lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <953E0CDD2787A94A95AA2ECE337E13640B8884@vital-exchange.vitalintranet2.co.uk>
Date: Fri, 19 Sep 2003 19:17:41 +0100
From: "Lee Evans" <lee@...al.co.uk>
To: "'Bruno Clermont'" <bruno@...me.ca>, <bugtraq@...urityfocus.com>
Subject: RE: Wave of fake Official Microsoft Advisory


Hi,

Following links provide further details:

http://www.theregister.co.uk/content/56/32925.html

http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.ht
ml

Regards
Lee
-- 
Lee Evans

> -----Original Message-----
> From: Mail [mailto:mail@...me.CA] On Behalf Of Bruno Clermont
> Sent: 19 September 2003 15:57
> To: bugtraq@...urityfocus.com
> Subject: Wave of fake Official Microsoft Advisory
> 
> 
> Since this morning I start seeing tons of fake Microsoft 
> Advisories by mail. They contain a .exe attachment.
> 
> Running strings(1) on the file show it contain it's own HTML 
> mail source (and other version of the advisory), and many of 
> the stuff it try to do:
> 
> - Increment a web counter "GET 
> http://ww2.fce.vutbr.cz/bin/counter.gif/link=bacillus&width=6&
set=cnt006
HTTP/1.0"
- query a POP3 account at ww2.fce.vutbr.cz
- retrieve stuff from a newsgroup and post a message
- modify mIRC configuration
- alter some Kaaza registry keys
- probably more stuff in all the encoded content

The mail really look like an official Microsoft communication with all
those legal reference to microsoft.com website. At the rate those mail
are coming many users had already been fooled, and infection had just
started.

Some of the original mails (with .exe attachment) are available in mbox
format at http://www.gnome.ca/ms.mbox.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ