Possible Intrusion Attempt?

• Previous message: Steve Barnet: "Re: A question for the list..."
• Next in thread: Whiteside, Larry [contractor]: "RE: Possible Intrusion Attempt?"
• Maybe reply: Whiteside, Larry [contractor]: "RE: Possible Intrusion Attempt?"
• Reply: Ryan Yagatich: "Re: Possible Intrusion Attempt?"
• Reply: Gary Flynn: "Re: Possible Intrusion Attempt?"
• Reply: Jerry Shenk: "RE: Possible Intrusion Attempt?"
• Maybe reply: Thomas, Frank: "RE: Possible Intrusion Attempt?"
• Reply: Anders Reed Mohn: "Re: Possible Intrusion Attempt?"
• Maybe reply: Whiteside, Larry [contractor]: "RE: Possible Intrusion Attempt?"
• Maybe reply: FWAdmin: "RE: Possible Intrusion Attempt?"
• Maybe reply: Brad Webb: "RE: Possible Intrusion Attempt?"
• Maybe reply: Matt LaFelero: "Re: Possible Intrusion Attempt?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 21 May 2003 23:48:00 -0000
To: incidents@securityfocus.com

I'm hoping someone here might be able to shed some light on this
situation..

Some of my users have been getting some interesting spam mail. This is
the first time I've ever seen a spam mail do this. When the user opens
the spam mail, all of a sudden, an Internet Explorer authentication
boxes pops up. You know those that ask for username, password, and
domain.

Well, I run MS Proxy 2.0 here and the logon with a 2KPro machine is
integrated so the user never sees this box or has to enter his/her
password to get on the Web.

It's strange that this email triggers the authentication box. What's
even weirder is that it populates the username for them, with weird
names. The names always seem to change from spam mail to spam mail. I've
seen iterations like fluff, skank, morton, taxiway.. you name it.

It seems most of the emails are HTML, which can explain a lot. None of
them had attachments. From what I could gather it seems to attempting to
load a site. We run Outlook 2000 with SP3 and all hotfixes.

My question is, how is this happening and is it a threat?

----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats.
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------

• Previous message: Steve Barnet: "Re: A question for the list..."
• Next in thread: Whiteside, Larry [contractor]: "RE: Possible Intrusion Attempt?"
• Maybe reply: Whiteside, Larry [contractor]: "RE: Possible Intrusion Attempt?"
• Reply: Ryan Yagatich: "Re: Possible Intrusion Attempt?"
• Reply: Gary Flynn: "Re: Possible Intrusion Attempt?"
• Reply: Jerry Shenk: "RE: Possible Intrusion Attempt?"
• Maybe reply: Thomas, Frank: "RE: Possible Intrusion Attempt?"
• Reply: Anders Reed Mohn: "Re: Possible Intrusion Attempt?"
• Maybe reply: Whiteside, Larry [contractor]: "RE: Possible Intrusion Attempt?"
• Maybe reply: FWAdmin: "RE: Possible Intrusion Attempt?"
• Maybe reply: Brad Webb: "RE: Possible Intrusion Attempt?"
• Maybe reply: Matt LaFelero: "Re: Possible Intrusion Attempt?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]