[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] new worm traveling the net? (GNU/Linux)

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] new worm traveling the net? (GNU/Linux)
From: Przemyslaw Frasunek <venglin@xxxxxxxxxxxxxxxxx>
Date: Tue, 20 Feb 2007 10:06:59 +0100

Timo Schoeler napisał(a):
> a friend of mine contacted me because he saw lots of emails (60) to
> catchthismail@xxxxxxxxxx starting at about 5:00 am (US east coast
> time).

Indeed, I've started receiving it yesterday at 10:00 am (CET) and it stopped at
08:00 pm. To: header contained catchthismail@xxxxxxxxxx and
helloitmenice@xxxxxxxxxx with almost all domains hosted at my site.

There were about 130 such mails, all of them with following body:

========================
Hi
How are you ? Call me.
and marketing pitches
Poor you, i don't even think how much spam you are recive.
at the group's
6D7174796A6E6A6B667A6A33746A716E72736845777873706872
========================

The third and fifth line contains random words. The last one is hexadecimally
encoded ASCII string, also random.

-- 
* Fido: 2:480/124 ** WWW: http://www.frasunek.com ** NICHDL: PMF9-RIPE *
* Jabber ID: venglin@xxxxxxxx ** PGP ID: 2578FCAD ** HAM-RADIO: SQ8JIV *

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] new worm traveling the net? (GNU/Linux)
  - From: Timo Schoeler

Prev by Date: Re: [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability
Next by Date: Re: [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability
Previous by thread: Re: [Full-disclosure] new worm traveling the net? (GNU/Linux)
Next by thread: Re: [Full-disclosure] FW: [Fwd: Re[2]: Fun with event logs (semi-offtopic)]
Index(es):
- Date
- Thread