, this is used by bots to talk to their command and control servers.

 

Richard Applebee
Network Architect
V (909) 469-5662
F (909) 706-3460
Western University of Health Sciences

 

Close
Close


Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.