delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2002/10/13/19:55:53

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Originating-IP: [195.92.67.67]
From: "Elfyn McBratney" <emcb_exposure AT hotmail DOT com>
To: <cygwin AT cygwin DOT com>
Subject: Fw: Viruses being transported with Cygwin messages
Date: Mon, 14 Oct 2002 00:54:18 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Message-ID: <OE65Sd5vSPfNC9UDETb000111dd@hotmail.com>
X-OriginalArrivalTime: 13 Oct 2002 23:55:43.0460 (UTC) FILETIME=[0AA01A40:01C27314]
Note-from-DJ: This may be spam

I didnt mean that. I meant how it came through the system (mailing list)...
:) i was looking at the headers sent by e-mails from me and its all plain
text, no mime encoded blocks for attatched stuff...

Elfyn

> ----- Original Message -----
> From: Randall R Schulz <rrschulz AT cris DOT com>
> To: Elfyn McBratney <emcb_exposure AT hotmail DOT com>
> Cc: <cygwin AT cygwin DOT com>
> Sent: Monday, October 14, 2002 12:50 AM
> Subject: Re: Viruses being transported with Cygwin messages
>
>
> > Elfyn,
> >
> > Let me be clear that I'm not accusing you (or Gareth or Chris F.) of
> > anything here. As others have pointed out, these worms are clever about
> > coming up with addresses both for the apparent "From:" address and the
> next
> > ply of intended victim recipients.
> >
> > Here are the routing headers from the message _ostensibly_ from you:
> >
> > Return-Path: <elfyn AT mail DOT utexas DOT edu>
> > Received: from mail18.svr.pol.co.uk (mail18.svr.pol.co.uk
[195.92.67.23])
> >          by morse.concentric.net [Concentric SMTP MX 1.0]
> >          id g9DJ7ih10880; Sun, 13 Oct 2002 15:07:44 -0400 (EDT)
> >          [1-800-745-2747 The Concentric Network]
> > Errors-To: <elfyn AT mail DOT utexas DOT edu>
> > Received: from modem-2289.chimpanzee.dialup.pol.co.uk ([217.134.120.241]
> > helo=mcb-home)
> >          by mail18.svr.pol.co.uk with smtp (Exim 3.35 #1)
> >          id 180nmm-0007hQ-00; Sun, 13 Oct 2002 19:48:20 +0100
> > From: "Elfyn McBratney" <elfyn AT mail DOT utexas DOT edu>
> >
> >
> > As you can see, although it claims (suggests? "From:" headers are
> > distinctly non-authoritative) you're at UT Austin, the message itself
did
> > not originate or traverse any servers there. Nor does Hotmail appear in
> the
> > SMTP server-supplied forwarding header. (Concentric is my ISP.)
> >
> > As I understand these worms, they use other user's address books (are
they
> > called "Contact Lists" in Outlook and Outlook Express?) to come up with
> > both fraudulent "From:" addresses and recipients. Win32 DOT Bugbear AT mm uses
> > registry data to propagate, too.
> >
> > Randall Schulz
> > Mountain View, CA USA
> >
> >
> > Here's the full text of the message I receive (attachment graciously
> > elided--in fact, I delete them as soon as I confirm my hunch that
they're
> > worms):
> >
> > -==--==--==--==--==--==--==--==--==--==--==--==--==--==--==-
> > Return-Path: <elfyn AT mail DOT utexas DOT edu>
> > Received: from mail18.svr.pol.co.uk (mail18.svr.pol.co.uk
[195.92.67.23])
> >          by morse.concentric.net [Concentric SMTP MX 1.0]
> >          id g9DJ7ih10880; Sun, 13 Oct 2002 15:07:44 -0400 (EDT)
> >          [1-800-745-2747 The Concentric Network]
> > Errors-To: <elfyn AT mail DOT utexas DOT edu>
> > Received: from modem-2289.chimpanzee.dialup.pol.co.uk ([217.134.120.241]
> > helo=mcb-home)
> >          by mail18.svr.pol.co.uk with smtp (Exim 3.35 #1)
> >          id 180nmm-0007hQ-00; Sun, 13 Oct 2002 19:48:20 +0100
> > From: "Elfyn McBratney" <elfyn AT mail DOT utexas DOT edu>
> > Subject:  Re: Need your Mac OS 8 support plan...
> > MIME-Version: 1.0
> > Content-Type: multipart/alternative;
boundary="----------ISQROT15KBZQSTO"
> > Message-Id: <E180nmm-0007hQ-00 DOT 2002-10-13-19-48-20 AT mail18 DOT svr DOT pol DOT co DOT uk>
> > Bcc:
> > Date: Sun, 13 Oct 2002 19:48:20 +0100
> >
> > Content-Type: text/html;
> >
> > That is really not fare :(
> >
> > Do you know when we'll get a time-indexed beta-sp ???
> >
> > ----- Original Message -----
> > From: Michael Aumeerally
> > To:
> > Sent: Sunday, August 25, 2002 9:52 PM
> > Subject: Re: Need your Mac OS 8 support plan...
> >
> >
> >  > > Just wanted to beg you to bring in Mac OS 8 if your on your travels
> >  > towards the office :)...
> >  >
> >  > I may come in Wednesday evening, depending on how the week unfolds...
> >  >
> > <file://D:\Attachments\connexionscard-pass.txt.scr>[]
> > connexionscard-pass.txt.scr
> > -==--==--==--==--==--==--==--==--==--==--==--==--==--==--==-
> >
> >
> > At 16:33 2002-10-13, Elfyn McBratney wrote:
> > >I for one would like to know how that happend. If its from hotmail then
> fare
> > >do's, sorry. If it was from elfyn AT exposure DOT org DOT uk thats impossible
> because
> > >all I can send through my mailgate is .txt or tars/gz's files...even
then
> > >all archives are extracted/scanned.
> > >
> > >What month???
> > >
> > >Elfyn
> > >
> > >----- Original Message -----
> > >From: Randall R Schulz <rrschulz AT cris DOT com>
> > >To: <cygwin AT cygwin DOT com>
> > >Sent: Sunday, October 13, 2002 11:03 PM
> > >Subject: Re: Viruses being transported with Cygwin messages
> > >
> > >
> > > > Hi,
> > > >
> > > > I might help to know this is the "W32 DOT Bugbear AT mm" worm. It has been
> > > > spreading a lot lately. In today's batch I received 3 copies under
> > > > different names (supposedly from Christopher Faylor, Gareth Pearce
and
> > > > Elfyn McBratney), each with different contents and different
> attachment
> > >names.
> > > >
> > > > Here's what Symantec has to say about this worm:
> > > > <http://www.sarc.com/avcenter/venc/data/w32 DOT bugbear AT mm DOT html>
> > > >
> > > > Randall Schulz
> > > > Mountain View, CA USA
> >
>

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019