Previously: Tim May wrote: # # I really cannot imagine why I am getting these SirCam messages # from some government agency named "NIPC," unless for some reason # my e-mail address is in their address book. How could that happen? SlowBrain wrote: # # I don't know... I do now. It's in the CERT advisory: http://www.cert.org/advisories/CA-2001-22.html # # W32/Sircam includes its own SMTP client capabilities, which it # uses to propagate via email. It determines its recipient list # by recursively searching for email addresses contained in all # *.wab (Windows Address Book) files in the %SYSTEM% folder. # # Additionally, it searches the folders referred to by # # HKEY_CURRENT_USER\Software\Microsoft\Windows\ # CurrentVersion\Explorer\Shell Folders\Cache # # HKEY_CURRENT_USER\Software\Microsoft\Windows\ # CurrentVersion\Explorer\Shell Folders\Desktop # # for files containing email addresses. All they had to have done was pull up a WWW page with your address on it. An NIPC computer, an FBI (NIPC) agent investigating "terrorists". Not too surprising Tim "they need killing" May was addressed. Tim has certainly gotten a lot of SirCams! It's like an HTML WWW bug gift to Tim, to see all the companies who were pulling him up.
Re: Weird message from someone =?iso-8859-1?Q?named=22NIPC=22?=
John Ashcroft's Persecuting Penis Thu, 26 Jul 2001 20:34:03 -0700
