Posted on 10 July 2002 by admin

want help, to know of evidence for targeting, or ,just paranoia

Morning all..

Some of us wonder if we are being targeted by gov or business SPOOKS!

Most of these rumours are as much trouble as the malicious mails themselves, further, by passing on the rumour, we do some of the nasties job for them.

However, I’ve spent the entire evening composing the following mail, as an ‘evidence’ of what’s happening to me.

I am not knowledgeable enough to know if this is just ‘how the internet is’ or, is something ‘pointing at us’ !!

I put this in the pot, for your argument.

I think there is a new adage now, for modern comms eh.

v ONCE it happens

v TWICE coincidence

v THREE TIMES enemy action

v 70 MALICIOUS MAILS the internet!

Very best and oh, so slightly paranoid,

Tash

==============================================

Listen UP!!! Look, this is getting worst, and I think, those that are more expert, should comment, or cause to find out….

As I said before, I think we all know that cyber-activism is usually considered to be an attack on gov, multi-nationals etc, send malicious emails, and denial of service attacks etc…

What if things reversed. I ask, would we know how to recognise an attack on us, from out there, I dunno!!

Another 20 today, 30 yesterday. Had 90 or so last week. Nothing happened of this scale, since I’ve been online.

>>>>

Attachments: some with names likely to be of interest’, of type –

.exe

.pif

.src

.bat

I have never, never, ever opened such an attachment.

Worst still, some now like,

.wav

.avi

.jpg

.bmp

.doc

these appear in my mail, with a non-specific icon, USUALLY, such files arrive with proper icon I recognise. Am told that we are now at the stage were such file are really from the first list, but have been disguised. Oh these clever people……………!!!!

Headings like:

Camp commander

Undelivered Mail Returned to Sender -Camp commander

Fw: Nice Screensaver to check !!

I am For u

Funny stuff to see !

U r the person?

Dont wait for long time

Pictausch??

Re: website-fantastic

RAV AntiVirus scan results. High importance

thank you very much

RE:Roger West

Roger West

Undelivered Mail Returned to Sender -Roger West

do you mean copyright.

Cool Friendship to check !

you care ur friend !

Hi 🙂

Fwd: FW: Finish the week with a laugh……

Fw: you care ur friend !!

Fwd: Advertisements [Virus checked]

Microsoft Internet Security Update

Camp commander.zip

Camp commander.jpg.bat

Fair Use

Fw: you care ur friend 🙂

Cellpadding

Artists info.exe

Let’s Dance and forget pains !!

Introduction on ADSL

Lindgren Upgrades

A special good tool

Repetitively, received from

nelvac [nelvac@thumbzilla.com]

david.lowen [david.lowen@tesco.net]

nicolescholiz1@web.de

david.nelson [david.nelson@bbc.co.uk]

clare.morrow [clare.morrow@granadamedia.com]

petervictor1 [petervictor1@hotmail.com]

tim [tim@no-future.com]

shtroumfette [shtroumfette@wanadoo.fr]

vavaweb [vavaweb@free.fr]

pbrault [pbrault@revue.com]

Angus Hornsby [mcchub@yahoo.com]

Tyne.Tees@granadamedia.com

Boll Prod [boll.prod@virgin.net]

karljacobz [karljacobz@ntlworl.com]

David Litz [DavidLERA@aol.com]

DavidLERA@aol.com

Sarah Ratty [_consciousearthwear@btinternet.com]

al-sayaghi-merck [_al-sayaghi-merck@y.net.ye]

Catherine wanadoo [_catherine.guilyardi@wanadoo.fr]

Oh and hundred more,

&

Themushmush@aol.com sent attachment: 1st May2000.max

Message: hears the attachment/photo, i tried yo send you (it was to detailed/big for my server to handle! hopefully you’ll get it this time. bye for now,mush.

&

palash [palash@lineone.net] <<

Subject: Use of Yahoo! Groups is subject to http

attachment: [lacketvideo] eurocop public order (police state) conference (3).bat

both of these, seem to have attachments, phrased, likely to be of interest!!

Subject line: Camp commander

=============================

Camp commander one year of Brixton experiment o[prov date] Home Sec David Blunkett expected to extend a scheme piloted in Lambeth to rest of England Wales whereby those caught with small amounts of cannabis will be given a warning rather than arrested Home Office press 2 7273 4545 Glynde and t

Enjoy the attachement

[ this does just end like that & no spell attachment ]

.

.

None of what I mention, seems to contain porn, which is usually, what’s ‘pushed’ .

Feel this is a further indication of us, in particular. were porn is perhaps expected to be more effective in targeting folks generally, ‘wetting folks appetite to open attach…’.

[see what I’m getting at?]

AND

=====================================

This mail different from all the above.

First bit is Microsoft reply, saying beware,

original mail sent to me after it, below. You can see that it is a pretty convincing fraudulent communication from Microsoft.

Thing is, the mail text states the attachment is precisely designed to prevent the malicious mails that are actually arriving. Again, I nearly opened it, BUT had read that such fraudulent attachment’s, that say they sort your security out, are in fact, ‘Trojans’ designed to monitor and ‘remote control’ your computer’s function. [check Guardian Online / Jack Scohfield about three weeks ago, A spoof I nearly fell for, but telephone Microsoft help yesterday afternoon, to check. This the email response, this afternoon. Also My understanding so far, is that I have generally been notified by Microsoft of updates through ‘explorer notifications – product updates’ etc

Have never received such an email from you before. Hence my caution.

=====================================================

Dear Mr. Lodge

Thank you for forwarding your mail on.

I have investigated this issue for you and the mail you have been sent is a hoax and did not come from Microsoft,

I would recommend you did not go through the process in the mail and I would recommend deleting the mail.

The E-Mail Address rdquest21@microsoft.com is not a Microsoft Address.

For further information on Hoaxes and Scams, please refer to the following web site at

http://www.microsoft.com/security/contact/hoaxes.asp

If I can be of any further assistance, please don’t hesitate to contact myself back

Kind Regards

Morag Lyttle

Customer Support Team

Microsoft Contact Centre

THIS IS THE FORGERY

=====================================================

FROM: Microsoft Corporation Security Center [rdquest12@microsoft.com]

SUBJECT LINE: Microsoft Corporation Security Center

TO Microsoft Customer

ATTACHMENT: q216309

Microsoft Customer,

this is the latest version of security update, the known security vulnerabilities affecting Internet Explorer and MS Outlook/Express as well as six new vulnerabilities, and is discussed in Microsoft Security Bulletin MS02-005. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your computer.

Description of several well-know vulnerabilities:

· “Incorrect MIME Header Can Cause IE to Execute E-mail Attachment” vulnerability.

If a malicious user sends an affected HTML e-mail or hosts an affected e-mail on a Web site, and a user opens the e-mail or visits the Web site, Internet Explorer automatically runs the executable on the user’s computer.

· A vulnerability that could allow an unauthorized user to learn the location of cached content on your computer. This could enable the unauthorized user to launch compiled HTML Help (.chm) files that contain shortcuts to executables, thereby enabling the unauthorized user to run the executables on your computer.

· A new variant of the “Frame Domain Verification” vulnerability could enable a malicious Web site operator to open two browser windows, one in the Web site’s domain and the other on your local file system, and to pass information from your computer to the Web site.

· CLSID extension vulnerability. Attachments which end with a CLSID file extension do not show the actual full extension of the file when saved and viewed with Windows Explorer. This allows dangerous file types to look as though they are simple, harmless files – such as JPG or WAV files – that do not need to be blocked.

System requirements:

Versions of Windows no earlier than Windows 95.

This update applies to:

Versions of Internet Explorer no earlier than 4.01

Versions of MS Outlook no earlier than 8.00

Versions of MS Outlook Express no earlier than 4.01

How to install

Run attached file q216309.exe

How to use

You don’t need to do anything after installing this item.

For more information about these issues, read Microsoft Security Bulletin MS02-005, or visit link below.

http://www.microsoft.com/windows/ie/downloads/critical/default.asp

If you have some questions about this article contact us at rdquest12@microsoft.com

Thank you for using Microsoft products.

With friendly greetings,

MS Internet Security Center.

Microsoft is registered trademark of Microsoft Corporation.

Windows and Outlook are trademarks of Microsoft Corporation.

========================================================

========================================================

Messaging Services-Group [messaging@bbc.co.uk]

Subject: RE: A Virus was detected in the message you sent.

PC sending mail, is infected with the “W32/Yaha-E’.’ virus which sends emails automatically.

This is what our virus vendors say about it:

http://www.sophos.com/virusinfo/analyses/w32yahae.html Hope this helps.

Regards

____________________________________________

BBC Technology | MTS&IB | Messaging Services Group

Visit our internet pages: http://www.bbctechnology.com

========================================================

This is a long mail of my ‘evidence’ deliberately.

I apologise to the lest tech persons, but I think those that those that can use and ask further advice from others, need to know this much. Please send about, to other ‘involved in stuff!!’, in one way and another. so that perhaps we get more , ‘me too’s’ and try to gather the pattern and source.

Very best and oh, so slightly paranoid,

Tash

This entry was posted in .. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *