Security Incidents mailing list archives
Re: Something nasty
From: Rich Puhek <rpuhek () ETNSYSTEMS COM>
Date: Wed, 6 Sep 2000 13:25:25 -0500
I got a couple of these too. Seemed rather strange. The URL sends you to a page with a form to fill out asking for contact info, upstream provider name, OS of the shell account, etc. They also ask for a checklist of things allowed with a shell account like if a compiler is provided, if a daemon may be left running, if programs may be run as root, if a process may be restarted automatically every five minutes, etc... I agree that they're hoping to hit the clueless, but it's strange that they're asking about shell acounts specifically. It would seem more productive for them to ask about something more generic like web hosting. That way, a sales guy is less likely to contact a techie, and more likely to return the information. --Rich Adam Maloney wrote:
I've attached an e-mail that I received to a few info@ accounts at a couple of my domains. The IP block that this originated from and the URL references is in .NL, the whois information for upwatch.com is registered in Amsterdam. I think it's rather obvious that these people are trying to save time nmapping the whole internet so they'd rather just have clueless sales droids fill out the form that I presume would ask for what type/version of OS, what software is installed, etc. It would make compromising the box pretty easy. I haven't done much more investigation other than the above. I didn't want to go to the URL with any of my domains or serial numbers in the URL. I editted the headers a little to remove some mail handling and identifying information as to what domains this was sent to, other than that the message is intact. Adam Maloney Systems Administrator Sihope Communications
-- _________________________________________________________ Rich Puhek ETN Systems Inc. _________________________________________________________
Current thread:
- Something nasty Adam Maloney (Sep 06)
- Re: Something nasty Jay D. Dyson (Sep 06)
- Re: Something nasty Rich Puhek (Sep 06)
- Re: Something nasty Gerhard den Hollander (Sep 07)