| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <45DABA33.4030806@freebsd.lublin.pl> Date: Tue, 20 Feb 2007 10:06:59 +0100 From: Przemyslaw Frasunek <venglin@...ebsd.lublin.pl> To: full-disclosure@...ts.grok.org.uk Cc: handlers@...s.org Subject: Re: new worm traveling the net? (GNU/Linux) Timo Schoeler napisaĆ(a): > a friend of mine contacted me because he saw lots of emails (60) to > catchthismail@...ain.tld starting at about 5:00 am (US east coast > time). Indeed, I've started receiving it yesterday at 10:00 am (CET) and it stopped at 08:00 pm. To: header contained catchthismail@...ain.tld and helloitmenice@...ain.tld with almost all domains hosted at my site. There were about 130 such mails, all of them with following body: ======================== Hi How are you ? Call me. and marketing pitches Poor you, i don't even think how much spam you are recive. at the group's 6D7174796A6E6A6B667A6A33746A716E72736845777873706872 ======================== The third and fifth line contains random words. The last one is hexadecimally encoded ASCII string, also random. -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com ** NICHDL: PMF9-RIPE * * Jabber ID: venglin@...by.pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ8JIV * _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists