Wirehead Studios

General Discussion => Off-Topic => Topic started by: LeeMon on 2003-02-11, 21:28



Title: Someone doesn't like me... (...bad enough to pull this stunt...)
Post by: LeeMon on 2003-02-11, 21:28
Subj:       Rejected posting to FINAID-INFO@LISTSERV.VT.EDU
Date:          Tue, 11 Feb 2003 14:34:26 -0500
From:  "L-Soft list server at LISTSERV.VT.EDU (1.8d)"              [LISTSERV@listserv.vt.edu]
----------------------------------------------------------------
You  are  not  authorized to  send  mail  to  the  FINAID-INFO list  from  your
leemon@PLANETQUAKE.COM account.  You might  be authorized to  send to  the list
from another of your accounts, or perhaps when using another mail program which
generates slightly  different addresses, but  LISTSERV has no way  to associate
this other account or address with yours. If you need assistance or if you have
any question regarding  the policy of the FINAID-INFO list,  please contact the
list owners: FINAID-INFO-request@LISTSERV.VT.EDU.

------------------------ Rejected message (147 lines) -------------------------
Received: from dagger.cc.vt.edu (IDENT:mirapoint@dagger.cc.vt.edu [198.82.161.182])
   by listserv.vt.edu (8.12.5/8.12.5/LISTSERV) with ESMTP id h1BJYJLf036028
   for [FINAID-INFO@LISTSERV.VT.EDU]; Tue, 11 Feb 2003 14:34:25 -0500
Received: from flat05.bekkoame.ne.jp (flat05.bekkoame.ne.jp [202.231.202.23])
   by dagger.cc.vt.edu (Mirapoint Messaging Server MOS 3.3.2-CR)
   with ESMTP id BCK72337;
   Tue, 11 Feb 2003 14:34:12 -0500 (EST)
Received: from Xryxhp (h33.95.39.162.ip.alltel.net [162.39.95.33])
   by flat05.bekkoame.ne.jp (8.11.6+Sun/3.7W-FLAT) with SMTP id h1BJUvO20355;
   Wed, 12 Feb 2003 04:30:57 +0900 (JST)
   (envelope-from ajuz@telecalljapan.com)
Date: Wed, 12 Feb 2003 04:30:57 +0900 (JST)
Message-Id: [200302111930.h1BJUvO20355@flat05.bekkoame.ne.jp]
From: leemon [leemon@planetquake.com]
To: FINAID-INFO@LISTSERV.VT.EDU
Subject: A  nice game
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="MIRAPOINT_PART1_3e49503a"
X-Mirapoint-Virus: VIRUSDELETED;
   host=dagger.cc.vt.edu;
   attachment=[2.2];
   virus=W32/Klez-H

--MIRAPOINT_PART1_3e49503a
Content-Type: text/plain

WARNING!!! (from dagger.cc.vt.edu)

The following message attachments were flagged by the antivirus scanner:

Attachment [2.2] install.exe, virus infected: W32/Klez-H.  Action taken: deleted

--MIRAPOINT_PART1_3e49503a
Content-Type: multipart/alternative;
   boundary=Moi5s88eNH2YH21119

--Moi5s88eNH2YH21119
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

Code:
[HEAD][/HEAD][BODY]

[FONT]This is a very  nice game[br]
This game is my first work.[br]
You're the first player.[br]
I hope you would enjoy it.[/FONT][/BODY]

--Moi5s88eNH2YH21119
Content-Type: text/plain

VIRUS WARNING Message (from dagger.cc.vt.edu)

The virus W32/Klez-H was detected in email attachment [2.2] install.exe.  The infected attachment has been deleted.

--Moi5s88eNH2YH21119

--Moi5s88eNH2YH21119
Content-Type: application/octet-stream;
   name=insite[1].html
Content-Transfer-Encoding: base64
Content-ID: [Ox27U7gR65S]

PGh0bWw+CjxoZWFkPgo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9...[snip]


Title: Re: Someone doesn't like me...
Post by: LeeMon on 2003-02-11, 21:42
An explanation...

I received this in my email.  For those who have difficulty dissecting it, it's a warning sent from a financial aid Listserv for Virginia Tech.

Basically, the listserv received an email that claimed to be from leemon@planetquake.com.  The email would show the short blurb saying "here's my first game" and have an attachment called INSTALL.EXE.

Which is infected with Klez.

If things had gone as its creator had planned, the entire LISTSERV would have received Klez.  Those who opened it would have flooded the entire Virginia Tech campus.

And my name would have been all over it.

Thankfully, two things happened.  One, the VT email network has antivirus software running within their email system; it snipped Klez out of the executable.  Two, their financial aid list doesn't allow emails from anyone outside the vt.edu domain; consequently, the email was sent back to the fake From address, namely me.

The result is that I'm sitting here with a very incriminating piece of evidence... and if you examine the header closely, you can trace all this nonsense back to an IP address from Alltel, which is a Midwestern ISP...

Specifically, Lincoln, Nebraska.

I'm about to send a few emails of my own.


Title: Re: Someone doesn't like me...
Post by: Tekhead on 2003-02-11, 22:19
BEAT SOME ASS LEEMON! :evil:  :thumb:


Title: Re: Someone doesn't like me...
Post by: Daedalus on 2003-02-11, 22:24
Go Leemon! Its your birthday!

As Tek, so rightfully said.... BEAT SOME ASS!  :thud:  :daddy:


Title: Re: Someone doesn't like me...
Post by: games keeper on 2003-02-12, 15:01
Iwouldnt send an email I would trace his adres and rip his PC (coud use another big ass PC


Title: Re: Someone doesn't like me...
Post by: ReBoOt on 2003-02-12, 15:53
Those damn viruses... hate them!
Still can't understand why certain ppls create them, why don't they do something usefull instead.....    :huh:


Title: Re: Someone doesn't like me...
Post by: Tabun on 2003-02-12, 16:30
People create virii for many different reasons, but one of biggest must be that there are so many dumb people using computers. The most succesful method of trying to spread a malignant bit of code, is by naming it kournikova_naked.exe, iloveyou.com or pleaseclickmeyoudumbpieceofshit_theresboobiesinside.jpg.exe.

The edu virusscanners & your bit of evidence are great Lee, kick some scriptkiddie-ass.


Title: Re: Someone doesn't like me...
Post by: pepe on 2003-02-12, 18:47
i get that exact mail to my hotmail account on a regualr basis but since they scan the attachments automaticly it wont even show up



Title: Re: Someone doesn't like me...
Post by: Phoenix on 2003-02-14, 07:11
Lee, that sucks!  I've received emails like that from Neurobasher, Skid, and other people I've emailed in the past.  The subject line always had some part of the message, but attached was an iframe exploit virus, usually a .scr or something else.  I think what happens is someone else who you've emailed in the past gets hit with this and it sends a chop-shop message to everyone on their email list.  A lot of people have it set to automatically add people who mail them to their address book.  Warden got sent a virus from my netzero address which actually originated somewhere overseas.  That's why email worms suck cloaca, and the people who write them should be publicly shot in my opinion.  With a chaingun. :biggun:  :omfg:


Title: Re: Someone doesn't like me...
Post by: LeeMon on 2003-02-15, 00:00
Well, I feel much better... after researching the virus, this is exactly how it operates.

In short, no one's doing this on purpose.  It's just that one of my friends is apparently infected.

The virus will spoof the email FROM address using the name of someone in the address book.  Failing that, it will search the computer for any email address, be it on webpages or document files.

At this is at least easier to deal with than having one of my friends attack me.  ;^)


Title: Re: Someone doesn't like me...
Post by: Daedalus on 2003-02-15, 00:14
Oh good :)... (hopes his email address isnt on an infectee's computer)

Eep  <_<  :blink:  :hail:


Title: Re: Someone doesn't like me...
Post by: Angst on 2003-02-15, 15:45
yeah, klez is a bitch of a virus. your friend is in for a format/reload btw. :wall:


Title: Re: Someone doesn't like me...
Post by: Woodsman on 2003-02-18, 04:16
i have a very simple solution to this. you find the person responsible , give me a bottle of scotch and ill stranger her..uh them with a piano wire