[simpits-tech] Attn Gene, suspect hacking on simpits site
Chris Crowley
simpits-tech@simpits.org
Tue, 29 Oct 2002 05:41:54 -0500
This is a multi-part message in MIME format.
------=_NextPart_000_0082_01C27F0D.E3645120
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
I get the same stuff. Somehow my addy got put on "the list". My
understanding after talking to some IT folks at work is that there is some
kind of virus that substitutes stuff into the headers so you think it from
your friends. Plus you can't track down were it came from (at least I
can't).
I have even gotten email from myself (old addresses out of service)! If you
don't have the latest software updates on your system, you get infected.
otherwise the virus is stripped out of the messages.
Chris Crowley
-----Original Message-----
From: simpits-tech-admin@simpits.org
[mailto:simpits-tech-admin@simpits.org]On Behalf Of Ben Jones
Sent: Tuesday, October 29, 2002 5:07 AM
To: simpits-tech@simpits.org
Subject: RE: [simpits-tech] Attn Gene, suspect hacking on simpits site
i,m still geting notification from my isp that someone is trying to send
me the WORM_YAHA.E virus
I STRESS MY SYSTEM IS CLEAN !!!
the senders are
hetwoonhuis
ch.huyben
Mail Delivery System
hetwoonhuis@wxs.nl
dont know if this helps any one , of if they know these mysterious senders
BEN
JONES
-----------------------------------------
bjones@pipecomp.com.au
------------------------------------------------
-----Original Message-----
From: Alan D. Mazurka [mailto:adm.design@verizon.net]
Sent: Tuesday, 29 October 2002 3:34 AM
To: simpits-tech@simpits.org
Cc: adm.design@verizon.net
Subject: Re: [simpits-tech] Attn Gene, suspect hacking on simpits site
hi, Gene
....probably from a piece of mail from simpits-tech, but i can't comment
further.
it's the same version of the thing travelling around a few weeks back. i
deleted it too fast to associate the owner with the mischief. most of the
time they don't even know they're infected.
since your'e unix-based, it's probably a different problem altogether.
still, thanks for your good detective work.
- adm -
At 11:12 AM 10/28/02 -0800, you wrote:
> norton picked up (yet one more of those) files in /spool.tmp (or
some such)
>
Picked it up from where?
g.
_______________________________________________
Simpits-tech mailing list
Simpits-tech@simpits.org
http://www.simpits.org/mailman/listinfo/simpits-tech
To unsubscribe, please see the instructions at the bottom of the above
page. Thanks!
----------------------------------------------------------------------------
Alan D. Mazurka Webspace Design & Implementation
adm.design@verizon.net
------=_NextPart_000_0082_01C27F0D.E3645120
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4919.2200" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D770333710-29102002><FONT face=3DArial color=3D#0000ff =
size=3D2>I get=20
the same stuff. Somehow my addy got put on "the list". My understanding =
after=20
talking to some IT folks at work is that there is some kind of virus =
that=20
substitutes stuff into the headers so you think it from your friends. =
Plus you=20
can't track down were it came from (at least I can't). =
</FONT></SPAN></DIV>
<DIV><SPAN class=3D770333710-29102002><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D770333710-29102002><FONT face=3DArial color=3D#0000ff =
size=3D2>I have=20
even gotten email from myself (old addresses out of =
service)! If you=20
don't have the latest software updates on your system, you get infected. =
otherwise the virus is stripped out of the=20
messages.</FONT></SPAN></DIV>
<DIV><SPAN class=3D770333710-29102002><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><FONT size=3D2>Chris Crowley<BR></FONT></DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B>=20
simpits-tech-admin@simpits.org =
[mailto:simpits-tech-admin@simpits.org]<B>On=20
Behalf Of </B>Ben Jones<BR><B>Sent:</B> Tuesday, October 29, 2002 5:07 =
AM<BR><B>To:</B> simpits-tech@simpits.org<BR><B>Subject:</B> RE:=20
[simpits-tech] Attn Gene, suspect hacking on simpits =
site<BR><BR></FONT></DIV>
<DIV><SPAN class=3D400340910-29102002><FONT face=3DArial =
color=3D#0000ff size=3D2>i,m=20
still geting notification from my isp that someone is trying to send =
me=20
the <FONT size=3D2>WORM_YAHA.E virus</DIV>
<DIV></FONT> </DIV>
<DIV></FONT></SPAN><SPAN class=3D400340910-29102002><FONT face=3DArial =
color=3D#0000ff size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D400340910-29102002><FONT face=3DArial =
color=3D#0000ff size=3D2>I=20
STRESS MY SYSTEM IS CLEAN !!!</FONT></SPAN></DIV>
<DIV><SPAN class=3D400340910-29102002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D400340910-29102002><FONT face=3DArial =
color=3D#0000ff size=3D2>the=20
senders are </FONT></SPAN></DIV>
<DIV><SPAN class=3D400340910-29102002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2><FONT size=3D2></FONT></FONT></SPAN> </DIV>
<DIV><SPAN class=3D400340910-29102002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2><FONT size=3D2>hetwoonhuis</FONT></FONT></SPAN></DIV>
<DIV><SPAN class=3D400340910-29102002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2><FONT size=3D2>ch.huyben</FONT></FONT></SPAN></DIV>
<DIV><SPAN class=3D400340910-29102002></SPAN><SPAN=20
class=3D400340910-29102002><FONT size=3D2>Mail Delivery =
System</FONT></SPAN></DIV>
<DIV><SPAN class=3D400340910-29102002><A=20
href=3D"mailto:hetwoonhuis@wxs.nl">hetwoonhuis@wxs.nl</A></SPAN></DIV>
<DIV><SPAN class=3D400340910-29102002></SPAN> </DIV>
<DIV><SPAN class=3D400340910-29102002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D400340910-29102002><FONT face=3DArial =
color=3D#0000ff size=3D2>dont=20
know if this helps any one , of if they know these mysterious=20
senders</FONT></SPAN></DIV>
<DIV><SPAN class=3D400340910-29102002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT> </DIV></SPAN>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2></FONT> </DIV>
<P><FONT face=3DArial size=3D2>BEN <FONT size=3D2></P>
<P></FONT>JONES </FONT><BR><FONT face=3DArial=20
size=3D2>-----------------------------------------</FONT> <BR><FONT =
face=3DArial=20
size=3D2>bjones@pipecomp.com.au</FONT> <BR><FONT face=3DArial=20
size=3D2>------------------------------------------------</FONT> </P>
<BLOCKQUOTE>
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Alan D. Mazurka=20
[mailto:adm.design@verizon.net]<BR><B>Sent:</B> Tuesday, 29 October =
2002=20
3:34 AM<BR><B>To:</B> simpits-tech@simpits.org<BR><B>Cc:</B>=20
adm.design@verizon.net<BR><B>Subject:</B> Re: [simpits-tech] Attn =
Gene,=20
suspect hacking on simpits site<BR><BR></FONT></DIV>hi,=20
Gene<BR><BR>....probably from a piece of mail from simpits-tech, but =
i can't=20
comment further. <BR><BR>it's the same version of the thing =
travelling=20
around a few weeks back. i deleted it too fast to associate the =
owner with=20
the mischief. most of the time they don't even know they're=20
infected.<BR><BR>since your'e unix-based, it's probably a different =
problem=20
altogether.<BR><BR>still, thanks for your good detective=20
work.<BR><BR> - adm -<BR> <BR><BR>At 11:12 AM 10/28/02 =
-0800, you=20
wrote:<BR>
<BLOCKQUOTE class=3Dcite type=3D"cite" cite>> norton picked up =
(yet one=20
more of those) files in /spool.tmp (or some =
such)<BR>><BR>Picked it up=20
from=20
=
where?<BR><BR>g.<BR><BR>_______________________________________________<B=
R>Simpits-tech=20
mailing list<BR>Simpits-tech@simpits.org<BR><A=20
href=3D"http://www.simpits.org/mailman/listinfo/simpits-tech"=20
=
eudora=3D"autourl">http://www.simpits.org/mailman/listinfo/simpits-tech</=
A><BR>To=20
unsubscribe, please see the instructions at the bottom of the =
above=20
page. Thanks! </BLOCKQUOTE><X-SIGSEP>
<P></X-SIGSEP>
<HR>
<BR>Alan D.=20
=
Mazurka =
=20
Webspace Design &=20
Implementation<BR>adm.design@verizon.net =20
<BR></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0082_01C27F0D.E3645120--