Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: hotmail password request tool (intranet usage)

Re: hotmail password request tool (intranet usage)

From: Frank van Bortel <fvanbortel_at_netscape.net>
Date: Tue, 19 Apr 2005 14:06:10 +0200
Message-ID: <d42s0m$lof$1@news1.zwoll1.ov.home.nl> 





DA Morgan wrote:


> Ulrich Hobelmann wrote:

> 


>> DA Morgan wrote:
>>
>>> Here at the University of Washington there have been demonstrations of
>>> archive files that autoexecute when opened (not even unpacked) which is
>>> more than enough to trigger an attack.
>>
>>
>>
>> What's "opening" an archive file and how does it execute something??




> 

> 

> But it does or should I say can. It is not that hard to do but I'm not

> going to advertise how as we seem to already have more than enough

> people doing malicious computing without creating more.

> 


>>> How serious is the problem? All .zip files are deleted by our mail
>>> server. I'll let you be the judge, knowing that, of how you feel about
>>> opening and archive that is self-identified as stolen from an internal
>>> web site (what does that say about the poster's integrity level) and
>>> for which the poster has done his or her best to not reveal what is
>>> actually contained.
>>
>>
>> WHAT?  I'd get quite furious if someone just deleted all zips in my
>> email!  Why not just delete all emails, then you can't get spam anymore!




> 

> 

> Get angry if you wish but don't expect to be faculty or student at the

> University of Washington.

> 


>>> Microsoft is now involved. If this person is truly inside the company
>>> they may well exit sooner than they planned ... and not through the
>>> front door. I've as much use for thieves as for spammers.
>>
>>
>> I believe it's a virus inside, and no secret MS stuff.  So even if
>> there is, how can I be guilty for just *looking* inside?  Isn't that
>> the same as finding top-secret documents on the street and looking at
>> them?  I didn't sign no NDA.  Of course if it's MS code, then
>> distributing it would be illegal.




> 

> 

> Don't know ... don't care. I handed it off, with full headers, to the

> proper authorities and they were not amused.




Some very basic tools would show that is a waste of time:
C:\>nslookup 62.195.137.150


Server:  csfw01.cs.nl


Address:  192.168.1.101



Name:    i137150.upc-i.chello.nl


Address:  62.195.137.150



$ whois matweb.info


Domain ID:D6093059-LRMS


Domain Name:MATWEB.INFO


Created On:22-Jul-2004 17:04:21 UTC


Registrant Country:NL


Admin Country:NL


Billing Country:NL



Lots of info snipped.



Seems the stuff comes from The Netherlands.
And it looks like a spammer tool: request a hotmail
account by email; presumably to generate bulkmail
from, and abandon the account again.



Nothing out-of-the ordinary...



I make it a habit of checking out things like this,
to avoid generating email about hoaxes, etc.



Followup set for cdo.server only. Posted in cdos only

-- 
Regards,
Frank van Bortel


Received on Tue Apr 19 2005 - 07:06:10 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US