http://www.nohack.net does not have any connection with http://www.No-Hack.Us/Fixes/Worm1800.exe The people who look after http://www.nohack.net are a group of individuals that are on the look out for malicious users who prey on the unsuspecting internet user. There are many malicious users that falsly represent themselves as being associated with nohack.net. They know that the individuals of http://www.nohack.net have a good reputation for helping to eradicate malicious scripts, submit new virii to well known anti-virus companies and assist those in trouble. There are 2 ways to get to nohack.net. http://help.dal.net/Nohack or http://www.nohack.net. Accept no subsitutes. I have alerted individuals involved with http://www.nohack.net. The site no-hack.us has litterally downloaded and implimented the old http://www.nohack.net site pages for their own malicious purposes. Once again http://www.no-hack.us is in no way associated with http://www.nohack.net. Kim / Zukee zukeeat_private zukeeat_private ----- Original Message ----- From: "Kelly Brown" <kellybat_private> To: "cw" <cwat_private> Cc: <incidentsat_private> Sent: Thursday, June 20, 2002 6:59 PM Subject: Re: Worm1800.exe on UnderNet? > Did you look at the website. They straight out say... > > This Site was designed to help infected IRC users to find proper > information, the author does not accept any liability for any damage, loss > of data or loss of service caused by the use or misuse of this site. Use > at your own risk. > > I don't know how you can misuse a website designed to infect people... > > Anyway it looks like somebody connected with nohack.net may have something > to do with it. If you are want to follow up you may want to email > webteamat_private as they are referenced in the web page source > code. Maybe they can get the web site removed... I doubt it but you > never know. > > > > Kelly Brown > Unix System Administrator > Ericsson CDMA Systems > > On Thu, 20 Jun 2002, cw wrote: > > > Hi there folks, > > Twice in the past hour I have been messaged by two separate people on > > UnderNet. > > > > The message goes: > > :!Notice!: A Recent Port Scan on your Computer reveals that Port 1800 > > is in open state. This usually means that you have been infected with > > an IRC Worm Virus. Please download the cleaner at: > > http://www.No-Hack.Us/Fixes/Worm1800.exe to remove the virus from > > your system. If you do not comply with this rule within 30 minutes, > > our client monitor will ban you from this network. -Thanks For > > Understanding. UNDERNet Exploit Team > > > > The nicks have both been Under-XXX (where XXX is a different set of > > numbers). > > > > For one, I know that port 1800 is not open however the file > > Worm1800.exe does not show up anything when scanned. > > > > Both of the users that messaged me were on pacbell.net adsl > > > > The domain no-hack.us was only registered 6 days ago. > > > > I don't have the spare time or computer to have a further look into > > what this file actually does, has anyone come across this yet and > > know what it does or is anyone willing to investigate? > > -- > > O- cw, cwat_private on 20/06/2002 > > "Part man, part monkey. Baby that's me" > > > > > > -------------------------------------------------------------------------- -- > > This list is provided by the SecurityFocus ARIS analyzer service. > > For more information on this free incident handling, management > > and tracking system please see: http://aris.securityfocus.com > > > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 10:49:45 PDT