subject:"Re\: Anyone ever see this\?"

Re: Anyone ever see this?

2005-08-31 Thread mostlyharmless


Thanks for the input all!

Re: Anyone ever see this?

2005-08-31 Thread Phil Barnett

On Tuesday 30 August 2005 05:40 pm, [EMAIL PROTECTED] wrote:
> Got a nasty spam with an extremly oversized Thread-Index header.  (I set
> my word wrap to 72 characters, I don't know if it will hold up however
> when I hit send).
>
> Does anyone know if it is exploiting a known Outlook/Exchange security
> hole?

There was something about an elm vuln today. Probably that one.

-- 
Don't think that a small group of dedicated individuals can't change the 
world. it's the only thing that ever has.

Re: Anyone ever see this?

2005-08-31 Thread jdow


Might have to handle these things with procmail level tools.
{^_^}
- Original Message - 
From: <[EMAIL PROTECTED]>



Got a nasty spam with an extremly oversized Thread-Index header.  (I set
my word wrap to 72 characters, I don't know if it will hold up however
when I hit send).

Does anyone know if it is exploiting a known Outlook/Exchange security hole?

The Thread-Index header seems to have caused Microsoft Outlook to "pick"
a friendly name from the users's address book and also hide the To:
header so it came through to undisclosed recipients.

The entire mail was 1.2megs so SpamAssassin of course did not scan it.


From [EMAIL PROTECTED]  Tue Aug 30 15:47:08 2005
Return-Path: <[EMAIL PROTECTED]>
Received: from excluster1.scriptlogic.com (excluster1.scriptlogic.com
[65.248.131.18])
   by inpf1.XXX.com (Postfix) with ESMTP id 46F0231A829
   for <[EMAIL PROTECTED]>; Tue, 30 Aug 2005 15:47:01 -0400 (EDT)
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
   boundary="_=_NextPart_001_01C5AD9B.92851B9B"
Subject: Active Directory Security, Back up and Restore with Active
Administrator 4.0
Date: Tue, 30 Aug 2005 15:46:53 -0400
Message-ID:
<[EMAIL PROTECTED]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Active Directory Security, Back up and Restore with Active
Administrator 4.0
Thread-Index:
AcWGJwzVhgXvfzM9S6i4YiAif+/YQAAIGvRQAABuKoAAJH1ZV/BQAAAEEGAAAigZcAAAcZ2QAAOJJ93v8AAANqMQAAAfGgAAACKvkAAAhhjgAAA9GYAAAQ2GIAAACxRwAAConqAAAEAwQAA6TJVgAB/7SsAAAFCxwAABGqKQAAHmjBAAAJcnQAAAK9aUr1AAABu/wAAADc9AAABPN+AAAFOtoAAAJExRVtAAABZkfq+MzMAAAISQ0AAAEZWAAAcICWeMJD1gAABmgjAAJIXI0AAADQzwAABhXTAAAHEq0AAAhI/QAACd/QAAAFUSsAAHUX6QAAAaofAAAE2csAAAMx6voxAAAIOowAAAaQFQAAANTWAAABe+sAAABfFgAAAMFRZvQAAABhwkYfAAABOsw98wAAAeBfAAABc0EAAALYmQAABABtABK97joAAAJNRwAAB6x7AAAS2uYAAAFeNwAPJxAtAAANAgQAAAajHQAAA5EdAAAvyKMAABANfAAABDDM9/0AADI60QAAARuXAAABMnJrCQAFlEW8AAAzf54AAAGrrgAAS50+AAA+SYcADH4mfwAAD2JVAAAINs0AAAKMFgAAAcqPAAACbyTgigAAFxAbAAALJzMAAAFcegAAAWW4AAAEsHYAAiKKdgAAsa0XAAARbTgAABRIgQAAC9mwayYAAih/ewAAA80zAAACXuEAAAHJtQAAEo3YAAABgkUAAAEp/QAABPTKlb0AAAJwyAAAC82PAAAF0zoAAArTdgAAEPV0AAAB/owAAAmUzwAANSIGAAACGskAAAed1QAAHmLuAAAFTk0AAADqagAAEqkZAAACJKsAAAF7IgAABcElAAAB7mIAAARU1wAAC1M5AAAmLDQAAARGowAABOzOAAHyHRUAAACPtQAAAVVAAA
AFmBhm0AAABXSU3/oAAAqFFjY2AAAGz+UAAAU3UgAAA1tEAAAN+CoAAAv3aQANAsWRV0UAAABZnQAAAggdAAAFkRQAAAd/7gAAAzB8AAABDtgAAANdHgAARjVZMRUAAfU5hAAABRJ4AAAB28kAANM1lwAADHelAAAMXwQAAAr8+wAAAXoXAAADIuoAAABDDCxIUGYAAB8mbeDGhmcAAAMMdDXOAAABStEAAAC7ZgAAAaqiAAAGp3sAAiYy+QAACU7Zu2QAAACXlQAAAUpXAAABKYAAABCzpwAAAdZ6AAAB+t4AAAPSWgAAAIGKmCkAAAHt4gAAAhiISxmUmwAABGSpAAABEIUAAALSdgAAdDT2JhYAAAETkgAAFbNEAAAHm4oAAAGgMQAB+BNZAAACR3oAAAEWiQAAA2oGLO0AAAIc8wAACNRwAAAH2MgAAAi3fwAAAVXsph8AAABYNwAAAhuBXRgAABhOYwAAlcQsAAy5EewAAAGbuwAAD2Fby1YAAAIzTgAAC2+rAAAT1k4AAASmOgAAFaj8K2sAAgHZfQAADHilUJ4AAAFO/QAAAIctAAA1bK8AAABGkQAAATTmOocqSgASqHvHAAACIgsAAAFcNgAAA74KAAANPWEAAHRRPgAADyx2AAAHFMEAAFESBQAADnSRAAACIiQ/ngAAACiD82UAAABAiwAAAgP4AAADIvgAAAOBfAAABamUAALpBv0AABTQcgAAMB+WAAABJUUAAAGW0gAAAySqjXYAAATm7gAAFRIjAAHeOj8AAEf/+gAAAG83AAAGsq4AAAFODAAAajQjAAAKJOsAABH5/AAAB/lMAAAEko0AAALwTQAAAeOyAABCclIAAAQepgAAAwRDAAACxOMAAAGD
TwAAAXkn
M1MrcQAABkikAAABo7UAAACh9gAADFfA9p0AAAGjjwAAAg2HAAKaui8AAAByWQAAAQVxJoUAAz9yDgAJOgxbK+sAAAfCWwAAAWmxAAABJWsAAAJAOQAAAm4KAAAG5l8AAAOulQAAADfpAAABA3IAAEPefwAAA5tOPNoAABgDXgACBE0tAAATBjwAAAex2AAACFjoAAAOMtMAAAdZCgAAADXWKzMubgAAFGHBAAA/Qa4AAAtObAAAQPqkAAAGSK0AAAzuzQ
From: "Jeffrey Colas" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>

Re: Anyone ever see this?

2005-08-30 Thread Matt Kettler

Apparently some versions of outlook actually generate giant thread-index
headers. And they don't even wrap it properly.

http://archives.neohapsis.com/archives/postfix/2002-02/1116.html


FWIW, it looks like a legitimate ad from scriptlogic. It's not forged, not an
exploit, and seems to advertise one of their actual products.

Of course, this begs the question of why scriptlogic has you on their
advertising list, but that's another matter entirely.


[EMAIL PROTECTED] wrote:
> Got a nasty spam with an extremly oversized Thread-Index header.  (I set
> my word wrap to 72 characters, I don't know if it will hold up however
> when I hit send).
> 
> Does anyone know if it is exploiting a known Outlook/Exchange security
> hole?
> 
> The Thread-Index header seems to have caused Microsoft Outlook to "pick"
> a friendly name from the users's address book and also hide the To:
> header so it came through to undisclosed recipients.
> The entire mail was 1.2megs so SpamAssassin of course did not scan it.
> 
> From [EMAIL PROTECTED]  Tue Aug 30 15:47:08 2005
> Return-Path: <[EMAIL PROTECTED]>
> Received: from excluster1.scriptlogic.com (excluster1.scriptlogic.com
> [65.248.131.18])
>by inpf1.XXX.com (Postfix) with ESMTP id 46F0231A829
>for <[EMAIL PROTECTED]>; Tue, 30 Aug 2005 15:47:01 -0400 (EDT)
> X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
> Content-class: urn:content-classes:message
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
>boundary="_=_NextPart_001_01C5AD9B.92851B9B"
> Subject: Active Directory Security, Back up and Restore with Active
> Administrator 4.0
> Date: Tue, 30 Aug 2005 15:46:53 -0400
> Message-ID:
> <[EMAIL PROTECTED]>
> X-MS-Has-Attach:
> X-MS-TNEF-Correlator:
> Thread-Topic: Active Directory Security, Back up and Restore with Active
> Administrator 4.0
> Thread-Index:
> AcWGJwzVhgXvfzM9S6i4YiAif+/YQAAIGvRQAABuKoAAJH1ZV/BQAAAEEGAAAigZcAAAcZ2QAAOJJ93v8AAANqMQAAAfGgAAACKvkAAAhhjgAAA9GYAAAQ2GIAAACxRwAAConqAAAEAwQAA6TJVgAB/7SsAAAFCxwAABGqKQAAHmjBAAAJcnQAAAK9aUr1AAABu/wAAADc9AAABPN+AAAFOtoAAAJExRVtAAABZkfq+MzMAAAISQ0AAAEZWAAAcICWeMJD1gAABmgjAAJIXI0AAADQzwAABhXTAAAHEq0AAAhI/QAACd/QAAAFUSsAAHUX6QAAAaofAAAE2csAAAMx6voxAAAIOowAAAaQFQAAANTWAAABe+sAAABfFgAAAMFRZvQAAABhwkYfAAABOsw98wAAAeBfAAABc0EAAALYmQAABABtABK97joAAAJNRwAAB6x7AAAS2uYAAAFeNwAPJxAtAAANAgQAAAajHQAAA5EdAAAvyKMAABANfAAABDDM9/0AADI60QAAARuXAAABMnJrCQAFlEW8AAAzf54AAAGrrgAAS50+AAA+SYcADH4mfwAAD2JVAAAINs0AAAKMFgAAAcqPAAACbyTgigAAFxAbAAALJzMAAAFcegAAAWW4AAAEsHYAAiKKdgAAsa0XAAARbTgAABRIgQAAC9mwayYAAih/ewAAA80zAAACXuEAAAHJtQAAEo3YAAABgkUAAAEp/QAABPTKlb0AAAJwyAAAC82PAAAF0zoAAArTdgAAEPV0AAAB/owAAAmUzwAANSIGAAACGskAAAed1QAAHmLuAAAFTk0AAADqagAAEqkZAAACJKsAAAF7IgAABcElAAAB7mIAAARU1wAAC1M5AAAmLDQAAARGowAABOzOAAHyHRUAAACPtQAAAVVAAA
> AFmBhm0AAABXSU3/oAAAqFFjY2AAAGz+UAAAU3UgAAA1tEAAAN+CoAAAv3aQANAsWRV0UAAABZnQAAAggdAAAFkRQAAAd/7gAAAzB8AAABDtgAAANdHgAARjVZMRUAAfU5hAAABRJ4AAAB28kAANM1lwAADHelAAAMXwQAAAr8+wAAAXoXAAADIuoAAABDDCxIUGYAAB8mbeDGhmcAAAMMdDXOAAABStEAAAC7ZgAAAaqiAAAGp3sAAiYy+QAACU7Zu2QAAACXlQAAAUpXAAABKYAAABCzpwAAAdZ6AAAB+t4AAAPSWgAAAIGKmCkAAAHt4gAAAhiISxmUmwAABGSpAAABEIUAAALSdgAAdDT2JhYAAAETkgAAFbNEAAAHm4oAAAGgMQAB+BNZAAACR3oAAAEWiQAAA2oGLO0AAAIc8wAACNRwAAAH2MgAAAi3fwAAAVXsph8AAABYNwAAAhuBXRgAABhOYwAAlcQsAAy5EewAAAGbuwAAD2Fby1YAAAIzTgAAC2+rAAAT1k4AAASmOgAAFaj8K2sAAgHZfQAADHilUJ4AAAFO/QAAAIctAAA1bK8AAABGkQAAATTmOocqSgASqHvHAAACIgsAAAFcNgAAA74KAAANPWEAAHRRPgAADyx2AAAHFMEAAFESBQAADnSRAAACIiQ/ngAAACiD82UAAABAiwAAAgP4AAADIvgAAAOBfAAABamUAALpBv0AABTQcgAAMB+WAAABJUUAAAGW0gAAAySqjXYAAATm7gAAFRIjAAHeOj8AAEf/+gAAAG83AAAGsq4AAAFODAAAajQjAAAKJOsAABH5/AAAB/lMAAAEko0AAALwTQAAAeOyAABCclIAAAQepgAAAwRDAAACxOMAA
AGDTwAAAXkn
> M1MrcQAABkikAAABo7UAAACh9gAADFfA9p0AAAGjjwAAAg2HAAKaui8AAAByWQAAAQVxJoUAAz9yDgAJOgxbK+sAAAfCWwAAAWmxAAABJWsAAAJAOQAAAm4KAAAG5l8AAAOulQAAADfpAAABA3IAAEPefwAAA5tOPNoAABgDXgACBE0tAAATBjwAAAex2AAACFjoAAAOMtMAAAdZCgAAADXWKzMubgAAFGHBAAA/Qa4AAAtObAAAQPqkAAAGSK0AAAzuzQ
> 
> From: "Jeffrey Colas" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> 
> 
>

Re: Anyone ever see this?

Re: Anyone ever see this?

Re: Anyone ever see this?

Re: Anyone ever see this?

4 matches

Site Navigation

Mail list logo

Footer information