Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: hotmail password request tool (intranet usage)
DA Morgan wrote:
> Ulrich Hobelmann wrote:
>
>> DA Morgan wrote: >> >>> Here at the University of Washington there have been demonstrations of >>> archive files that autoexecute when opened (not even unpacked) which is >>> more than enough to trigger an attack. >> >> >> >> What's "opening" an archive file and how does it execute something??
>>> How serious is the problem? All .zip files are deleted by our mail >>> server. I'll let you be the judge, knowing that, of how you feel about >>> opening and archive that is self-identified as stolen from an internal >>> web site (what does that say about the poster's integrity level) and >>> for which the poster has done his or her best to not reveal what is >>> actually contained. >> >> >> WHAT? I'd get quite furious if someone just deleted all zips in my >> email! Why not just delete all emails, then you can't get spam anymore!
>>> Microsoft is now involved. If this person is truly inside the company >>> they may well exit sooner than they planned ... and not through the >>> front door. I've as much use for thieves as for spammers. >> >> >> I believe it's a virus inside, and no secret MS stuff. So even if >> there is, how can I be guilty for just *looking* inside? Isn't that >> the same as finding top-secret documents on the street and looking at >> them? I didn't sign no NDA. Of course if it's MS code, then >> distributing it would be illegal.
Some very basic tools would show that is a waste of time:
C:\>nslookup 62.195.137.150
Server: csfw01.cs.nl
Address: 192.168.1.101
Name: i137150.upc-i.chello.nl
Address: 62.195.137.150
$ whois matweb.info
Domain ID:D6093059-LRMS
Domain Name:MATWEB.INFO
Created On:22-Jul-2004 17:04:21 UTC
Registrant Country:NL
Admin Country:NL
Billing Country:NL
Lots of info snipped.
Seems the stuff comes from The Netherlands. And it looks like a spammer tool: request a hotmail account by email; presumably to generate bulkmail from, and abandon the account again.
Nothing out-of-the ordinary...
I make it a habit of checking out things like this, to avoid generating email about hoaxes, etc.
Followup set for cdo.server only. Posted in cdos only
-- Regards, Frank van BortelReceived on Tue Apr 19 2005 - 07:06:10 CDT