Entourage Spyware?

J

Jeff Zienowicz

I just noticed in the Mac Activity Monitor, when I clicked Inspect on the
Entourage process and looked in the Open Files and Ports tab, I saw open
http connections from Entourage. Here's what was displayed:

192.168.2.6:49244->206.130.119.22.west-datacenter.net:http
192.168.2.6:49245->206.130.119.22.west-datacenter.net:http
192.168.2.6:49246->www.culturevulture.net:http

It's the last one that looks suspicious to me. Maybe that's a remote image
from an HTML message? I had no message windows open at the time I checked
this.

Has anyone else noticed any unexplained TCP/IP connections being initiated
by Entourage?

Jeff
 
J

Jonathan Duke

Jeff Zienowicz said:
I just noticed in the Mac Activity Monitor, when I clicked Inspect on the
Entourage process and looked in the Open Files and Ports tab, I saw open
http connections from Entourage. Here's what was displayed:

192.168.2.6:49244->206.130.119.22.west-datacenter.net:http
192.168.2.6:49245->206.130.119.22.west-datacenter.net:http
192.168.2.6:49246->www.culturevulture.net:http

It's the last one that looks suspicious to me. Maybe that's a remote image
from an HTML message? I had no message windows open at the time I checked
this.

Has anyone else noticed any unexplained TCP/IP connections being initiated
by Entourage?

Jeff
Click to expand...

Jeff,

Likely you opened a message that had embedded graphics that referenced
those sites.

Try turning off the external connections (in v.X Mail & News
preferences-Read tab, HTML section: Allow network access when displaying
complex HTML) and see what happens.

Cheers,
Jon
 
J

Jeff Zienowicz

Jeff,

Likely you opened a message that had embedded graphics that referenced
those sites.

Try turning off the external connections (in v.X Mail & News
preferences-Read tab, HTML section: Allow network access when displaying
complex HTML) and see what happens.

Cheers,
Jon
Click to expand...

Yup, that was it -- I found an image in the HTML of a message that
referenced the site above. I had opened the message earlier the same day.
Normally, HTML images don't display, but I think the sender was in my
Address Book (Entourage 2004).

Apparently, that's not a port number after the colon (192.168.2.6:49246).
It must be a process ID. That's what sparked my concern, as I initially
thought it was a TCP port number.

Thanks,
Jeff
 
Top