Battd opening connections to ad brokers

P

phelbore

New Member
Joined
Jan 9, 2011
Messages
16
Reaction score
0
I've noticed some strange connections open (using connection tracker to see what's open). These are all from /system/bin/battd, and appear to be to mobile ad brokers. Any ideas why? The connections are all to port 80 of the following addresses:

23.15.7.57
23.15.7.107
107.20.133.247
216.157.12.162
50.16.214.161
174.129.192.221
96.7.175.55
74.14.204.138
74.14.204.102

Which addresses it connects to seems to vary by what apps I open.
I'm sbf'd, did all the OTA updates and rooted, with droidwall installed, so I'm not even sure HOW these are getting out.

I've tried logging with shark and reading with shark reader but shark reader sucks and just shows everything as "RAW".

Sent from my DROID Pro using DroidForums
 
OP
P

phelbore

New Member
Joined
Jan 9, 2011
Messages
16
Reaction score
0
I can't confirm that I haven't been hit by a trojan, but I tend to be fairly careful. Is this happening to you too?

I can't even confirm that connection tracker is reporting the right app. I can tell that connection tracker is somehow pulling ads down when it's blocked by droidwall and isn't allowed root access by superuser, but I can't figure out how.

At this point, I'm not sure if connection tracker is buggy or if this is a real issue.

Sent from my DROID Pro using DroidForums
 
chaihg

chaihg

Member
Joined
Aug 20, 2011
Messages
71
Reaction score
1
I cant confirm that. But if you give us step by step info on what to do then we will do it and report back to see if our results match.
 
OP
P

phelbore

New Member
Joined
Jan 9, 2011
Messages
16
Reaction score
0
Install https://market.android.com/details?id=com.borgshell.connectiontrackerfree or https://market.android.com/details?id=com.eolwral.osmonitor

If you choose to use os monitor, these connections show up as being used by the "System" process.

After that, turn on airplane mode, then reboot. Your phone will come up in airplane mode, so you know there are no connections initiated by booting up.
Open connection tracker or os monitor (to the connections tab) and watch, you should see nothing.
Turn off airplane mode, watch os monitor or connection tracker.
Open an ad supported app, then watch os monitor or connection tracker.

Sent from my DROID Pro using DroidForums
 
OP
P

phelbore

New Member
Joined
Jan 9, 2011
Messages
16
Reaction score
0
After some tinkering (and disabling my firewall, *slaps self on hand* Bad security, I know), it doesn't appear any data is being sent. It just opens the connections and puts them in the WAITING state.

Anyone smarter (or dumber, for that matter) than me have any ideas? I don't like this, but I'm just not getting the malicious vibe from it.

Sent from my DROID Pro using DroidForums
 
You must log in or register to reply here.

Most reactions - Past 7 days

Similar threads

NiteOwl
Losing 3G internet connection with apps
Replies
1
Views
3K
Fr33dom
F
S
Can't connect TB to open sd card
Replies
1
Views
1K
shooter_454
S
H
Soldier with WIFI Connect problems
Replies
3
Views
5K
hooah87
H
A
Since 2.2 update, strange noise before call connects?
Replies
1
Views
14K
cjriddle22
cjriddle22
piffey
Power User Apps
Replies
6
Views
5K
piffey
piffey
Top