New Trojan Floating around AW (Community)

New Trojan Floating around AW // Community

1  |  

themask

Jul 21, 2003, 4:21pm
Just a warning, I recieved a telegram, and it was this:
Telegram from Armaggeddon X, sent Mon Jul 21, 2003 9:07 AM:

My friend and I have made an awesome program called AW Toolkit, please try
it out and tell me what you think: www.twisted-inc.com/awtoolkit.exe

Now, do you think that looks very toolkitish? In one part of the file, there
is something with this, though it seems compressed, and I was lazy to
decompress it.

MAIL FROáâM:<> sÿ TRCPT TOC¢oÈ/DATA#S +:£A&[VÃO.X;QUIT-
'©môøs

and

f_.Èox72%Ȭ.1ÖÕ£É;H FuZ³íncz'Ì3ì0BN6o{ÌôKmail.Ó com&¬ô!ßfla

za.mx.ao4í#fl÷PHSh¨]mõºæ_.ì£Dò¸¡ ?S±s^%


Looks like M a t t strikes again. Trying to trojan me.. I'd love to talk to
him and see how 'uber' he is. Kid can't take a life and go play some
basketball, have a girlfriend and etc.

Damn n00bs.

themask

Jul 21, 2003, 4:24pm
I also want to point out, the domain itself doenst have a index.html, and
the whois on the domain, and shows me a timeout.. though i DNS'ed it and got
this..
* Looking up twisted-inc.com
-
* Resolved twisted-inc.com to 209.171.43.26
-
* Looking up 209.171.43.26
-
* Resolved 209.171.43.26 to w.netfirms.com

heh.. seems like its another stupid thing.

kf

Jul 21, 2003, 4:32pm
Whois info for, twisted-inc.com:

Registrant:
twisted-inc.com
133 N. Wisconsin St
Berlin, WI 54923
US

Domain name: TWISTED-INC.COM

Administrative Contact:
Szatkowski, Lynn ardingcay at msn.com
133 N. Wisconsin St
Berlin, WI 54923
US
920-361-3580
Technical Contact:
Manager, Domains support at netfirms.com
5255 Yonge St
800
Toronto, ON M2N 6P4
CA
+1.4166612100 Fax: +1.4166610700



Registration Service Provider:
Netfirms, Inc., support at netfirms.com
+1.4166612100
This company may be contacted for domain login/passwords,
DNS/Nameserver changes, and general domain support questions.



[View Quote]

abb e norm somewhere@fake.

Jul 21, 2003, 4:45pm
This is what it contains,

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.html

"themask" <admin at themask.3dhost.net> skrev i meddelandet news:3f1c2f0d$1 at server1.Activeworlds.com...
> Just a warning, I recieved a telegram, and it was this:
> Telegram from Armaggeddon X, sent Mon Jul 21, 2003 9:07 AM:
>
> My friend and I have made an awesome program called AW Toolkit, please try
> it out and tell me what you think: www.twisted-inc.com/awtoolkit.exe
>
> Now, do you think that looks very toolkitish? In one part of the file, there
> is something with this, though it seems compressed, and I was lazy to
> decompress it.
>
> MAIL FROáâM:<> sÿ TRCPT TOC¢oÈ/DATA#S +:£A&[VÃO.X;QUIT-
> '©môøs
>
> and
>
> f_.Èox72%Ȭ.1ÖÕ£É;H FuZ³íncz'Ì3ì0BN6o{ÌôKmail.Ó com&¬ô!ßfla
>
> za.mx.ao4í#fl÷PHSh¨]mõºæ_.ì£Dò¸¡ ?S±s^%
>
>
> Looks like M a t t strikes again. Trying to trojan me.. I'd love to talk to
> him and see how 'uber' he is. Kid can't take a life and go play some
> basketball, have a girlfriend and etc.
>
> Damn n00bs.
>
>
>

alphabit phalpha

Jul 21, 2003, 4:46pm
I also got this...

Domain Name: TWISTED-INC.COM
Registrar: TUCOWS, INC.
Whois Server: whois.opensrs.net
Referral URL: http://www.opensrs.org
Name Server: NS1.NETFIRMS.COM
Name Server: NS2.NETFIRMS.COM
Status: ACTIVE
Updated Date: 18-jul-2003
Creation Date: 18-jul-2003
Expiration Date: 18-jul-2005

Now I would say that http://www.netfirms.com/ wouldn't appreciate trojans
being sent to people over their services.

NETFIRMS TERMS OF SERVICE
<snip>
xiii. information or other material that contains a virus, corrupted data or
any other harmful or damaging component;

xiv. in the instance of the NETFIRMS FREE HOSTING PLANT, storage of log
files on non-html content;



Our New Address:

Netfirms, Inc.
5160 Yonge St., Suite 1800
Toronto, ON M2N 6L9
Canada

Tel: 416-661-2100 Fax: 416-661-0700
mailto:abuse at netfirms.com



Maybe it's time as a community to do something about things like this:)



[View Quote]

chrispeg

Jul 21, 2003, 4:54pm
The one from twisted-inc seems to be slightly differnt than the one listed
in the norton database.

"abb e norm" <somewhere at fake.> schrieb im Newsbeitrag
news:3f1c34bb at server1.Activeworlds.com...
> This is what it contains,
>
>
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.html
>
> "themask" <admin at themask.3dhost.net> skrev i meddelandet
news:3f1c2f0d$1 at server1.Activeworlds.com...
try
there
f_.Èox72%Ȭ.1ÖÕ£É;H FuZ³íncz'Ì3ì0BN6o{ÌôKmail.Ó com&¬ô!ßfla
to
>

themask

Jul 21, 2003, 6:06pm
This file was used for attacks in the AW universe, from a source of mine,
alerted me, and told me i was on their 'list' to attack. Everyone who got
that tgram or opened the url, change your ppw and pw as quickly as your
can.. right now they are doing the attacks. My source tells me the world
they are doing it from are 'mailoto'. And if anyone who thinks there 'uber',
your not anymore. Don't screw with me, n00bs.

themask

Jul 21, 2003, 6:07pm
By uber i meant like in hacking skillz in AW and etc.

.duo.

Jul 21, 2003, 7:57pm
lol, I got it O_O Thanks for the info :-P Where'd you get those skills :-P
[View Quote]

just in

Jul 22, 2003, 3:40am
Has anyone sent a complaint to netfirms?

Regards, Justin

[View Quote]

basix

Jul 22, 2003, 5:12pm
Mask, heh... :-P

[View Quote]

1  |  
Awportals.com is a privately held community resource website dedicated to Active Worlds.
Copyright (c) Mark Randall 2006 - 2021. All Rights Reserved.
Awportals.com   ·   ProLibraries Live   ·   Twitter   ·   LinkedIn