Security Incidents mailing list archives
RE: Possible Intrusion Attempt?
From: FWAdmin <FWAdmin () nbpower com>
Date: Mon, 26 May 2003 11:02:30 -0300
A few of our users have received the same thing. We also use MS Proxy 2.0, but they get popups for authentication with some weird user name in the user ID box. The text of the message is as follows: <B>Subject:</B> are you tired of being single? ut qw pydxve j<BR><BR></FONT></DIV>Loading please wait... <A href="http://www.beowolfhost.com/1/index.html?a=MTEyfDI=";><IMG src="http://beowolfhost.com/4/amateur_match_400x300_01.jpg"; NOSEND="1"><A>rr vs sv h qacvntnzzf adcyf nxsci qvi hane o lopp qcnazyh bk gzsdh ic uxjuz u qwx h t </A><BR> The e-mail didn't trigger authentication with me, and all it downloaded was an image. Depending on a user's proxy settings, this message may or may not prompt for authentication. Did you get a look at what the login screen was for? Ours was a login prompt for our proxy cluster, not the remote web site. -Jason -----Original Message----- From: Matt LaFelero [mailto:ramstryke () yahoo com] Sent: May 21, 2003 20:48 To: incidents () securityfocus com Subject: Possible Intrusion Attempt? I'm hoping someone here might be able to shed some light on this situation.. Some of my users have been getting some interesting spam mail. This is the first time I've ever seen a spam mail do this. When the user opens the spam mail, all of a sudden, an Internet Explorer authentication boxes pops up. You know those that ask for username, password, and domain. Well, I run MS Proxy 2.0 here and the logon with a 2KPro machine is integrated so the user never sees this box or has to enter his/her password to get on the Web. It's strange that this email triggers the authentication box. What's even weirder is that it populates the username for them, with weird names. The names always seem to change from spam mail to spam mail. I've seen iterations like fluff, skank, morton, taxiway.. you name it. It seems most of the emails are HTML, which can explain a lot. None of them had attachments. From what I could gather it seems to attempting to load a site. We run Outlook 2000 with SP3 and all hotfixes. My question is, how is this happening and is it a threat? ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ---------------------------------------------------------------------------- ------------------------- This e-mail communication (including any or all attachments) is intended only for the use of the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this e-mail, any use, review, retransmission, distribution, dissemination, copying, printing, or other use of, or taking of any action in reliance upon this e-mail, is strictly prohibited. If you have received this e-mail in error, please contact the sender and delete the original and any copy of this e-mail and any printout thereof, immediately. Your co-operation is appreciated. Le present courriel (y compris toute piece jointe) s'adresse uniquement a son destinataire, qu'il soit une personne ou un organisme, et pourrait comporter des renseignements privilegies ou confidentiels. Si vous n'etes pas le destinataire du courriel, il est interdit d'utiliser, de revoir, de retransmettre, de distribuer, de disseminer, de copier ou d'imprimer ce courriel, d'agir en vous y fiant ou de vous en servir de toute autre facon. Si vous avez recu le present courriel par erreur, priere de communiquer avec l'expediteur et d'eliminer l'original du courriel, ainsi que toute copie electronique ou imprimee de celui-ci, immediatement. Nous sommes reconnaissants de votre collaboration. ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
![http://beowolfhost.com/4/amateur_match_400x300_01.jpg"](http://beowolfhost.com/4/amateur_match_400x300_01.jpg"){kind=link}
Current thread:
- RE: Possible Intrusion Attempt?, (continued)
- RE: Possible Intrusion Attempt? Jerry Shenk (May 23)
- Re: Possible Intrusion Attempt? Anders Reed Mohn (May 23)
- RE: Possible Intrusion Attempt? Whiteside, Larry [contractor] (May 23)
- RE: Possible Intrusion Attempt? Rob Shein (May 25)
- Re: Possible Intrusion Attempt? Andersson (no email) (May 26)
- Re: Possible Intrusion Attempt? Thomas Zimmerman (May 26)
- Re: Possible Intrusion Attempt? Lars Duesing (May 27)
- Re: Possible Intrusion Attempt? Stewart (May 27)
- RE: Possible Intrusion Attempt? Rob Shein (May 25)
- RE: Possible Intrusion Attempt? Thomas, Frank (May 23)
- RE: Possible Intrusion Attempt? Whiteside, Larry [contractor] (May 25)
- RE: Possible Intrusion Attempt? FWAdmin (May 26)
- RE: Possible Intrusion Attempt? Brad Webb (May 27)
- Re: Possible Intrusion Attempt? Matt LaFelero (May 27)
- Re: Possible Intrusion Attempt? Keith Owens (May 28)
- Re: Possible Intrusion Attempt? Jeff (May 29)
- Re: Possible Intrusion Attempt? Keith Owens (May 28)