[68881] in North American Network Operators' Group
Re: Hi (fwd)
daemon@ATHENA.MIT.EDU (william(at)elan.net)
Wed Mar 17 23:59:34 2004
Date: Wed, 17 Mar 2004 21:58:21 -0800 (PST)
From: "william(at)elan.net" <william@elan.net>
To: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0403172118250.2114-100000@sokol.elan.net>
Errors-To: owner-nanog-outgoing@merit.edu
FYI - if you're on windows machine DON'T TRY TO FOLLOW URL in that post
Somebody sent me a copy of the content and its vbscript that downloads an
image converts it into executable and then probably uses some bug in
microshit products to have it executed. I'm not that good with windows
scripting so whoever of the security people here wants to see it futher if
you can not get it yourself, let me know. Its possible this maybe zombie
making virus using nanog to replicate (somebody's sick joke) but possibly
its more general with other lists too. Spammers and virus writers joined
together are getting nastier and nastier.
On Wed, 17 Mar 2004, william(at)elan.net wrote:
>
> Me thinks somebody has found a trapdoor in nanog mailsetup and is in
> general out to get us ...
>
> This one supposedely came from 203.18.63.43 (australia powerhous museum -
> phm.gov.au) and advertises page on ip 165.134.187.102 (saint louis
> univerisity - slu.edu). "Connection refused" when I tried to see what's there.
>
> ---------- Forwarded message ----------
> Return-Path: <owner-nanog@merit.edu>
> Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26])
> ...
> Received: by segue.merit.edu (Postfix)
> id 3B2ED5DE4F; Wed, 17 Mar 2004 23:04:48 -0500 (EST)
> Delivered-To: nanog@merit.edu
> Received: from PH02887.net (unknown [203.18.63.43])
> by segue.merit.edu (Postfix) with SMTP id 0AE2E5DE32
> for <nanog@merit.edu>; Wed, 17 Mar 2004 23:04:46 -0500 (EST)
> Date: Thu, 18 Mar 2004 15:04:22 +1000
> To: nanog@merit.edu
> Subject: Re: Hi
> From: srh@merit.edu
> Message-ID: <nxkitnadhcvpztronff@merit.edu>
> ...
