Full Disclosure mailing list archives
Re: new worm traveling the net? (GNU/Linux)
From: Przemyslaw Frasunek <venglin () freebsd lublin pl>
Date: Tue, 20 Feb 2007 10:06:59 +0100
Timo Schoeler napisaĆ(a):
a friend of mine contacted me because he saw lots of emails (60) to catchthismail () domain tld starting at about 5:00 am (US east coast time).
Indeed, I've started receiving it yesterday at 10:00 am (CET) and it stopped at 08:00 pm. To: header contained catchthismail () domain tld and helloitmenice () domain tld with almost all domains hosted at my site. There were about 130 such mails, all of them with following body: ======================== Hi How are you ? Call me. and marketing pitches Poor you, i don't even think how much spam you are recive. at the group's 6D7174796A6E6A6B667A6A33746A716E72736845777873706872 ======================== The third and fifth line contains random words. The last one is hexadecimally encoded ASCII string, also random. -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com ** NICHDL: PMF9-RIPE * * Jabber ID: venglin () czuby pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ8JIV * _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- new worm traveling the net? (GNU/Linux) Timo Schoeler (Feb 19)
- Re: new worm traveling the net? (GNU/Linux) Michal Zalewski (Feb 19)
- Re: new worm traveling the net? (GNU/Linux) Timo Schoeler (Feb 19)
- Re: new worm traveling the net? (GNU/Linux) Timo Schoeler (Feb 19)
- Re: new worm traveling the net? (GNU/Linux) Przemyslaw Frasunek (Feb 20)
- Re: new worm traveling the net? (GNU/Linux) Michal Zalewski (Feb 19)