FYI - if you're on windows machine DON'T TRY TO FOLLOW URL in that post Somebody sent me a copy of the content and its vbscript that downloads an image converts it into executable and then probably uses some bug in microshit products to have it executed. I'm not that good with windows scripting so whoever of the security people here wants to see it futher if you can not get it yourself, let me know. Its possible this maybe zombie making virus using nanog to replicate (somebody's sick joke) but possibly its more general with other lists too. Spammers and virus writers joined together are getting nastier and nastier. On Wed, 17 Mar 2004, william(at)elan.net wrote:
Me thinks somebody has found a trapdoor in nanog mailsetup and is in general out to get us ...
This one supposedely came from 203.18.63.43 (australia powerhous museum - phm.gov.au) and advertises page on ip 165.134.187.102 (saint louis univerisity - slu.edu). "Connection refused" when I tried to see what's there.
---------- Forwarded message ---------- Return-Path: <owner-nanog@merit.edu> Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) ... Received: by segue.merit.edu (Postfix) id 3B2ED5DE4F; Wed, 17 Mar 2004 23:04:48 -0500 (EST) Delivered-To: nanog@merit.edu Received: from PH02887.net (unknown [203.18.63.43]) by segue.merit.edu (Postfix) with SMTP id 0AE2E5DE32 for <nanog@merit.edu>; Wed, 17 Mar 2004 23:04:46 -0500 (EST) Date: Thu, 18 Mar 2004 15:04:22 +1000 To: nanog@merit.edu Subject: Re: Hi From: srh@merit.edu Message-ID: <nxkitnadhcvpztronff@merit.edu> ...