ThreadBoard ArchivesSite FeaturesActiveworlds SupportHistoric Archives |
New Trojan Floating around AW (Community)
New Trojan Floating around AW // CommunitythemaskJul 21, 2003, 4:21pm
Just a warning, I recieved a telegram, and it was this:
Telegram from Armaggeddon X, sent Mon Jul 21, 2003 9:07 AM: My friend and I have made an awesome program called AW Toolkit, please try it out and tell me what you think: www.twisted-inc.com/awtoolkit.exe Now, do you think that looks very toolkitish? In one part of the file, there is something with this, though it seems compressed, and I was lazy to decompress it. MAIL FROáâM:<> sÿ TRCPT TOC¢oÈ/DATA#S +:£A&[VÃO.X;QUIT- '©môøs and f_.Èox72%Ȭ.1ÖÕ£É;H FuZ³íncz'Ì3ì0BN6o{ÌôKmail.Ó com&¬ô!ßfla za.mx.ao4í#fl÷PHSh¨]mõºæ_.ì£Dò¸¡ ?S±s^% Looks like M a t t strikes again. Trying to trojan me.. I'd love to talk to him and see how 'uber' he is. Kid can't take a life and go play some basketball, have a girlfriend and etc. Damn n00bs. themaskJul 21, 2003, 4:24pm
I also want to point out, the domain itself doenst have a index.html, and
the whois on the domain, and shows me a timeout.. though i DNS'ed it and got this.. * Looking up twisted-inc.com - * Resolved twisted-inc.com to 209.171.43.26 - * Looking up 209.171.43.26 - * Resolved 209.171.43.26 to w.netfirms.com heh.. seems like its another stupid thing. kfJul 21, 2003, 4:32pm
Whois info for, twisted-inc.com:
Registrant: twisted-inc.com 133 N. Wisconsin St Berlin, WI 54923 US Domain name: TWISTED-INC.COM Administrative Contact: Szatkowski, Lynn ardingcay at msn.com 133 N. Wisconsin St Berlin, WI 54923 US 920-361-3580 Technical Contact: Manager, Domains support at netfirms.com 5255 Yonge St 800 Toronto, ON M2N 6P4 CA +1.4166612100 Fax: +1.4166610700 Registration Service Provider: Netfirms, Inc., support at netfirms.com +1.4166612100 This company may be contacted for domain login/passwords, DNS/Nameserver changes, and general domain support questions. [View Quote] abb e norm somewhere@fake.Jul 21, 2003, 4:45pm
This is what it contains,
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.html "themask" <admin at themask.3dhost.net> skrev i meddelandet news:3f1c2f0d$1 at server1.Activeworlds.com... > Just a warning, I recieved a telegram, and it was this: > Telegram from Armaggeddon X, sent Mon Jul 21, 2003 9:07 AM: > > My friend and I have made an awesome program called AW Toolkit, please try > it out and tell me what you think: www.twisted-inc.com/awtoolkit.exe > > Now, do you think that looks very toolkitish? In one part of the file, there > is something with this, though it seems compressed, and I was lazy to > decompress it. > > MAIL FROáâM:<> sÿ TRCPT TOC¢oÈ/DATA#S +:£A&[VÃO.X;QUIT- > '©môøs > > and > > f_.Èox72%Ȭ.1ÖÕ£É;H FuZ³íncz'Ì3ì0BN6o{ÌôKmail.Ó com&¬ô!ßfla > > za.mx.ao4í#fl÷PHSh¨]mõºæ_.ì£Dò¸¡ ?S±s^% > > > Looks like M a t t strikes again. Trying to trojan me.. I'd love to talk to > him and see how 'uber' he is. Kid can't take a life and go play some > basketball, have a girlfriend and etc. > > Damn n00bs. > > > alphabit phalphaJul 21, 2003, 4:46pm
I also got this...
Domain Name: TWISTED-INC.COM Registrar: TUCOWS, INC. Whois Server: whois.opensrs.net Referral URL: http://www.opensrs.org Name Server: NS1.NETFIRMS.COM Name Server: NS2.NETFIRMS.COM Status: ACTIVE Updated Date: 18-jul-2003 Creation Date: 18-jul-2003 Expiration Date: 18-jul-2005 Now I would say that http://www.netfirms.com/ wouldn't appreciate trojans being sent to people over their services. NETFIRMS TERMS OF SERVICE <snip> xiii. information or other material that contains a virus, corrupted data or any other harmful or damaging component; xiv. in the instance of the NETFIRMS FREE HOSTING PLANT, storage of log files on non-html content; Our New Address: Netfirms, Inc. 5160 Yonge St., Suite 1800 Toronto, ON M2N 6L9 Canada Tel: 416-661-2100 Fax: 416-661-0700 mailto:abuse at netfirms.com Maybe it's time as a community to do something about things like this:) [View Quote] chrispegJul 21, 2003, 4:54pm
The one from twisted-inc seems to be slightly differnt than the one listed
in the norton database. "abb e norm" <somewhere at fake.> schrieb im Newsbeitrag news:3f1c34bb at server1.Activeworlds.com... > This is what it contains, > > http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.html > > "themask" <admin at themask.3dhost.net> skrev i meddelandet news:3f1c2f0d$1 at server1.Activeworlds.com... try there f_.Èox72%Ȭ.1ÖÕ£É;H FuZ³íncz'Ì3ì0BN6o{ÌôKmail.Ó com&¬ô!ßfla to > themaskJul 21, 2003, 6:06pm
This file was used for attacks in the AW universe, from a source of mine,
alerted me, and told me i was on their 'list' to attack. Everyone who got that tgram or opened the url, change your ppw and pw as quickly as your can.. right now they are doing the attacks. My source tells me the world they are doing it from are 'mailoto'. And if anyone who thinks there 'uber', your not anymore. Don't screw with me, n00bs. .duo.Jul 21, 2003, 7:57pm
lol, I got it O_O Thanks for the info :-P Where'd you get those skills :-P
[View Quote] |