Group under attack?

Group under attack?

Post by dmer.. » Tue, 11 Mar 2003 02:32:52



I've been getting shelled by trojans this week.  Road Runner's
filtering has caught most of them,  but one slipped through this
morning. (Virus Scan caught it).  A Lot of familiar names showed
up:




                             ^^^^^^^










                                 ^^^^^^                 ^^^^^



                                               ^^^^^^^^^^^^^



    ^^^^^^^^^^^^^^







    ^^^^^^^



                                ^^^^^^^^^^^^^

    ^^^^^^^^^^^^^^^^^


Subject: FWD: Taste this update from M$ Corporation

--
Dan Mercer

 
 
 

Group under attack?

Post by Michael Heimin » Tue, 11 Mar 2003 03:11:15



> I've been getting shelled by trojans this week.  Road Runner's
> filtering has caught most of them,  but one slipped through this
...
> Subject: FWD: Taste this update from M$ Corporation

Hi Dan!

Did check my SPAM logs, but there isn't anything like this.
Looks not to bad, today.;)

144 x SPAM since 03:35 h (497k) caught by:
SpamAssassin  2.50

Greetings

--
Michael Heiming

Remove +SIGNS and www. if you expect an answer, sorry for
inconvenience, but I get tons of SPAM

 
 
 

Group under attack?

Post by Erik Max Franci » Tue, 11 Mar 2003 06:49:14



> I've been getting shelled by trojans this week.  Road Runner's
> filtering has caught most of them,  but one slipped through this
> morning. (Virus Scan caught it).  A Lot of familiar names showed
> up:

It's probably more indicative that the spammer had happened to get those
email addresses from the same place he got yours -- by scanning Usenet
headers.  Seems more likely to me that it's just the manner in which the
spammer collected the addresses, rather than some sort of deliberate
attack.

--

 __ San Jose, CA, USA / 37 20 N 121 53 W / &tSftDotIotE
/  \ I used to walk around / Like nothing could happen to me
\__/ TLC
    Esperanto reference / http://www.alcyone.com/max/lang/esperanto/
 An Esperanto reference for English speakers.

 
 
 

Group under attack?

Post by dmer.. » Wed, 12 Mar 2003 00:20:04





>> I've been getting shelled by trojans this week.  Road Runner's
>> filtering has caught most of them,  but one slipped through this
>> morning. (Virus Scan caught it).  A Lot of familiar names showed
>> up:

> It's probably more indicative that the spammer had happened to get those
> email addresses from the same place he got yours -- by scanning Usenet
> headers.  Seems more likely to me that it's just the manner in which the
> spammer collected the addresses, rather than some sort of deliberate
> attack.

Seems to be a futile group to attack - maybe he should lokk in a
newsgroup where people don't have a clue.

--
Dan Mercer

 
 
 

Group under attack?

Post by Erik Max Franci » Wed, 12 Mar 2003 05:45:00



> Seems to be a futile group to attack - maybe he should lokk in a
> newsgroup where people don't have a clue.

If there's any attack taking place at all, which is pretty highly
unlikely.

--

 __ San Jose, CA, USA / 37 20 N 121 53 W / &tSftDotIotE
/  \ There I was / There I was / Splitting atoms with my desire
\__/ Lamya
    CSBuddy / http://www.alcyone.com/pyos/csbuddy/
 A Counter-Strike server log file monitor in Python.

 
 
 

Group under attack?

Post by laura fairhe » Wed, 12 Mar 2003 09:52:16




>> Seems to be a futile group to attack - maybe he should lokk in a
>> newsgroup where people don't have a clue.

>If there's any attack taking place at all, which is pretty highly
>unlikely.

???

I've had piles of these e-mails, all with attachments, variations
on theme - "Microsoft Security Update". I just delete them
but looked in the headers and noticed just as Mr. Mercer
that someone is scanning various USENET groups for e-mails
for this attack (and it's not just this group). Mostly my concern
was that some less security conscious users might be fooled
[ which is obviously the idea by using terms like 'security patch']

bestwishes
laura

>--

> __ San Jose, CA, USA / 37 20 N 121 53 W / &tSftDotIotE
>/  \ There I was / There I was / Splitting atoms with my desire
>\__/ Lamya
>    CSBuddy / http://www.alcyone.com/pyos/csbuddy/
> A Counter-Strike server log file monitor in Python.

--
alt.fan.madonna |news, interviews, discussion, writings
                |chat, exchange merchandise, meet fans....
                |Get into the groove baby you've got to... check us out!
 
 
 

Group under attack?

Post by laura fairhe » Wed, 12 Mar 2003 09:56:37


On Sun, 9 Mar 2003 19:11:15 +0100, Michael Heiming



>> I've been getting shelled by trojans this week.  Road Runner's
>> filtering has caught most of them,  but one slipped through this
>...
>> Subject: FWD: Taste this update from M$ Corporation

>Hi Dan!

>Did check my SPAM logs, but there isn't anything like this.
>Looks not to bad, today.;)

This is because you don't have a raw e-mail address in your
headers !

Quote:

>144 x SPAM since 03:35 h (497k) caught by:
>SpamAssassin  2.50

>Greetings

byefornow
laura

--
alt.fan.madonna |news, interviews, discussion, writings
                |chat, exchange merchandise, meet fans....
                |Get into the groove baby you've got to... check us out!

 
 
 

1. ANSWER: Mass Attack News Group Hack Info



Actually, I'm now finding that most of the control messages that
are being trapped are from companies trying out the exploit
to determine if their 1.4patch or 1.5.1 upgrade was successful.

Might have been safer to:

        1) Try a safer test ... (/bin/echo boo) | mail wherever
        2) Ensure that no transmits of control messages were fed
        upstream by a 'test' newsfeeds configuration or just
        removed this box off the net and ensuring the control message
        was cleared before going live.

I'll be glad when this passes and sites are upgraded before
people discover what a really close call we had (where is
Morris now?).

--
----------------------------------------------------------------

Technical Computing Group Leader |    "Laugh while you can,
Tektronix CNA Division           |    monkey-boy!!!!"

2. Worth of an emacs hack?

3. REQ: Mass Attack News Group Hack Info

4. Number of users per group

5. Help, I need a list of Denial of Service attack by symptom to track an attack

6. Printcap Question?

7. Tried attack or succesfull attack on mountd?

8. DNS and Name Server Question

9. cannot set up UMASK or groups so that users from one group cannot access other groups

10. grouping a group to a group?

11. Keeping groups, groups and groups straight

12. GROUPS CONTAINING OTHER GROUPS (/etc/group)

13. /etc/group groups inside of groups?