Re: Active e-mails
From: Marina Roos (marina_at_roos.nospam.nl.com)
Date: 06/30/03
- Next message: Dave Makin: "Persistent spamming in the name of Microsoft"
- Previous message: skymike: "security"
- In reply to: Don Carr: "Active e-mails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 30 Jun 2003 11:47:57 GMT
I bet all those emails were in HTML-format. If you save those as HTM and
open them and have a look at the source, you'll see some code with the url
that it wants to go to.
Be aware though, that in some of those the JS/Fortnight-E or D can be
hidden.
Marina
"Don Carr" <zl4ds@hotmail.com> schreef in bericht
news:02d001c33ee2$50fcc660$a001280a@phx.gbl...
> I recently had to rebuild an SBS Server after an attack.
> I saved the Exchange mailboxes, 35 Mbytes into a .pst
> archive. When I restored the mail into the new Exchange
> and opened it on a Win XP workstation, as I deleted each
> spam e-mail a user tried to logon to my nice new server.
> one user was "anecdotal" who popped up four times, and
> another who is written down but left at the
> server. "anecdotal" came from a dating service, the
> others from those offering bodily improvement.
> I think they were trying to logon to active something in
> the former server.
> The hack was to open port 3150 and netbios. Sufficient
> traffic built up on the ADSL to warrant investigation.
>
> Has anyone else had these active spam e-mails. They dont
> bother either Norton or Fprot, but they are mini Trojans.
>
> Don
>
- Next message: Dave Makin: "Persistent spamming in the name of Microsoft"
- Previous message: skymike: "security"
- In reply to: Don Carr: "Active e-mails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
