Welcome
Arachne's Web
A group focused on serving the AW community by providing help and discussion on topics such as HTML, CSS, web design, homesite decorating, netiquette and issues important to web artists.
The Java Coffeehouse (3 threads, 2613 posts)
    Coffeehouse Proper (1784 posts)
    Social Thread 0 Featured September 26 , 2003

    The place to grab a cup o joe, a cuppa tea and socialize with other group members in an informal setting.
    ...
    128 Members have made 1,610 Posts here to date.
    Google
    AncientWorlds.net Web
    Next: Could it be a hybrid form of-
    Prev: Welcome Myrddyn
    Arachnids! Be on the lookout for this-
    AnpuAvatar.jpg
    Author: * AnpuAnubis Ramesses - 5 Posts on this thread out of 103 Posts sitewide.
    Date: Aug 7, 2003 - 19:50

    Today, I received an odd email dated July 31, supposedly from "AOL Instant Messenger". The subject was "AOL Instant Messenger Confirmation". Because one member of my family uses America Online, I thought perhaps they subscribed to the service, using my email address for sign up.

    I opened the letter.

    The first thing I discovered was that the sender's address was not from America Online. Then, I noticed a bunch of strange numbers and letters, followed by the word ichibutt (yes- ichibutt) after the subject line. The sender's email address and this line of letters and numbers could not be seen before opening the letter. Also, there was no indication that the letter came with an attached file, 96 K in size, named "popupstopper1187.exe.scr".

    Needless to say, nobody I know signed up for the AOL Messenger name ichibutt. I did not open the attachment. However, it appeared to be embedded in the text of the email. The email content simply cut off mid-sentence, then attachment information followed. I do not have my email set to open attachments automatically, but have heard that certain types of trojans or viri can open on their own, change names (or mutate) and spread throughout a machine before you can say, "boo."

    Upon scanning the file from my mail, my Anti-V program didn't balk. My Anti-T stayed quiet. The file was not located anywhere on my hard drive, in temporary files, registry, etc. I have no idea what the file is, but since it looks like it could be one of those mass mailing worm-type deals, I saved a text copy of the letter for your perusal.

    Since Arachne's Web has no security section set up as of yet- I thought the best place to share this information would be the Coffeehouse. If site administration would like to put Xs or * where certain IP numbers are, or remove that information, NP- but I thought you should see the full letter, as I recieved it. Whatever this "ichibutt" turns out to be- if you ever receive something simliar- DON'T open it. The attachment has a double extension, the first, an exe (executable program) and the second a scr (like a screensaver, but probably not one).

    So, here is what it looked like.

    -------
    From :
    "AOL Instant Messenger"

    Subject :
    AOL Instant Messenger Confirmation (7qabX1vbyY ichibutt)

    Date :
    Thu, 31 Jul 2003 19:28:33 -0400

    Attachment : popupstopper1187.exe.scr (96k)
    MIME-Version: 1.0
    Received: from mc9-f40.bay6.hotmail.com ([65.54.166.47]) by mc9-s13.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Thu, 31 Jul 2003 16:31:59 -0700
    Received: from smtp-hub2.mrf.mail.rcn.net ([207.172.4.76]) by mc9-f40.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Thu, 31 Jul 2003 16:30:50 -0700
    Received: from smtp03.mrf.mail.rcn.net ([207.172.4.62])by smtp-hub2.mrf.mail.rcn.net with esmtp (Exim 3.35 #7)id 19iMr8-00067M-00; Thu, 31 Jul 2003 19:29:10 -0400
    Received: from 66-44-91-12.s520.tnt4.lnhva.md.dialup.rcn.com ([66.44.91.12] helo=ozalamia)by smtp03.mrf.mail.rcn.net with smtp (Exim 3.35 #4)id 19iMqX-0002D4-00; Thu, 31 Jul 2003 19:28:33 -0400
    X-Message-Info: 0jbW5ANosZKhuDT1KCp1o5VczeOfJasU
    Message-Id:
    Return-Path: register@cs.umd.edu
    X-OriginalArrivalTime: 31 Jul 2003 23:30:50.0445 (UTC) FILETIME=[C6ED57D0:01C357BB]
    View E-mail Message Source
    Reply Reply All Forward Put in Folder...

    Content-Type: multipart/mixed; boundary="----------WQXRS1DC4GOB40"


    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit


    Thank you for registering for the AOL Instant Messenger(SM) service!

    Your registration for screen name ichibutt has been received.

    You are now one step away from being able to:
    * Communicate instantly -- it's fast, easy, fun and free!
    * Create your own Buddy List(r) feature -- see when your friends and family are online.
    * Meet new friends in our chat rooms or by searching our member directory.
    * Follow your stocks and news headlines, exchange files and images and much, Content-Type: application/x-msdownload; name="popupstopper1187.exe.scr"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename="popupstopper1187.exe.scr"


    Attachment : popupstopper1187.exe.scr (96k)


    Delete the selected message and block future messages from any e-mail addresses ending with @cs.umd.edu.


    NEXT: Could it be a hybrid form of-
    PREV: Welcome Myrddyn
Rome - Rome, Season 1 - The Stolen Eagle


Copyright 2002-2008 AncientWorlds LLC | Code of Conduct and Terms of Service | Contact Us! | The AncientWorlds Staff