[linux] failure notice

MAILER-DAEMON na mailhub.nextra.sk MAILER-DAEMON na mailhub.nextra.sk
Pátek Listopad 23 05:18:50 CET 2001


Hi. This is the qmail-send program at mailhub.nextra.sk.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<farkas na ekoinforma.sk>:
This message is looping: it already has my Delivered-To line. (#5.4.6)

--- Below this line is a copy of the message.

Return-Path: <linux na lists.linux.sk>
Received: (qmail 37292 invoked from network); 23 Nov 2001 04:18:50 -0000
Received: from unknown (HELO cdwork.cvt.stuba.sk) (147.175.1.11)
  by mailhub.nextra.sk with SMTP; 23 Nov 2001 04:18:50 -0000
Received: from gmet.sk ([193.87.160.9])
	by cdwork.cvt.stuba.sk (8.10.1/8.10.1) with ESMTP id fAN4Im323214
	for <farkas na ekoinforma.sk>; Fri, 23 Nov 2001 05:18:48 +0100 (CET)
Resent-Message-Id: <200111230418.fAN4Im323214 na cdwork.cvt.stuba.sk>
Received: from AMADEUS/SpoolDir by gmet.sk (Mercury 1.48);
    23 Nov 01 05:18:43 +0100 (MET)
Received: from SpoolDir by AMADEUS (Mercury 1.48); 23 Nov 01 05:18:21 +0100 (MET)
Received: from AMADEUS/SpoolDir by gmet.sk (Mercury 1.48)
  for <farkas.KLS.UCITELIA.METODKA.GYMET na gmet.sk>;  23 Nov 01 05:18:21 +0100 (MET)
Resent-from: farkas.KLS.UCITELIA.METODKA.GYMET na gmet.sk
Resent-to: farkas na ekoinforma.sk
Resent-Date: Fri, 23 Nov 2001 5:18:21 +0100 (MET)
X-Autoforward: 1
Received: from ns.nx.nextra.sk (195.168.1.2) by gmet.sk (Mercury 1.48);
    23 Nov 01 05:18:11 +0100 (MET)
Received: (qmail 61433 invoked from network); 23 Nov 2001 04:18:13 -0000
Received: from unknown (HELO m) (195.168.130.155)
  by smtp2.nx.nextra.sk with SMTP; 23 Nov 2001 04:18:12 -0000
Resent-from: "Marek Farkas" <farkas na ekoinforma.sk>
Resent-to: farkas na gmet.sk
Resent-date: Fri, 23 Nov 2001 05:15:27 +0100
Delivered-To: ekoinforma-sk__-farkas na ekoinforma.sk
Received: (qmail 99847 invoked from network); 22 Nov 2001 14:48:34 -0000
Received: from unknown (HELO server.Linux.sk) (147.175.66.133)
  by mailhub.nextra.sk with SMTP; 22 Nov 2001 14:48:34 -0000
Received: from server.linux.sk (localhost.localdomain [127.0.0.1])
	by server.Linux.sk (Postfix) with ESMTP
	id 2ADD71DE92; Thu, 22 Nov 2001 15:48:21 +0100 (CET)
Delivered-To: linux na linux.sk
Received: from gw.nts.sk (gw.nts.sk [193.58.192.253])
	by server.Linux.sk (Postfix) with ESMTP id 18D751DE84
	for <linux na lists.linux.sk>; Thu, 22 Nov 2001 15:47:07 +0100 (CET)
Subject: Re: [linux] OT  !!! VIRUS !!!
To: linux na lists.linux.sk
X-Mailer: Lotus Notes Release 5.0.8  June 18, 2001
Message-ID: <OF575344E4.1F0CC141-ONC1256B0C.00511357 na nts.sk>
From: Jozef_Cierny na nts.sk
X-MIMETrack: Serialize by Router on Domino/NTS/SK(Release 5.07a |May 14, 2001) at 22.11.2001
 15:47:07
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: linux-admin na lists.linux.sk
Errors-To: linux-admin na lists.linux.sk
X-BeenThere: linux na lists.linux.sk
X-Mailman-Version: 2.0.5
Precedence: bulk
Reply-To: linux na lists.linux.sk
List-Help: <mailto:linux-request na lists.linux.sk?subject=help>
List-Post: <mailto:linux na lists.linux.sk>
List-Subscribe: <http://lists.linux.sk/listinfo/linux>,
	<mailto:linux-request na lists.linux.sk?subject=subscribe>
List-Id: Voľná diskusia o Linuxe <linux.lists.linux.sk>
List-Unsubscribe: <http://lists.linux.sk/listinfo/linux>,
	<mailto:linux-request na lists.linux.sk?subject=unsubscribe>
List-Archive: <http://lists.linux.sk/pipermail/linux/>
Date: Thu, 22 Nov 2001 15:47:03 +0100


moc to sem nepatri,skor do konfery o viroch na m$, ale budiz, snad ma
neubiju:

I-Worm/Aliz

je starsi, 4 KB veliky komprimovany worm, ktery se siri jako prazdny HTML
mail s prilohou "whatever.exe" a subjektem poskladanym z techto
slov (z kazde skupiny vybere nahodne jedno slovo):

 Fw:
 Fw: Re:


 Cool
 Nice
 Hot
 some
 Funny
 weird
 funky
 great
 Interesting
 many


 website
 site
 pics
 urls
 pictures
 stuff
 mp3s
 shit
 music
 info


 to check
 for you
 i found
 to see
 here
 - check it


 !!
 !'
 :-)
 ?!
 hehe ;-)


V tele wormu je po dekomprimaci take viditelne nasledujici sdeleni:

 :::iworm.alizee.by.mar00n!ikx2oo1:::

 while typing this text i realize this text got added on many av
 description sites, because this silly worm could be easily a
 hype. i wonder which av claims '[companyname] stopped high risk
 worm before it could escape!' or shit like that. heh, or they
 boycot my virus because of this text. well, it is easy enough
 for the poor av's to add this worm; since it was only released
 as source in coderz#2... btw, loveletter*2 power in pure win32asm
 and only a 4k exe file. heh, vbs kiddies, phear win32asm. :)
 thx to: bumblebee!29a, asmodeus!ikx. greets to: starzer0!ikx
 t-2000!ir, ultras!mtx & sweet gigabyte...
 btw,burgemeester van sneek: ik zoek nog een baantje...
 (alignmentfillingtext)


Rozesila se na adresy definovane v registry

'Software\Microsoft\WAB\WAB4\Wab File Name'

a pouziva defaultni SMTP ucet z registry

'Software\Microsoft\Internet Account Manager\Accounts\00000001'


Ke sve aktivaci vyuziva znamy trik s nespravne nastavenym Content-Type,
takze k jeho aktivaci muze za priznivych podminek dojit pouhym
prohlednutim zpravy. Worm nema zadnou skodlivou cinnost, ani se nezapisuje
do zadneho souboru, takze k jeho aktivaci dochazi pouze pri
spusteni z mailu a k jeho odstraneni staci infikovany mail smazat.






                                                                                                                       
                    "Kocur"                                                                                            
                    <kocur na nocka.sk>        To:     <linux na lists.linux.sk>                                             
                    Sent by:                cc:                                                                        
                    linux-admin na list        Subject:     Re: [linux] OT  !!! VIRUS !!!                                 
                    s.linux.sk                                                                                         
                                                                                                                       
                                                                                                                       
                    11/22/2001 02:23                                                                                   
                    PM                                                                                                 
                    Please respond                                                                                     
                    to linux                                                                                           
                                                                                                                       
                                                                                                                       




na linuxe nebezi...

a mail server je zahlteni ras dva...
ten virus si  kopiruje emailove adresy z adresarov a automaticky sa
rozposiela dalej...

ako priloha je vnom subor " whatever.exe "

uz teraz mam zahlteni mail server...





_______________________________________________
http://lists.linux.sk/listinfo/linux
http://search.lists.linux.sk




Další informace o konferenci linux