OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Peter (peterPENNSWOODS.NET)
Date: Sun Jan 14 2001 - 05:44:30 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    You also have to consider that the person who is sending this virus/worm
    doesn't know about it. If your Computer is infected with the Hybris Worm
    then the Worm is sending itself everytime the person is sending out
    e-mails. Hybris monitors your incoming and outgoing e-mails and sends
    itself to this e-mail adresses. However, it has become a big problem for
    ISP's since the "normal" user doesn't know anything about "do not open
    attatchments" or updating the Anti Virus Software. I have everyday more
    then 300 bounced e-mails in my postmaster account because of Hybris.
    This is because Hybris has a problem with reading more then 1 e-mail
    adress. It will see the e-maill adresses under cc as 1 e-mail adress and
    then the e-mails are bouncing. You also can not consider Hybris as spam.
    The other interesting thing is that Hybris can change his own adress which
    appears in the from: field.
    Regards

    Peter Masloch
    Network Engineer
    http://www.pennswoods.net
    814-624-2424 #530

    On Sat, 13 Jan 2001, Kee Hinckley wrote:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > At 10:16 AM +0000 1/12/01, Kelly Reid wrote:
    > >Following is the properties from the email from sexyfun. I'm
    > >interested in knowing who this came from so that they can get their
    > >machine scanned.
    > >
    > >Any help would be appreciated
    >
    > http://www.spamwatcher.com/ (which I run) says the following. (I
    > should probably special case the IANA special numbers, since they are
    > clearly not relevant).
    >
    > These headers are nearly always forged:
    > To: From: Hahaha
    > Message-ID: <200101120543.f0C5huk01495mx8-w.mail.home.com>
    >
    > The key is to look at the received headers. They track the
    > message as it goes from one machine to the next. Most, but not
    > all, mail servers record the IP address of the sending machine,
    > and there is no way to forge that. So the goal is to find the
    > first real machine to receive the email, and see where it got the
    > mail from. That machine will typically either be one of yours,
    > or it will be some (idiot) machine which left its mail software
    > open for others to use as a relay. In the latter case, it's worth
    > notify the that company, as well as the originating ISP.
    >
    >-------------snip----------------<