Security Incidents mailing list archives
Something nasty
From: Adam Maloney <adamm () SIHOPE COM>
Date: Wed, 6 Sep 2000 08:53:05 -0500
I've attached an e-mail that I received to a few info@ accounts at a couple of my domains. The IP block that this originated from and the URL references is in .NL, the whois information for upwatch.com is registered in Amsterdam. I think it's rather obvious that these people are trying to save time nmapping the whole internet so they'd rather just have clueless sales droids fill out the form that I presume would ask for what type/version of OS, what software is installed, etc. It would make compromising the box pretty easy. I haven't done much more investigation other than the above. I didn't want to go to the URL with any of my domains or serial numbers in the URL. I editted the headers a little to remove some mail handling and identifying information as to what domains this was sent to, other than that the message is intact. Adam Maloney Systems Administrator Sihope Communications ---------- Forwarded message ---------- ====> ORIGINAL MESSAGE FOLLOWS <==== Received: (from mailroom@localhost) by unix1.sihope.com (8.9.3/8.9.0) id SAA12545 for helpdesk; Tue, 5 Sep 2000 18:22:14 -0500 (CDT) Received: from upwatch.netland.nl (IDENT:root@[212.19.213.240]) by unix1.sihope.com (8.9.3/8.9.0) with ESMTP id SAA12534 for <info () xxxx com>; Tue, 5 Sep 2000 18:22:12 -0500 (CDT) Received: (from root@localhost) by upwatch.netland.nl (8.9.3/8.9.3) id BAA08771; Wed, 6 Sep 2000 01:31:21 +0200 Date: Wed, 6 Sep 2000 01:31:21 +0200 Message-Id: <200009052331.BAA08771 () upwatch netland nl> From: Upwatch Inkoop Team <inkoop () upwatch com> To: info () xxxx com Subject: Unix shell account inquiry Precedence: bulk Reply-To: Upwatch Inkoop Team <inkoop () upwatch com> Dear Sir, Madam, I am looking for Unix Shell Accounts all over the world. I also need some specific functionality. Because shell accounts are not as widespread as they once were, I decided to write to a lot of providers. On the other hand this opens up the possibility for receiving *lots* of answers, all in their own format, and I would have to sort through them: a lot of work. So I took the liberty in creating a special webpage. Please fill in the following webpage if you offer Unix Shell Accounts: http://212.19.213.241/aanbieders.php?domain=xxxx.com&random=419285712 Thank you very much for your cooperation. Ron Arts PS: you might need a technical person when filling this in
Current thread:
- Something nasty Adam Maloney (Sep 06)
- Re: Something nasty Jay D. Dyson (Sep 06)
- Re: Something nasty Rich Puhek (Sep 06)
- Re: Something nasty Gerhard den Hollander (Sep 07)