Select Page

Today while checking the network connections I found something strange. The KeisTrayAgent running on my PC is connecting to some IP Address in the internet. It seemed something strange and I am thinking that there is something wrong with the connections, so did a bit more analysis. Here are my findings

Kies Tray Agent (KiesTrayAgent.exe) is part of the Samsung Keis application suite. Samsung uses the Keis application suite for managing the Samsung Galaxy application suits. I have installed this sometime back for managing the Samsung Galaxy S phone.

image

The KiesTrayAgent in my PC is connecting to the IP address 82.148.102.3. Why should an agent connect to an external IP address, especially something which manages the Mobile phone? Now I thought the IP address would be located in the Samsung network.

image

image

To my surprise, the IP Address 82.148.102.3 is located in the Qatar Doha Qatar Telecom (qtel) Q.s.c network. It is also identified to be part of the ADSL pool

inetnum:         82.148.102.0 – 82.148.102.255
netname:         Mobile-Broadband-Pool-No-6
descr:           ADSLPOOL
country:         qa

So why is the KeisAgentTray.exe connects to an HTTP service at 82.148.102.3? I have checked up the webpage at this IP address. The access is redirected to a login page http://82.148.102.3/login/ 

image

It just give me the above screen. Wrong password; enter password.

My current guess is that either the KeisAgentTray on my PC is compromised. But on a larger scale, it could be that the above file is compromised and unnoticed. What do you say?