Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Internet worm from China

From: "Jay D. Dyson" <jdyson () TREACHERY NET>
Date: Fri, 9 Feb 2001 09:34:12 -0800
-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 9 Feb 2001, Derek Kwan [321844] wrote:


After I have done my work, I did a little research on this unusal e-mail
and find out is a Internet worm (W32/Hybris.gen@M) seems to come from
211.99.253.95 (looks like is come from China.... Hummm.. I dunno anyone
there... where the hack they get my e-mail address??).


        The 'net community is a bit like a large incestuous family.  Guh.
Okay, bad image there.  The deal here is that, when you participate in any
public forum, someone don't know is bound to drop your address in their
MTA's address book for whatever reason...and these worms typically exploit
that address book to their own ends.

        Speaking to the matter of people having your address without you
knowing, the weirdest situation was finding one of my PGP pubkeys on a
keyserver (I don't send my keys to keyservers since I revoke them every
six months and it's a PITA to track them down).  Turns out that copy of my
key had been PGP-signed and posted to the keyserver by someone at
NATO.INT.  Now *that* was peculiar since I don't know anyone in NATO.


So if you have received any mail that you can't tell where is it come
from, don't execute the attachments.... (even if it is come from soneone
you know, be caution..)


        Agreed and agreed again.  For me, it's got to the point where
every attachment I receive is given (for want of a better term) a digital
strip search.  Anything that looks even remotely hinky is tossed into a
"possible worm/trojan" compost pile and left there to ferment.

- -Jay

   (                                                            ______
   ))   .-- "There's always time for a good cup of coffee" --.   >===<--.
 C|~~| (>------- Jay D. Dyson -- jdyson () treachery net -------<) |   = |-'
  `--'  `------ Nobody but us in here.  Nobody but us. ------'  `-----'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: E-mail me for my PGP Public Key.

iQCVAwUBOoQqGdCClfiU/BIVAQF2cwQAtO4dmxGY1NM7NypOLJyMgW3E+ke5GDUv
3iS9ATg5tN2x8nhJlDdXRbz59rgY4JVQ8Jue/7SjE+4AU2nIvYfRKUU5YZ2C5NDP
t3K/cyL+48ximlDrHlTaaC2HHDqbM+r70sDJv5YxfpLHyUUMoOGOKfAgPnu1Pxdn
AaxodcwESoA=
=fMTA
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: