Date: Wed, 26 Nov 1997 02:15:12 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: jmb@FreeBSD.ORG (Jonathan M. Bresler) Cc: freebsd-chat@FreeBSD.ORG Subject: Re: We will mail 4 U Message-ID: <199711260215.TAA13247@usr02.primenet.com> In-Reply-To: <199711260114.RAA25617@hub.freebsd.org> from "Jonathan M. Bresler" at Nov 25, 97 05:14:10 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > It is pretty obvious (to me, anyway) that this is a targetted trojan of > > the type that was used to flood ml.org. ] Received: from ccimail.mediaone.com (ccimail.mediaone.com [169.152.79.3]) ] by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id JAA28272 ] for <platforms@freebsd.org>; Tue, 25 Nov 1997 09:12:23 -0800 (PST) ] (envelope-from qUSTP4Aie@fai1rmance.net) ] From: qUSTP4Aie@fai1rmance.net ] Received: from 100uVF6M2 (usr2-dialup49.mix2.Atlanta.mci.net [166.55.51.113]) ] by ccimail.mediaone.com (8.8.7/8.8.7) with SMTP id LAA09471; ] Tue, 25 Nov 1997 11:17:40 -0500 (EST) ] DATE: 24 Nov 10 11:22:33 AM HELO 100uVF6M2 MAIL FROM:<qUSTP4Aie@fai1rmance.net> RCPT TO:<platforms@freebsd.org> DATA 354 ... DATE: 24 Nov 10 11:22:33 AM ... . Oh look. No "X-Authentication-Warning:".... > "hacked version of sendmail" ????? Sendmail 2.0? What the heck is that? > EHLO is standard esmtp. > this is old stuff already. > see the rfc's (rfc1825 perhaps) You mean RFC1869 (http://www.imc.org/rfc1869)... The case for a "referral attack": --------------------------------------------------------------------------- ] LET US DO YOUR BULK MAILINGS!!! ] ] ..$250 PER MILLION ] ] THE WAY OF THE FUTURE FOR SUCCESS IN YOUR BUSINESS! ] ] Our company will do bulk emailing for your product/service. ] ] Addresses are extracted daily by four of our computers, ] which run 24 hours a day 7 days a week, scanning the net ] for new addresses. They are fresh! Over 36 million ] addresses on file. Implication: we are a startup spammer, and your address is on our list that we will be selling if you got this SPAM. Prepare for more SPAM if you do nothing... ] There are no lower prices on the net. Your mailing ] can be done in a matter of hours. We have 4 computers ] extracting addresses 24/7. We don't plan on going away quietly; you'd better react to this... (mental picture of "Simpson's Christmas Special...", where they had to spend the Christmas money getting Bart's tattoo removed, and Lisa is poking him in the bandage repeatedly ...ouch! quit it! ... ouch! quit it!...). ] For the fastest service, cheapest prices and cleanest ] mailings call our processing and new accounts office We really mean to do our damndest to SPAM you... ] at 904-282-0945, Here, have the residential number of the victim... ] Monday - Friday 9 - 5 EST. Yeah, you'll really limit yourself to these hours... ] If the line is busy, please keep trying, Harrass the victim constantly, please... ] as bulk mailing is growing fast. We do want to work with you ] to advertise your product. After all, he deserves it... ] $250 per million expires December 1, 1997. Price increases ] to $350 per million, $250 per 500,000. All orders received ] before December 1 will not reflect the increase. Even with ] the increase, we will still be the best prices on the net. And he intends to solicit bulk mailing well into the future; he's not going to go away. After all, it'd be self defense, right? ] To have your name removed, call our processing office. And if you won't call him to harrass him on general principles, at least call the victim to harrass him over you being on this list... ] Any negative responses will be dealt with accordingly. See, he's thumbing his nose at you... --------------------------------------------------------------------------- Almost as nice a piece of social engineering as the ml.org attack and the Commercial Security Bank Russian Hacker Story... Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711260215.TAA13247>