Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Anybody else getting trojans from someone masquerading as fyodor?
From: Mark <markc () beigebox liquidev com>
Date: Tue, 14 Feb 2006 10:32:58 -0500

I've received two messages in the past few hours from 59.144.22.69,
pretending to be from fyodor () insecure org   Both contain a binhex'd
UPX packed SCR attachment.  Is it just me?

Headers below:

Return-Path: <fyodor () insecure org>
X-Original-To: markc () liquidev com
Delivered-To: markc () liquidev com
Received: from dallas (unknown [59.144.22.69])
  by beigebox.liquidev.com (Postfix) with SMTP id 8F3CF174035
  for <markc () liquidev com>; Tue, 14 Feb 2006 13:37:32 +0000 (GMT)
From: "fyodor" <fyodor () insecure org>
To: <markc () liquidev com>
Subject: Fwd: image.jpg
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_2.38107085227966E-02"
Message-Id: <20060214133732.8F3CF174035 () beigebox liquidev com>
Date: Tue, 14 Feb 2006 13:37:32 +0000 (GMT)

Return-Path: <fyodor () insecure org>
X-Original-To: markc () liquidev com
Delivered-To: markc () liquidev com
Received: from dallas (unknown [59.144.22.69])
  by beigebox.liquidev.com (Postfix) with SMTP id 9CC80174035
  for <markc () liquidev com>; Tue, 14 Feb 2006 15:21:21 +0000 (GMT)
From: "fyodor" <fyodor () insecure org>
To: <markc () liquidev com>
Subject: eBook.pdf
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_4.75740075111389E-02"
Message-Id: <20060214152121.9CC80174035 () beigebox liquidev com>
Date: Tue, 14 Feb 2006 15:21:21 +0000 (GMT)

Thanks,

-Mark

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]