Sorry to be a pain, I'm coming in on this discussion half way through. I
was just wondering, this worm has to be executed to infect, right? It
relies on social engineering?
Rob
> -----Original Message-----
> From: Hal Burgiss [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 04, 2001 9:50 AM
> To: [EMAIL PROTECTED]
> Subject: Re: New worm to affect RH
>
>
> On Tue, Apr 03, 2001 at 02:28:08PM -0500, Mitchell Henderson wrote:
> > Hi,
> > I don't know if you could call it new, it's really a combo of
> > everything that we've seen as of late.
>
> Check this out:
>
> ==================================================================
>
> >From [EMAIL PROTECTED] Wed Apr 4 09:53:23 2001
> Date: Wed, 04 Apr 2001 18:38:49 +0800
> From: Leo <[EMAIL PROTECTED]>
> Newsgroups:
> alt.os.linux,comp.os.linux.misc,alt.linux,comp.os.linux.help,c
> omp.os.linux
> Subject: PLEASE HELP!, MY LINUX have been HACKED~
> NNTP-Posting-Host: vp170207.nte.uac1.hknet.com
>
> Dear all,
>
> Today I turn on my linux and I recieved a mail from sendmail
> regarding a failed message posted to someone in @sina.com . SO i check
> it out and it basically it says the following:
>
> ---------- Forwarded message ----------
> Date: Wed, 4 Apr 2001 03:15:21 +0800
> From: Mail Delivery Subsystem <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Warning: could not send message for past 4 hours
>
> **********************************************
> ** THIS IS A WARNING MESSAGE ONLY **
> ** YOU DO NOT NEED TO RESEND YOUR MESSAGE **
> **********************************************
>
> The original message was received at Tue, 3 Apr 2001 21:57:12 +0800
> from root@localhost
>
> ----- The following addresses had transient non-fatal errors -----
> [EMAIL PROTECTED]
>
> ----- Transcript of session follows -----
> 451 4.4.1 timeout writing message to smtp.hknet.com
> [EMAIL PROTECTED] Deferred
> Warning: message still undelivered after 4 hours
> Will keep trying until message is 5 days old
>
> After reading that message, I was curious because I never use ROOT to
> send message out and aparently, that
> "[EMAIL PROTECTED]" looks very unfamilar to me. So i am
> positive that I
> didn't send such message. Inside the message
> I found two attachment, one dat file and the other text file,..
> Unfortunetly, when I read the text fileI see ALL the confidential
> information all my system all pasted in there. The format looks
> something like this:
>
> /**************************HOST IP*****************************/
> and then i see the whole ifconfig pasted here. then..
> /**************************PS*********************************/
> i see ps -aux, then
> /**************************HISTORY***************************/
> root's command history.. then
> /************************HOSTS*****************************/
> host file, AND EVEN
> /************************PASSWD***************************/
> passwd file , with ROOTS and all users' password unecrypted!!!!
>
>
> I use redhat 7 and i'm sure i have shadow + md5 password enabled.
>
> If anyone have any idea what's going wrong , please let me know and
> how am i getting the file. I know that sina provide freemail service
> but it has an extension of sinaman.com or sinagirl.com, but NOT
> sina.com is that why i am getting the mail bounced back???
>
>
> Any help would be appreciated. Thank you very much !
> Leo
>
> =================================================================
>
>
>
> Unencrypted passwords????
>
>
> --
> Hal B
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> Spamtrap: [EMAIL PROTECTED] and [EMAIL PROTECTED]
> --
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
