Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Troubles in paradise

From: Alberto Colosi via Snort-users <snort-users () lists snort org>
Date: Fri, 6 Apr 2018 08:31:10 +0000
As a Security engineer I know so well what ur describeing here

is my common activity to analize and detect virus, malware, pisghing, ransom and so on


is either stupid to send a virus to sec man as is obvious at 99% will not be hit


thanks about ur cooperation ! I'll check if I have some file like it inside my email



________________________________
From: wkitty42 () windstream net <wkitty42 () windstream net>
Sent: Friday, April 6, 2018 10:07 AM
To: Alberto Colosi; snort-users () lists snort org
Subject: Re: [Snort-users] Troubles in paradise

On 04/06/2018 02:56 AM, Alberto Colosi wrote:

I only have a removal message from some antivirus on the road


so to delete the mail , can you tell me where it was as all emails sent on list
was only with txt


it is/was a doc file attached to the message written by epoupee () ac-rennes fr...
in the snort-users list, Message-ID:
<d04435116e0a2c7e882ceec92912f938@127.0.0.1>... if you do not see
epoupee_Demande.doc attached to emails from epoupee () ac-rennes fr then something
must have cleaned it from the copy you received...

i also received a second one sent directly to me instead of to the list... it
did not have a subject line but it was a reply to an earlier message to me from
the mailing list...

the files from both messages were identical and both messages, while coming from
different originating IPs, look to have been sent using someone's apparently
hacked pacifictentandawning.com account... this information can be seen in the
header lines... one originated from a time-warner roadrunner IP and the other
from an IP in Idaho... both logged into the same yourhostingaccount.com account
which is where the email was sent to the list from...


--
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: