Vulnerability Development mailing list archives
Re: I love you Author evidence ?
From: jdimov () CIS CLARION EDU (Jordan Dimov)
Date: Sun, 7 May 2000 10:19:00 -0400
The following two lines are from the source of the .vbs script: rem barok -loveletter(vbe) <i hate go to school> rem by: spyder / ispyder () mail com / @GRAMMERSoft Group /Manila,Philippines Looks like the same fella. So it's your typical 'cracker' profile: tennager in high-school, most likely male, anti-social, hates school; he's from the Philippines and speaks broken english. The bugfix.exe collects local private information (passwords that it can find) and mails it to mailme () super net ph. Just super.net.ph is not resolvable, but at www.super.net.ph it says they're a 'prepaid internet card provider' (i didn't know such things existed). Their web server is on a Linux 2.0.something box. But anyway... How important is it really to know the author? And now the FBI is tracking the worm? Come on, give me a break. Someone on securityfocus.com said it best - busting 15 year old script kiddies just makes us all look stupid. On Mon, 6 Mar 2000, Thierry wrote:
Hello, On 10/01/2000 a guy going by the nick of spider submitted a program called barok to TLSecurity. He also submitted (kindly) a screenshot of the results, in which he alwayws disclose the isp he used etc... http://www.tlsecurity.net/backdoor/barok.htm This is the url with the screenshot. If we look closer at The *Bugfix.exe downloaded by the vbs script, and looking a the X-mail fields it sends (source X-Force.) To: mailme () super net ph Subject: Barok... email.passwords.sender.trojan X-Mailer: Barok... email.passwords.sender.trojan---by: spyder We see that it has Barok in it so presumably *bugfix.exe is nothing more then barok 1 or 2 (or a mod) from the same author. Thierry Zoller http://www.TLSecurity.net
Current thread:
- I love you Author evidence ? Thierry (Mar 06)
- Re: I love you Author evidence ? Jordan Dimov (May 07)
- Re: I love you Author evidence ? Thierry (Apr 07)
- Re: I love you Author evidence ? Elaine -HFB- Ashton (May 07)
- Re: I love you Author evidence ? Roelof Temmingh (May 07)
- Re: I love you Author evidence ? Martin Ixter (May 07)
- Re: I love you Author evidence ? Blue Boar (May 07)
- Re: I love you Author evidence ? Drexx Laggui (May 07)
- Re: I love you Author evidence ? Bobcat Felidae (May 09)
- Re: I love you Author evidence ? Sen_Ml Sen_Ml (May 09)
- Re: I love you Author evidence ? Thierry (Apr 07)
- Re: I love you Author evidence ? Erik Debill (May 07)
- Re: I love you Author evidence ? Jordan Dimov (May 07)
- password-protected zip files (was RE: Administrivia #8704) Michael Wojcik (May 07)