Re: RE:Probable Trojan

[Gene <flyersfanindc () yahoo com>]

In-Reply-To: <LAW11-OE24Uz48oxSF50000a226 () hotmail com>

The problem was not a lack of creative googling, it was a lack of information.  As stated, I failed to ask the obvious 
question.  Had I asked the question, I would have found the answer in 10 seconds or less.

I appreciate the info though.   


> Received: (qmail 20039 invoked from network); 3 Nov 2003 16:50:04 -0000
> Received: from outgoing2.securityfocus.com (205.206.231.26)
>  by mail.securityfocus.com with SMTP; 3 Nov 2003 16:50:04 -0000
> Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
>       by outgoing2.securityfocus.com (Postfix) with QMQP
>       id 36A4C8F777; Mon,  3 Nov 2003 03:57:28 -0700 (MST)
> Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
> Precedence: bulk
> List-Id: <security-basics.list-id.securityfocus.com>
> List-Post: <mailto:security-basics () securityfocus com>
> List-Help: <mailto:security-basics-help () securityfocus com>
> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
> Delivered-To: mailing list security-basics () securityfocus com
> Delivered-To: moderator for security-basics () securityfocus com
> Received: (qmail 31437 invoked from network); 31 Oct 2003 00:40:18 -0000
> X-Originating-IP: [202.153.39.88]
> X-Originating-Email: [se_cur_ity () hotmail com]
> From: "morning_wood" <se_cur_ity () hotmail com>
> To: "Gene Bransfield" <flyersfanindc () yahoo com>,
>       <security-basics () securityfocus com>
> Cc: <incidents () securityfocus com>
> References: <20031029214745.10351.qmail () web40305 mail yahoo com>
> Subject: Re: RE:Probable Trojan
> Date: Fri, 31 Oct 2003 12:22:35 +0530
> MIME-Version: 1.0
> Content-Type: text/plain;
>       charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2800.1158
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
> Message-ID: <LAW11-OE24Uz48oxSF50000a226 () hotmail com>
> X-OriginalArrivalTime: 31 Oct 2003 06:50:38.0091 (UTC) FILETIME=[4AC7D5B0:01C39F7B]
>
> as I reported in May,
>
> http://lists.netsys.com/pipermail/full-disclosure/2003-May/004872.html
>
> Try to google creativly.
>
>
> morning_wood
>
>
> ----- Original Message ----- 
> From: "Gene Bransfield" <flyersfanindc () yahoo com>
> To: <security-basics () securityfocus com>
> Cc: <incidents () securityfocus com>
> Sent: Thursday, October 30, 2003 3:17 AM
> Subject: RE:Probable Trojan
>
>
> > All,
> >
> > Thank you very much for your information.  I
> > appreciate everyone's input and I have learned a lot.
> >
> >
> > Lesson learned: Always ask the obvious question.
> >
> > The obvious question was: What were you doing with
> > your AOL account before it was hacked?
> >
> > The obvious question was asked by the local sysadmin.
> >
> >
> > One would assume that my buddy would have informed me
> > about any recent unusual AOL activity (like
> > unsolicited emails), but it's really my fault for not
> > asking the obvious question.
> >
> > Be on the look-out for the InstaKiss email from any
> > AOL addresses.  They are bogus.  The link associated
> > brings you to a false AOL login page where usernames
> > and passwords are harvested for SPAM mongers.  More
> > info in the link:
> >
> > http://www.spamsolutions.net/instakiss.asp
> >
> > I thought my buddy would have been smart enough not to
> > click on links in unsolicited emails, but alas my
> > friend is stupid.  I have informed him that he owes me
> > a case of beer.  I'll be happy to share with the list.
> >
> > Thanks again,
> >
> > Gene
> >
> > __________________________________
> > Do you Yahoo!?
> > Exclusive Video Premiere - Britney Spears
> > http://launch.yahoo.com/promos/britneyspears/
> >
> > --------------------------------------------------------------------------
> -
> > Network with over 10,000 of the brightest minds in information security
> > at the largest, most highly-anticipated industry event of the year.
> > Don't miss RSA Conference 2004! Choose from over 200 class sessions and
> > see demos from more than 250 industry vendors. If your job touches
> > security, you need to be here. Learn more or register at
> > http://www.securityfocus.com/sponsor/RSA_incidents_031023
> > and use priority code SF4.
> > --------------------------------------------------------------------------
> --
> >
>
> ---------------------------------------------------------------------------
> Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
> The Presidio integrates PGP data encryption and XML Web Services security to 
> simplify the management and deployment of PGP and reduce overall PGP costs 
> by up to 80%.
> FREE WHITEPAPER & 30 Day Trial - 
> http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
> ----------------------------------------------------------------------------

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------