Warning to Bugtraq posters.

From: Steven Alexander (steveat_private)
Date: Wed Dec 22 1999 - 08:48:53 PST

Next message: Andrew Frith: "Re: Groupwise Web Interface"

Previous message: Jens Frank: "Re: Lotus Notes HTTP cgi-bin vulnerability: possible workaround"
Next in thread: Richard M. Smith: "Re: Warning to Bugtraq posters."
Reply: Richard M. Smith: "Re: Warning to Bugtraq posters."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

After my last post to bugtraq (Re: w00w00....) I received a message
pertaining to be from myself with the same subject line.  The messsage
contained an attachment program named goal.exe.  It claimed that this
program was from messagemates.com.  If the program is run it will give an
error message about an unfound .DLL.  It will also create a new goal.exe in
"C:\WINNT\" and an entry in the registry named "tpawen" with the value
"C:\WINNT\goal.exe /x" under
"HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run".  I don't
know what this program is, I am disassembling it now and will post again
later.  The header from the message I received indicates that the mail was
received by my mail server from "stu.chesapeake.net, 205.130.220.9".  If
anyone knows anything more please email me.

-steven alexander

Next message: Andrew Frith: "Re: Groupwise Web Interface"
Previous message: Jens Frank: "Re: Lotus Notes HTTP cgi-bin vulnerability: possible workaround"
Next in thread: Richard M. Smith: "Re: Warning to Bugtraq posters."
Reply: Richard M. Smith: "Re: Warning to Bugtraq posters."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:23:12 PDT