16 Apr
2003
16 Apr
'03
10:50 a.m.
This guy has obviously mined the classiccmp mail list for his
address list!
- don
---------- Forwarded message ----------
Date: Wed, 16 Apr 2003 11:00:02 +0200
From: Alexander Thaler <alexander.thaler(a)wasi.tv>
To: peraza(a)uia.ua.ac.be, ingesudl(a)aol.com, anonymouys(a)bogus-address.con,
fodder1(a)ureach.com, iam(a)here.com, j.bus(a)athccnet.dotnl,
rstevew(a)deepthought.armory.com, fjscipio(a)rochester.rr.com, dmabry(a)mich.com,
anthony.rhill(a)tiscali.co.uk, ralf_quint(a)hottmail.com, raj(a)rijhwani.org,
prhunt(a)dyson.brisnet.org.au, herby(a)memotech.franken.de, mike(a)spurgeon.net,
anonymous(a)bogus-address.con, jimbo(a)sonic.net, seanb51229(a)aol.com,
rkulhanek(a)gmx.de, usenetreply(a)xs4all.nl, rolfharrmann(a)t-online.de,
stanb45(a)dial.pipex.com, msxhans(a)yahoo.com, peter.schorn(a)acm.org,
shirkahn(a)busoutoshi.net, j.cammell(a)xtra.co.nz, niemz(a)hagemann-druck.de,
wes.parish(a)paradise.net.nz, bill_leary(a)msn.com, john(a)guntersville.net,
rdoerr(a)bizserve.com, kth(a)srv.net, halbower(a)worldnet.att.net,
tmartin(a)s100classics.org, ruud.baltissen(a)abp.nl,
harry_zandbergen(a)hotmail.com, a.stuurman(a)kader.hobby.nl, m10766(a)abc.se,
terrygski(a)cfl.rr.com, invalid_email(a)guestwho.com,
john.hotdog.jardine(a)hotmail.com, vze337gt(a)verizon.net,
supertrone(a)hotmail.com, dkelvey(a)hotmail.com, rgerlach(a)nowhere.com.au,
peacock(a)simconv.com, stevejdubrovich(a)digitalme.com, hharte(a)hartetec.com,
thosmm(a)yahoo.com, donm(a)crash.cts.com, snyder(a)gonzaga.edu,
jgh(a)arcade.demon.co.uk, c(a)c.com, larry_fosdick(a)hotmail.com,
anonymous(a)bogus_address.con, greenwoo(a)misu.nodak.edu, ndrez(a)att.net,
hjohnson(a)zzznjcc.com, salle.arobase(a)wanadoo.fr, mjmahon(a)aol.com,
cbfalconer(a)worldnet.att.net, cbfalconer(a)yahoo.com, axel_berger(a)su2.maus.de,
leeahart(a)earthlink.net, daveh(a)ci.com.au, s_dubrovich(a)yahoo.com,
jce(a)seasip.demon.co.uk, paralegl(a)cwo.com, watzman(a)neo.rr.com,
blackm00(a)cam.org
Subject: FWD: Try this security update from Microsoft.
----- Original message follows -----
Microsoft Customer
this is the latest version of security update, the
"April 2003, Cumulative Patch" update which eliminates all
known security vulnerabilities affecting Internet Explorer,
Outlook and Outlook Express as well as five newly discovered
vulnerabilities. Install now to protect your computer from these
vulnerabilities, the most serious of which could allow an attacker to
run executable on your system. This update includes the functionality
of all previously released patches.
System requirements:
Win 9x/Me/2000/NT/XP
<snip>
[demime 1.01a removed an attachment of type APPLICATION/X-MSDOWNLOAD which had a NAME of
update797.exe]
16 Apr
16 Apr
11:10 a.m.
New subject: Try this security update from Microsoft. (fwd)
This guy has obviously mined the classiccmp mail list
for his
address list!
- don
This message is from a trojan/worm that uses the Windows Address Book to
spread - I've gotten lots of them recently. So, more likely, one of the
subscribers to this list is infected.
Here are the details:
http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe.b@mm.html
---------- Forwarded message ----------
Date: Wed, 16 Apr 2003 11:00:02 +0200
From: Alexander Thaler <alexander.thaler(a)wasi.tv>
11:12 a.m.
New subject: Try this security update from Microsoft. (fwd)
It's some kind of virus or trojan, I think. I've received this evening one
message same than
this from one "Bob Stacey".
Be careful.
Best Regards
Sergio
----- Original Message -----
From: "Don Maslin" <donm(a)cts.com>
To: <cctalk(a)classiccmp.org>
Sent: Wednesday, April 16, 2003 9:48 PM
Subject: FWD: Try this security update from Microsoft. (fwd)
This guy has obviously mined the classiccmp mail list
for his
address list!
- don
---------- Forwarded message ----------
Date: Wed, 16 Apr 2003 11:00:02 +0200
From: Alexander Thaler <alexander.thaler(a)wasi.tv>
To: peraza(a)uia.ua.ac.be, ingesudl(a)aol.com, anonymouys(a)bogus-address.con,
fodder1(a)ureach.com, iam(a)here.com, j.bus(a)athccnet.dotnl,
rstevew(a)deepthought.armory.com, fjscipio(a)rochester.rr.com,
dmabry(a)mich.com,
anthony.rhill(a)tiscali.co.uk,
ralf_quint(a)hottmail.com,
raj(a)rijhwani.org,
prhunt(a)dyson.brisnet.org.au,
herby(a)memotech.franken.de,
mike(a)spurgeon.net,
anonymous(a)bogus-address.con, jimbo(a)sonic.net,
seanb51229(a)aol.com,
rkulhanek(a)gmx.de, usenetreply(a)xs4all.nl, rolfharrmann(a)t-online.de,
stanb45(a)dial.pipex.com, msxhans(a)yahoo.com, peter.schorn(a)acm.org,
shirkahn(a)busoutoshi.net, j.cammell(a)xtra.co.nz,
niemz(a)hagemann-druck.de,
wes.parish(a)paradise.net.nz, bill_leary(a)msn.com,
john(a)guntersville.net,
rdoerr(a)bizserve.com, kth(a)srv.net,
halbower(a)worldnet.att.net,
tmartin(a)s100classics.org, ruud.baltissen(a)abp.nl,
harry_zandbergen(a)hotmail.com, a.stuurman(a)kader.hobby.nl,
m10766(a)abc.se,
terrygski(a)cfl.rr.com,
invalid_email(a)guestwho.com,
john.hotdog.jardine(a)hotmail.com, vze337gt(a)verizon.net,
supertrone(a)hotmail.com, dkelvey(a)hotmail.com, rgerlach(a)nowhere.com.au,
peacock(a)simconv.com, stevejdubrovich(a)digitalme.com,
hharte(a)hartetec.com,
thosmm(a)yahoo.com, donm(a)crash.cts.com,
snyder(a)gonzaga.edu,
jgh(a)arcade.demon.co.uk, c(a)c.com, larry_fosdick(a)hotmail.com,
anonymous(a)bogus_address.con, greenwoo(a)misu.nodak.edu, ndrez(a)att.net,
hjohnson(a)zzznjcc.com, salle.arobase(a)wanadoo.fr, mjmahon(a)aol.com,
cbfalconer(a)worldnet.att.net, cbfalconer(a)yahoo.com,
axel_berger(a)su2.maus.de,
leeahart(a)earthlink.net, daveh(a)ci.com.au,
s_dubrovich(a)yahoo.com,
jce(a)seasip.demon.co.uk, paralegl(a)cwo.com, watzman(a)neo.rr.com,
blackm00(a)cam.org
Subject: FWD: Try this security update from Microsoft.
----- Original message follows -----
Microsoft Customer
this is the latest version of security update, the
"April 2003, Cumulative Patch" update which eliminates all
known security vulnerabilities affecting Internet Explorer,
Outlook and Outlook Express as well as five newly discovered
vulnerabilities. Install now to protect your computer from these
vulnerabilities, the most serious of which could allow an attacker to
run executable on your system. This update includes the functionality
of all previously released patches.
System requirements:
Win 9x/Me/2000/NT/XP
<snip>
[demime 1.01a removed an attachment of type APPLICATION/X-MSDOWNLOAD which
had a
NAME of update797.exe]
11:14 a.m.
Actually, that's a virus payload. There is no such fix.
g.
On Wed, 16 Apr 2003, Don Maslin wrote:
This guy has obviously mined the classiccmp mail list
for his
address list!
- don
---------- Forwarded message ----------
Date: Wed, 16 Apr 2003 11:00:02 +0200
From: Alexander Thaler <alexander.thaler(a)wasi.tv>
To: peraza(a)uia.ua.ac.be, ingesudl(a)aol.com, anonymouys(a)bogus-address.con,
fodder1(a)ureach.com, iam(a)here.com, j.bus(a)athccnet.dotnl,
rstevew(a)deepthought.armory.com, fjscipio(a)rochester.rr.com, dmabry(a)mich.com,
anthony.rhill(a)tiscali.co.uk, ralf_quint(a)hottmail.com, raj(a)rijhwani.org,
prhunt(a)dyson.brisnet.org.au, herby(a)memotech.franken.de, mike(a)spurgeon.net,
anonymous(a)bogus-address.con, jimbo(a)sonic.net, seanb51229(a)aol.com,
rkulhanek(a)gmx.de, usenetreply(a)xs4all.nl, rolfharrmann(a)t-online.de,
stanb45(a)dial.pipex.com, msxhans(a)yahoo.com, peter.schorn(a)acm.org,
shirkahn(a)busoutoshi.net, j.cammell(a)xtra.co.nz, niemz(a)hagemann-druck.de,
wes.parish(a)paradise.net.nz, bill_leary(a)msn.com, john(a)guntersville.net,
rdoerr(a)bizserve.com, kth(a)srv.net, halbower(a)worldnet.att.net,
tmartin(a)s100classics.org, ruud.baltissen(a)abp.nl,
harry_zandbergen(a)hotmail.com, a.stuurman(a)kader.hobby.nl, m10766(a)abc.se,
terrygski(a)cfl.rr.com, invalid_email(a)guestwho.com,
john.hotdog.jardine(a)hotmail.com, vze337gt(a)verizon.net,
supertrone(a)hotmail.com, dkelvey(a)hotmail.com, rgerlach(a)nowhere.com.au,
peacock(a)simconv.com, stevejdubrovich(a)digitalme.com, hharte(a)hartetec.com,
thosmm(a)yahoo.com, donm(a)crash.cts.com, snyder(a)gonzaga.edu,
jgh(a)arcade.demon.co.uk, c(a)c.com, larry_fosdick(a)hotmail.com,
anonymous(a)bogus_address.con, greenwoo(a)misu.nodak.edu, ndrez(a)att.net,
hjohnson(a)zzznjcc.com, salle.arobase(a)wanadoo.fr, mjmahon(a)aol.com,
cbfalconer(a)worldnet.att.net, cbfalconer(a)yahoo.com, axel_berger(a)su2.maus.de,
leeahart(a)earthlink.net, daveh(a)ci.com.au, s_dubrovich(a)yahoo.com,
jce(a)seasip.demon.co.uk, paralegl(a)cwo.com, watzman(a)neo.rr.com,
blackm00(a)cam.org
Subject: FWD: Try this security update from Microsoft.
----- Original message follows -----
Microsoft Customer
this is the latest version of security update, the
"April 2003, Cumulative Patch" update which eliminates all
known security vulnerabilities affecting Internet Explorer,
Outlook and Outlook Express as well as five newly discovered
vulnerabilities. Install now to protect your computer from these
vulnerabilities, the most serious of which could allow an attacker to
run executable on your system. This update includes the functionality
of all previously released patches.
System requirements:
Win 9x/Me/2000/NT/XP
<snip>
[demime 1.01a removed an attachment of type APPLICATION/X-MSDOWNLOAD which had a NAME of
update797.exe]
3:10 p.m.
On Wed, 16 Apr 2003, Don Maslin wrote:
This guy has obviously mined the classiccmp mail list
for his
address list!
I think he just mined Usenet. I get this message about once every ten
days on a new account that I've used to post to usenet recently. It's
obviously some sort of trojan.
--
Sellam Ismail Vintage Computer Festival
------------------------------------------------------------------------------
International Man of Intrigue and Danger http://www.vintage.org
* Old computing resources for business and academia at www.VintageTech.com *
4:43 p.m.
On Wednesday, April 16, 2003, Don Maslin wrote:
---------- Forwarded message ----------
Date: Wed, 16 Apr 2003 11:00:02 +0200
From: Alexander Thaler <alexander.thaler(a)wasi.tv>
Subject: FWD: Try this security update from Microsoft.
[demime 1.01a removed an attachment of type APPLICATION/X-MSDOWNLOAD which
had a NAME of update797.exe]
Thankfully, even when people send a viral attachment to the list, whether
intentional or not, demime strips it off for us. We can safely say that the
list itself is *not* a suitable vector for viruses.
--
Jeffrey Sharp
7769
days inactive
7769
days old
5 comments
6 participants
participants (6)
-
donm@cts.com -
geneb@deltasoft.com -
jim@jkearney.com -
jss@subatomix.com -
spedraja@ono.com -
vcf@siconic.com