Security Incidents mailing list archives
Re: Internet worm from China
From: "Jay D. Dyson" <jdyson () TREACHERY NET>
Date: Fri, 9 Feb 2001 09:34:12 -0800
-----BEGIN PGP SIGNED MESSAGE----- On Fri, 9 Feb 2001, Derek Kwan [321844] wrote:
After I have done my work, I did a little research on this unusal e-mail and find out is a Internet worm (W32/Hybris.gen@M) seems to come from 211.99.253.95 (looks like is come from China.... Hummm.. I dunno anyone there... where the hack they get my e-mail address??).
The 'net community is a bit like a large incestuous family. Guh. Okay, bad image there. The deal here is that, when you participate in any public forum, someone don't know is bound to drop your address in their MTA's address book for whatever reason...and these worms typically exploit that address book to their own ends. Speaking to the matter of people having your address without you knowing, the weirdest situation was finding one of my PGP pubkeys on a keyserver (I don't send my keys to keyservers since I revoke them every six months and it's a PITA to track them down). Turns out that copy of my key had been PGP-signed and posted to the keyserver by someone at NATO.INT. Now *that* was peculiar since I don't know anyone in NATO.
So if you have received any mail that you can't tell where is it come from, don't execute the attachments.... (even if it is come from soneone you know, be caution..)
Agreed and agreed again. For me, it's got to the point where every attachment I receive is given (for want of a better term) a digital strip search. Anything that looks even remotely hinky is tossed into a "possible worm/trojan" compost pile and left there to ferment. - -Jay ( ______ )) .-- "There's always time for a good cup of coffee" --. >===<--. C|~~| (>------- Jay D. Dyson -- jdyson () treachery net -------<) | = |-' `--' `------ Nobody but us in here. Nobody but us. ------' `-----' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: E-mail me for my PGP Public Key. iQCVAwUBOoQqGdCClfiU/BIVAQF2cwQAtO4dmxGY1NM7NypOLJyMgW3E+ke5GDUv 3iS9ATg5tN2x8nhJlDdXRbz59rgY4JVQ8Jue/7SjE+4AU2nIvYfRKUU5YZ2C5NDP t3K/cyL+48ximlDrHlTaaC2HHDqbM+r70sDJv5YxfpLHyUUMoOGOKfAgPnu1Pxdn AaxodcwESoA= =fMTA -----END PGP SIGNATURE-----
Current thread:
- Internet worm from China Derek Kwan [321844] (Feb 10)
- Re: Internet worm from China Talisker (Feb 10)
- Re: Internet worm from China Jay D. Dyson (Feb 10)