Security Incidents mailing list archives
Internet worm from China
From: "Derek Kwan [321844]" <Derek () KWAN CA>
Date: Fri, 9 Feb 2001 00:51:55 -0500
Hello World, Tonight (while I am debugging m4-gnu.. see Bugtraq@securityfocus mailing list) I have received a piece of unusal e-mail.... It doesn't include a from line, and there is a EXE attachment. After I have done my work, I did a little research on this unusal e-mail and find out is a Internet worm (W32/Hybris.gen@M) seems to come from 211.99.253.95 (looks like is come from China.... Hummm.. I dunno anyone there... where the hack they get my e-mail address??). Here are the info about this internet worm (http://vil.nai.com/vil/virusChar.asp?virus_k=98873) So if you have received any mail that you can't tell where is it come from, don't execute the attachments.... (even if it is come from soneone you know, be caution..) Derek =-=-=-=-=-=-=-= Mail header Return-Path: <MAILER-DAEMON () KWAN ca> Received: from wang ([211.99.253.95]) by KWAN.ca (8.11.1/8.9.3) with SMTP id f191HTp23776 for <dkwan () KWAN ca>; Thu, 8 Feb 2001 20:17:31 -0500 Date: Thu, 8 Feb 2001 20:17:31 -0500 Message-Id: <200102090117.f191HTp23776 () KWAN ca> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--VEHQ74DIB81M7OXEJCXIZ" To: undisclosed-recipients:; Status: RO X-Status: X-Keywords: X-UID: 77 X-Mozilla-Status: 8001 X-Mozilla-Status2: 00000000 X-UIDL: 0dfd6e6ccadf2a7d370f0e660c373597 ----VEHQ74DIB81M7OXEJCXIZ Content-Type: text/plain; charset="us-ascii" ----VEHQ74DIB81M7OXEJCXIZ Content-Type: application/octet-stream; name="DCBBEMDC.EXE" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="DCBBEMDC.EXE" =-=-=-=-=-=-=-= Whois Search results for ' 211.99.253.95'... % Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.html inetnum: 211.99.253.0 - 211.99.255.255 netname: ZHONGDIAN descr: an Office building include many descr: companies country: CN admin-c: JY74-AP tech-c: JY74-AP mnt-by: MAINT-CN-263 changed: zhx () 263 net cn 20000918 source: APNIC person: JIAN FENG YAN address: 15th Building 1st District of Xiao Huang Zhuang, address: District Dong Cheng, CHINA phone: +86-010-84287565 fax-no: +86-010-84286328 country: CN e-mail: zhx () 263 net cn nic-hdl: JY74-AP mnt-by: MAINT-CNNIC-AP changed: ipas () cnnic net cn 20000927 source: APNIC
Current thread:
- Internet worm from China Derek Kwan [321844] (Feb 10)
- Re: Internet worm from China Talisker (Feb 10)
- Re: Internet worm from China Jay D. Dyson (Feb 10)