2024-12-22, 09:48 *
Welcome, Guest. Please login or register.

Login with username, password and session length
 
Pages: [1]
  Print  
Author Topic: Someone doesn't like me... (...bad enough to pull this stunt...)  (Read 11287 times)
0 Members and 2 Guests are viewing this topic.
LeeMon
 
Team Member
Shambler
*******
Posts: 107

« on: 2003-02-11, 21:28 »

Subj:       Rejected posting to FINAID-INFO@LISTSERV.VT.EDU
Date:          Tue, 11 Feb 2003 14:34:26 -0500
From:  "L-Soft list server at LISTSERV.VT.EDU (1.8d)"              [LISTSERV@listserv.vt.edu]
----------------------------------------------------------------
You  are  not  authorized to  send  mail  to  the  FINAID-INFO list  from  your
leemon@PLANETQUAKE.COM account.  You might  be authorized to  send to  the list
from another of your accounts, or perhaps when using another mail program which
generates slightly  different addresses, but  LISTSERV has no way  to associate
this other account or address with yours. If you need assistance or if you have
any question regarding  the policy of the FINAID-INFO list,  please contact the
list owners: FINAID-INFO-request@LISTSERV.VT.EDU.

------------------------ Rejected message (147 lines) -------------------------
Received: from dagger.cc.vt.edu (IDENT:mirapoint@dagger.cc.vt.edu [198.82.161.182])
   by listserv.vt.edu (8.12.5/8.12.5/LISTSERV) with ESMTP id h1BJYJLf036028
   for [FINAID-INFO@LISTSERV.VT.EDU]; Tue, 11 Feb 2003 14:34:25 -0500
Received: from flat05.bekkoame.ne.jp (flat05.bekkoame.ne.jp [202.231.202.23])
   by dagger.cc.vt.edu (Mirapoint Messaging Server MOS 3.3.2-CR)
   with ESMTP id BCK72337;
   Tue, 11 Feb 2003 14:34:12 -0500 (EST)
Received: from Xryxhp (h33.95.39.162.ip.alltel.net [162.39.95.33])
   by flat05.bekkoame.ne.jp (8.11.6+Sun/3.7W-FLAT) with SMTP id h1BJUvO20355;
   Wed, 12 Feb 2003 04:30:57 +0900 (JST)
   (envelope-from ajuz@telecalljapan.com)
Date: Wed, 12 Feb 2003 04:30:57 +0900 (JST)
Message-Id: [200302111930.h1BJUvO20355@flat05.bekkoame.ne.jp]
From: leemon [leemon@planetquake.com]
To: FINAID-INFO@LISTSERV.VT.EDU
Subject: A  nice game
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="MIRAPOINT_PART1_3e49503a"
X-Mirapoint-Virus: VIRUSDELETED;
   host=dagger.cc.vt.edu;
   attachment=[2.2];
   virus=W32/Klez-H

--MIRAPOINT_PART1_3e49503a
Content-Type: text/plain

WARNING!!! (from dagger.cc.vt.edu)

The following message attachments were flagged by the antivirus scanner:

Attachment [2.2] install.exe, virus infected: W32/Klez-H.  Action taken: deleted

--MIRAPOINT_PART1_3e49503a
Content-Type: multipart/alternative;
   boundary=Moi5s88eNH2YH21119

--Moi5s88eNH2YH21119
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

Code:
[HEAD][/HEAD][BODY]

[FONT]This is a very  nice game[br]
This game is my first work.[br]
You're the first player.[br]
I hope you would enjoy it.[/FONT][/BODY]

--Moi5s88eNH2YH21119
Content-Type: text/plain

VIRUS WARNING Message (from dagger.cc.vt.edu)

The virus W32/Klez-H was detected in email attachment [2.2] install.exe.  The infected attachment has been deleted.

--Moi5s88eNH2YH21119

--Moi5s88eNH2YH21119
Content-Type: application/octet-stream;
   name=insite[1].html
Content-Transfer-Encoding: base64
Content-ID: [Ox27U7gR65S]

PGh0bWw+CjxoZWFkPgo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9...[snip]
Logged
LeeMon
 
Team Member
Shambler
*******
Posts: 107

« Reply #1 on: 2003-02-11, 21:42 »

An explanation...

I received this in my email.  For those who have difficulty dissecting it, it's a warning sent from a financial aid Listserv for Virginia Tech.

Basically, the listserv received an email that claimed to be from leemon@planetquake.com.  The email would show the short blurb saying "here's my first game" and have an attachment called INSTALL.EXE.

Which is infected with Klez.

If things had gone as its creator had planned, the entire LISTSERV would have received Klez.  Those who opened it would have flooded the entire Virginia Tech campus.

And my name would have been all over it.

Thankfully, two things happened.  One, the VT email network has antivirus software running within their email system; it snipped Klez out of the executable.  Two, their financial aid list doesn't allow emails from anyone outside the vt.edu domain; consequently, the email was sent back to the fake From address, namely me.

The result is that I'm sitting here with a very incriminating piece of evidence... and if you examine the header closely, you can trace all this nonsense back to an IP address from Alltel, which is a Midwestern ISP...

Specifically, Lincoln, Nebraska.

I'm about to send a few emails of my own.
Logged
Tekhead
 
Elite
*
Posts: 1110

« Reply #2 on: 2003-02-11, 22:19 »

BEAT SOME ASS LEEMON! Sipgate - Evil  Thumbs up!
Logged
Daedalus
 

CyberDemon
******
Posts: 192

« Reply #3 on: 2003-02-11, 22:24 »

Go Leemon! Its your birthday!

As Tek, so rightfully said.... BEAT SOME ASS!  Fainting  Who's Your Daddy?
Logged
games keeper
 

Elite
*
Posts: 1375

« Reply #4 on: 2003-02-12, 15:01 »

Iwouldnt send an email I would trace his adres and rip his PC (coud use another big ass PC
Logged
ReBoOt
Mean ol Swede
 
Team Member
Elite
****
Posts: 1294

WWW
« Reply #5 on: 2003-02-12, 15:53 »

Those damn viruses... hate them!
Still can't understand why certain ppls create them, why don't they do something usefull instead.....    Doom - Huh?
Logged
Tabun
Pixel Procrastinator
 

Team Member
Elite (3k+)
******
Posts: 3330

WWW
« Reply #6 on: 2003-02-12, 16:30 »

People create virii for many different reasons, but one of biggest must be that there are so many dumb people using computers. The most succesful method of trying to spread a malignant bit of code, is by naming it kournikova_naked.exe, iloveyou.com or pleaseclickmeyoudumbpieceofshit_theresboobiesinside.jpg.exe.

The edu virusscanners & your bit of evidence are great Lee, kick some scriptkiddie-ass.
Logged

Tabun ?Morituri Nolumus Mori?
pepe
 

Shambler
*****
Posts: 103

« Reply #7 on: 2003-02-12, 18:47 »

i get that exact mail to my hotmail account on a regualr basis but since they scan the attachments automaticly it wont even show up

Logged
Phoenix
Bird of Fire
 

Team Member
Elite (7.5k+)
*********
Posts: 8815

WWW
« Reply #8 on: 2003-02-14, 07:11 »

Lee, that sucks!  I've received emails like that from Neurobasher, Skid, and other people I've emailed in the past.  The subject line always had some part of the message, but attached was an iframe exploit virus, usually a .scr or something else.  I think what happens is someone else who you've emailed in the past gets hit with this and it sends a chop-shop message to everyone on their email list.  A lot of people have it set to automatically add people who mail them to their address book.  Warden got sent a virus from my netzero address which actually originated somewhere overseas.  That's why email worms suck cloaca, and the people who write them should be publicly shot in my opinion.  With a chaingun. Big Gun  Oh My F'ing Gawd
Logged


I fly into the night, on wings of fire burning bright...
LeeMon
 
Team Member
Shambler
*******
Posts: 107

« Reply #9 on: 2003-02-15, 00:00 »

Well, I feel much better... after researching the virus, this is exactly how it operates.

In short, no one's doing this on purpose.  It's just that one of my friends is apparently infected.

The virus will spoof the email FROM address using the name of someone in the address book.  Failing that, it will search the computer for any email address, be it on webpages or document files.

At this is at least easier to deal with than having one of my friends attack me.  ;^)
Logged
Daedalus
 

CyberDemon
******
Posts: 192

« Reply #10 on: 2003-02-15, 00:14 »

Oh good Slipgate - Smile... (hopes his email address isnt on an infectee's computer)

Eep  <_<  :blink:  Hail
Logged
Angst
Rabid Doomer
 

Team Member
Elite
***
Posts: 1011

WWW
« Reply #11 on: 2003-02-15, 15:45 »

yeah, klez is a bitch of a virus. your friend is in for a format/reload btw. Banging Head against Wall
Logged

"Who says a chainsaw isn't a ranged weapon?"
Woodsman
Icon of Booze
 

Beta Tester
Icon of Sin
***********
Posts: 827

« Reply #12 on: 2003-02-18, 04:16 »

i have a very simple solution to this. you find the person responsible , give me a bottle of scotch and ill stranger her..uh them with a piano wire
Logged
Pages: [1]
  Print  
 
Jump to: