Re: Fwd: hey, wassup rMoYa

From: "Michael H. Warfield" <mhw wittsend com>
To: Rodrigo Moya <rmoya tsai es>
Cc: gnome-devel-list gnome org
Subject: Re: Fwd: hey, wassup rMoYa
Date: Tue, 16 Nov 1999 12:24:00 -0500

	Danger!

On Tue, Jul 07, 1998 at 04:56:02PM +0200, Rodrigo Moya wrote:
> Hi all!

> I've received this message directly sent to my private email address and
> I don't
> know who the this hp from RedHat is. I ask this question in the list
> because the
> address is from
> redhat. Of course, I haven't asked for any address to this guy, and even
> less one
> about SEX to somebody in RedHat (I have better ways of looking for sex
> than asking
> to RedHat).

> As I suppose, this guy who sent this message does not work for RedHat
> (maybe he used
> the already exisitng address), so this is the other purpose of sending
> the message
> to the
> list, to warn you.

	The individual in question has been sending out customised SPAM
(or what looks like SPAM).  It is MUCH WORSE.  The site is a hostile
web site.  We have analyzed some of the pages up there and they are
designed to bypass security checks and do damage to Windows systems.
The silly ape has a script up there that tries to format all of your
hard drives, but he starts out by trying to format c: (well duh!).

> And what scared me about this mail (I just remove this kind of messages
> when I
> receive them with no further interest) is that it was sent to my private
> mail and
> even it talks
> about this in the message (see above the line 'ps: why r u using
> chez.com now? it
> doens't make sence, anyway *bye*...', ---- my private address is
> rmoya@chez.com).
> Maybe somebody
> is using my address for something else.

	No...  It's a bot.  It's on autopilot.  It reaped your address
from some web page (probably mailing list archive sites) and processed
it through.  It splits the E-Mail address into local and network parts
and customizes the message to make it look like it was done by liveware.
We got one into "linux-kernel@vger.rutgers.edu" like that and it was
address to "Linux-kernel" and finished by saying "why r u using
vger.rutgers.edu now".  WELL DUH!

> So if it was a mistake, sorry for the post.

> hp@redhat.com wrote:

> > here is the site you wanted... http://SEX.Interactwithme.com it's the
> one that
> >gives you free membership access (all hacked) to abotu 300 membership
> based sex
> >sites. k bye...
> > ps: why r u using chez.com now? it doens't make sence, anyway *bye*...

	This is a dangerous site!  It is cybermined to damage systems.

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

Follow-Ups:
- Re: Fwd: hey, wassup rMoYa
  - From: Hassan Aurag

References:
- Fwd: hey, wassup rMoYa
  - From: Rodrigo Moya

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]