Date: Mon, 31 Mar 2003 15:45:50 -0500 From: "Charles M. Richmond" <cmr@koibito.iisc.com> To: freebsd-security@freebsd.org Subject: Re: what was that? Message-ID: <200303312045.h2VKjoVj008179@koibito.iisc.com> In-Reply-To: Your message of "Mon, 31 Mar 2003 12:56:33 CST." <20030331185633.GA40453@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
So I did a grep for msg IDs similar to the one that is being discussed and I got the following 3 examples. There is some humour perhaps in the fact that 2 are from the bugtraq mailing list. :) All 3 are from microsoft outlook and both of the bugtraq samples are from the same individual. I would like to see some analysis of this. The chance that generated msg IDs could correspond so closely is about 1/googleplex so we can assume some mechanism. Are these systems in fact infected with a virus and is embedded base64 in the MSG ID a viral vector? 07-Mar-00:01/mail.log:Mar 7 18:10:19 koibito sendmail[3110]: h27NAIVK003110: from=<bugtraq-return-8642-cmr=iisc.com@securityfocus.com>, size=11569, class=-60, nrcpts=1, msgid=<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAnPQpmkc/vBG8Jfb3ld blgcKAAAAQAAAAm4xh+UzWb0OinqZZoa2a, proto=ESMTP, daemon=MTA, relay=outgoing2.securityfocus.com [205.206.231.26] 15-Mar-00:01/mail.log:Mar 15 17:59:59 koibito sendmail[8293]: h2FMxxQr008293: from=<bugtraq-return-8739-cmr=iisc.com@securityfocus.com>, size=3175, class=-60, nrcpts=1, msgid=<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAnPQpmkc/vBG8Jfb3ld blgcKAAAAQAAAAtJa3PVSM7kCcGxoCbmy6, proto=ESMTP, daemon=MTA, relay=outgoing3.securityfocus.com [205.206.231.27] 26-Mar-00:01/mail.log:Mar 26 10:00:43 koibito sendmail[19304]: h2QF0gQr019304: from=<waldman@rotys.com>, size=4002, class=0, nrcpts=1, msgid=<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAdSnUABYNYU6DjpQqV8 1Jr8KAAAAQAAAAojU6KWs7KEKqLEcvgjY/, proto=ESMTP, daemon=MTA, relay=4t174240.aspadmin.net [209.126.174.240] (may be forged) Here are the full IDs: Date: Fri, 7 Mar 2003 23:46:35 +0200 Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAnPQpmkc/vBG8Jfb3ldblgcKA AAAQAAAAm4xh+UzWb0OinqZZoa2ajAEAAAAA@yahoo.com> ... X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAnPQpmkc/vBG8Jfb3ldblgcKA AAAQAAAAtJa3PVSM7kCcGxoCbmy6BQEAAAAA@yahoo.com> ... X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAdSnUABYNYU6DjpQqV81Jr8KA AAAQAAAAojU6KWs7KEKqLEcvgjY/hwEAAAAA@rotys.com> ... X-Mailer: Microsoft Outlook, Build 10.0.4510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303312045.h2VKjoVj008179>