ThreadBoard ArchivesSite FeaturesActiveworlds SupportHistoric Archives |
Alert: Worm going around (Community)
Alert: Worm going around // CommunitythemaskDec 1, 2004, 5:08pm
Well, right when I get home, open my mozilla thuderbird, and find a
worm! And, the funny thing is that it's packaged with Andras's DEM 2 RWX! Message source: From - Wed Dec 01 14:32:19 2004 X-Account-Key: account2 X-UIDL: UID3623-1083266814 X-Mozilla-Status: 0001 X-Mozilla-Status2: 10000000 Return-Path: <cYqiR at aol.com> Delivered-To: 1-ricky at whaletech.net Received: (qmail 3270 invoked from network); 1 Dec 2004 19:44:37 -0000 Received: from dsl081-044-153.lax1.dsl.speakeasy.net (HELO localhost) (64.81.44.153) by 69.64.34.187 with SMTP; 1 Dec 2004 19:44:25 -0000 From: <cYqiR at aol.com> Reply-To: <cYqiR at aol.com> X-Priority: 3 (Normal) X-MailScanner: Found to be clean Subject: Hi, ricky, here´s the archive you requested To: <ricky at whaletech.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="LhLcOFWrQJFjqsgXfFBUMLyItHUBQfiW" --LhLcOFWrQJFjqsgXfFBUMLyItHUBQfiW Content-Type: multipart/alternative; boundary="dDGfMYvDQiDbNstNcGttDgDBuXDydQYM" --dDGfMYvDQiDbNstNcGttDgDBuXDydQYM Content-Type: text/plain; Content-Transfer-Encoding: quoted-printable Here´s the document that you had requested. --dDGfMYvDQiDbNstNcGttDgDBuXDydQYM Content-Type: text/html; Content-Transfer-Encoding: quoted-printable <HTML><HEAD></HEAD><BODY> Here´s the document that you had requested.<iframe src=3Dcid:OSMSyaiClfnVY height=3D0 width=3D0></iframe> </BODY></HTML> --dDGfMYvDQiDbNstNcGttDgDBuXDydQYM-- --LhLcOFWrQJFjqsgXfFBUMLyItHUBQfiW Content-Type: application/x-zip-compressed; name="dem2rwx612b.zip" Content-ID: <OSMSyaiClfnVY> Content-Transfer-Encoding: base64 Content-Disposition: attachment dem2rwx612b.zip size: 651 KB (667,592 bytes) Info on the worm: http://www.sophos.com/virusinfo/analyses/w32torvila.html Watch your email inboxes. -- Signed, TheMask :: Owner of Delusional-Minds Hosting :: Free world hosting.. Just a T-Gram will do it. themaskDec 1, 2004, 5:42pm
[View Quote]
That has no absolute relation to what made this worm unique.. it came
with one of Andras's tools. Think thats kind of awkward? -- Signed, TheMask :: Owner of Delusional-Minds Hosting :: Free world hosting.. Just a T-Gram will do it. johnfDec 1, 2004, 5:51pm
What is to say it is the atcual worm sending it? Someone may have picked up
a worm, packaged it with Andras' tool (and a little modification) and send it to you disguising it as a worm. John [View Quote] themaskDec 1, 2004, 5:59pm
At the end of the mime file, it clearly shows some HTML of the popup,
then some breaks, then shows "moo ha ha", and then it says "torvil", runs a file.. Clearly a worm to the looks of my google search. -- Signed, TheMask :: Owner of Delusional-Minds Hosting :: Free world hosting.. Just a T-Gram will do it. johnfDec 1, 2004, 6:25pm
themaskDec 1, 2004, 6:42pm
The original file was Andras's tool, and then the other file was the
worm. Thinking i'm a moron and would fall for this, I didn't and I was of course suspicious why it was coming from a AOL email, and the ip was a speakeasy dsl line... stolen email, possible proxy to get on aol anyone? -- Signed, TheMask :: Owner of Delusional-Minds Hosting :: Free world hosting.. Just a T-Gram will do it. sweDec 1, 2004, 6:52pm
johnfDec 1, 2004, 7:07pm
joshDec 1, 2004, 7:27pm
I keep getting spam from my own domain, stupid ppl how dare they spam from
my address >_< I've also noticed that for some reason my email address automatically gets filtered to hotmail's spam so i'm guessing some person with WAY too much time is sending out spam from me, i doubt it could be a virus or anything since i have kaspersky and it's a really good scanner, so i dunno >_< [View Quote] themaskDec 1, 2004, 7:29pm
[View Quote]
You would if you were trying to be a tricky idiot. AOL allows proxying,
so you can proxy into AOL with whatever proxy, spam emails you're doing on the hacked AOL screen name. It's actually stupid these days how people are making their passwords, compromising it to crackers who get their passwords easy and harvesting their screen names by chatrooms, profile searches.. You don't know how crappy AOL is. -- Signed, TheMask :: Owner of Delusional-Minds Hosting :: Free world hosting.. Just a T-Gram will do it. samuel ml lisonDec 2, 2004, 12:21am
[View Quote]
Hello Josh,
E-mails looking like they come from other people from your domain, which in fact are not, is actually common these days. Worms send themselves to all the main addresses of a domain name, such as webmaster, support, info, admin, sales, abuse and disguise themselves as if they were someone else from that domain. Also, what may be happening, is the worm knows it's sending to you at yourdomain.com and just changes its own e-mail address to something at yourdomain.com. Make sense? No one is spending time doing this manually to spite you. Yours Sincerely, Samuël ML Lison -- DreamCities.net - A Community for All! (http://www.dreamcities.net) Jobs Available: http://business.dreamcities.net/jobs.html Contact Me: http://about.dreamcities.net/contact.html builderzDec 2, 2004, 4:12pm
Take a look at http://spf.pobox.com/ -- it might help a bit with your
e-mail problem. -Builderz [View Quote] lady nighthawkDec 2, 2004, 4:39pm
Thanks for the link Builderz ... I'm looking at the site as my domain also
gets spam apparently from my domain, which I know is not. I do have to say I find this complicated tho :o/ LNH -- [View Quote] builderzDec 2, 2004, 6:00pm
|