Today while checking the network connections I found something strange. The KeisTrayAgent running on my PC is connecting to some IP Address in the internet. It seemed something strange and I am thinking that there is something wrong with the connections, so did a bit more analysis. Here are my findings
Kies Tray Agent (KiesTrayAgent.exe) is part of the Samsung Keis application suite. Samsung uses the Keis application suite for managing the Samsung Galaxy application suits. I have installed this sometime back for managing the Samsung Galaxy S phone.
The KiesTrayAgent in my PC is connecting to the IP address 22.214.171.124. Why should an agent connect to an external IP address, especially something which manages the Mobile phone? Now I thought the IP address would be located in the Samsung network.
To my surprise, the IP Address 126.96.36.199 is located in the Qatar Doha Qatar Telecom (qtel) Q.s.c network. It is also identified to be part of the ADSL pool
inetnum: 188.8.131.52 – 184.108.40.206
So why is the KeisAgentTray.exe connects to an HTTP service at 220.127.116.11? I have checked up the webpage at this IP address. The access is redirected to a login page http://18.104.22.168/login/
It just give me the above screen. Wrong password; enter password.
My current guess is that either the KeisAgentTray on my PC is compromised. But on a larger scale, it could be that the above file is compromised and unnoticed. What do you say?