Very Computer

---------- Forwarded message ----------
Date: Wed, 4 Apr 2001 03:15:21 +0800


Subject: Warning: could not send message for past 4 hours

    **********************************************
    **      THIS IS A WARNING MESSAGE ONLY      **
    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **
    **********************************************

The original message was received at Tue, 3 Apr 2001 21:57:12 +0800

   ----- The following addresses had transient non-fatal errors -----

   ----- Transcript of session follows -----
451 4.4.1 timeout writing message to smtp.hknet.com

Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old

After reading that message, I was curious because I never use ROOT to
send message out and aparently, that

didn't send such message.  Inside the message
I found two attachment, one dat file and the other text file,..
Unfortunetly, when I read the text fileI see ALL the confidential
information all my system all pasted in there. The format looks
something like this:

/**************************HOST IP*****************************/
and then i see the whole ifconfig pasted here. then..
/**************************PS*********************************/
i see ps -aux, then
/**************************HISTORY***************************/
root's command history.. then
/************************HOSTS*****************************/
host file, AND EVEN
/************************PASSWD***************************/
passwd file , with ROOTS and all users' password unecrypted!!!!

I use redhat 7 and i'm sure i have shadow + md5 password enabled.

If anyone have any idea what's going wrong , please let me know and how
am i getting the file. I know that
sina provide freemail service but it has an extension of sinaman.com or
sinagirl.com, but NOT sina.com
is that why i am getting the mail bounced back???

Any help would be appreciated. Thank you very much !
 Leo

> Dear all,

>  Today I turn on my linux and I recieved a mail from sendmail regarding
> a failed message posted to

> following:

> ---------- Forwarded message ----------
> Date: Wed, 4 Apr 2001 03:15:21 +0800


> Subject: Warning: could not send message for past 4 hours

>     **********************************************
>     **      THIS IS A WARNING MESSAGE ONLY      **
>     **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **
>     **********************************************

> The original message was received at Tue, 3 Apr 2001 21:57:12 +0800

>    ----- The following addresses had transient non-fatal errors -----

>    ----- Transcript of session follows -----
> 451 4.4.1 timeout writing message to smtp.hknet.com

> Warning: message still undelivered after 4 hours
> Will keep trying until message is 5 days old

> After reading that message, I was curious because I never use ROOT to
> send message out and aparently, that

> didn't send such message.  Inside the message
> I found two attachment, one dat file and the other text file,..
> Unfortunetly, when I read the text fileI see ALL the confidential
> information all my system all pasted in there. The format looks
> something like this:

> /**************************HOST IP*****************************/
> and then i see the whole ifconfig pasted here. then..
> /**************************PS*********************************/
> i see ps -aux, then
> /**************************HISTORY***************************/
> root's command history.. then
> /************************HOSTS*****************************/
> host file, AND EVEN
> /************************PASSWD***************************/
> passwd file , with ROOTS and all users' password unecrypted!!!!

> I use redhat 7 and i'm sure i have shadow + md5 password enabled.

> If anyone have any idea what's going wrong , please let me know and how
> am i getting the file. I know that
> sina provide freemail service but it has an extension of sinaman.com or
> sinagirl.com, but NOT sina.com
> is that why i am getting the mail bounced back???

> Any help would be appreciated. Thank you very much !
>  Leo

> One more thing after i read the email, I  checked my log file (
> /var/log/message ) to see what happened.   Apparently, i have lost ALL the
> stuff  before date APRIL 3rd ( day of mail send )...   So i couldn't trace
> what happened, Although information from my other
> logfiles still exists, i.e. my "loginlog"  I cannot find any clue from
> there. =(

>  THanks

> > Dear all,

> >  Today I turn on my linux and I recieved a mail from sendmail regarding
> > a failed message posted to

> > following:

> > ---------- Forwarded message ----------
> > Date: Wed, 4 Apr 2001 03:15:21 +0800


> > Subject: Warning: could not send message for past 4 hours

> >     **********************************************
> >     **      THIS IS A WARNING MESSAGE ONLY      **
> >     **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **
> >     **********************************************

> > The original message was received at Tue, 3 Apr 2001 21:57:12 +0800

> >    ----- The following addresses had transient non-fatal errors -----

> >    ----- Transcript of session follows -----
> > 451 4.4.1 timeout writing message to smtp.hknet.com

> > Warning: message still undelivered after 4 hours
> > Will keep trying until message is 5 days old

> > After reading that message, I was curious because I never use ROOT to
> > send message out and aparently, that

> > didn't send such message.  Inside the message
> > I found two attachment, one dat file and the other text file,..
> > Unfortunetly, when I read the text fileI see ALL the confidential
> > information all my system all pasted in there. The format looks
> > something like this:

> > /**************************HOST IP*****************************/
> > and then i see the whole ifconfig pasted here. then..
> > /**************************PS*********************************/
> > i see ps -aux, then
> > /**************************HISTORY***************************/
> > root's command history.. then
> > /************************HOSTS*****************************/
> > host file, AND EVEN
> > /************************PASSWD***************************/
> > passwd file , with ROOTS and all users' password unecrypted!!!!

> > I use redhat 7 and i'm sure i have shadow + md5 password enabled.

> > If anyone have any idea what's going wrong , please let me know and how
> > am i getting the file. I know that
> > sina provide freemail service but it has an extension of sinaman.com or
> > sinagirl.com, but NOT sina.com
> > is that why i am getting the mail bounced back???

> > Any help would be appreciated. Thank you very much !
> >  Leo

> Dear all,

>  Today I turn on my linux and I recieved a mail from sendmail regarding
> a failed message posted to

> following:

> ---------- Forwarded message ----------
> Date: Wed, 4 Apr 2001 03:15:21 +0800


> Subject: Warning: could not send message for past 4 hours

>     **********************************************
>     **      THIS IS A WARNING MESSAGE ONLY      **
>     **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **
>     **********************************************

> The original message was received at Tue, 3 Apr 2001 21:57:12 +0800

>    ----- The following addresses had transient non-fatal errors -----

> Today I turn on my linux and I recieved a mail from sendmail regarding

>it basically it says the following:

>> One more thing after i read the email, I  checked my log file (
>> /var/log/message ) to see what happened.   Apparently, i have lost ALL the
>> stuff  before date APRIL 3rd ( day of mail send )...   So i couldn't trace
> Looks like somebody have installed some trojan that tryied to
> mail out information about your system.

>Dear all,
> Today I turn on my linux and I recieved a mail from sendmail regarding
>a failed message posted to

>following:
>---------- Forwarded message ----------
>Date: Wed, 4 Apr 2001 03:15:21 +0800


>Subject: Warning: could not send message for past 4 hours