[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: got a mail with * Ur password has been stolen * as subject

To: linux-india-general@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: got a mail with * Ur password has been stolen * as subject
From: Suresh Ramasubramanian <mallet@xxxxxxx>
Date: Sat, 17 Mar 2001 21:41:11 +0530
Cc: linux-india-programmers@xxxxxxxxxxxxxxxxxxxxx, Indian Linux User Group - Chennai <ilugc@xxxxxxxxxxxxxxxxxx>
In-reply-to: <Pine.LNX.4.21.0103172114520.990-100000@hanuman.aukbc.org>; from mksarav@mail.mitindia.edu on Sat, Mar 17, 2001 at 09:18:06PM +0530
Mail-followup-to: linux-india-general@xxxxxxxxxxxxxxxxxxxxx, linux-india-programmers@xxxxxxxxxxxxxxxxxxxxx, Indian Linux User Group - Chennai <ilugc@xxxxxxxxxxxxxxxxxx>
Organization: Hopelessly Disorganized
References: <Pine.LNX.4.21.0103172114520.990-100000@hanuman.aukbc.org>
User-agent: Mutt/1.2.4i

On 17/03/01 21:18 +0530, M K Saravanan spewed into the LI bitstream:

> I got the following mail.  Is it a hoax or some team is really trying to
> crack my system?
 
 From the spelling, it sounds like this skript kiddie is based in India

> Return-Path: <mksarav@xxxxxxxxxxxx>
> Received: from localhost (IDENT:mksarav@localhost [127.0.0.1])
> 	by hanuman.aukbc.org (8.9.3/8.9.3) with ESMTP id VAA01855
> 	for <mksarav@localhost>; Sat, 17 Mar 2001 21:07:54 +0530

did someone set the return path and from that way?  it is very easy to forge

> Received: from mail.mitindia.edu
> 	by localhost with POP3 (fetchmail-5.3.1)

mitindia sends it to your localhost using fetchmail

> Received: from proximity.globalgold.co.uk [212.250.240.2] by
>     mail.mitindia.edu with ESMTP
>   (SMTPD32-6.04) id AAB4CB3B00E0; Sat, 17 Mar 2001 09:54:44 -0500

proximity.globalgold.co.uk sends it to your server

> Received: (from nobody@localhost)
> 	by proximity.globalgold.co.uk (8.9.1/8.9.1) id OAA04107;
> 	Sat, 17 Mar 2001 14:58:33 GMT
> Date: Sat, 17 Mar 2001 14:58:33 GMT
> Message-Id: <200103171458.OAA04107@xxxxxxxxxxxxxxxxxxxxxxxxxx>

this is a webmail app ... note the nobody@localhost (usually the sign of a
cgi script)

> Received: from www.ManicMail.net (abuse@xxxxxxxxxxxxx)
> Comments: email ManicMail with all instances of abuse
> Comments: enclosing a copy of the email and all header information

do this - contact abuse@xxxxxxxxxxxxx

> To: mksarav@xxxxxxxxxxxx
> Subject: Ur password has been stolen

change your passwords (and use mkpasswd instead of your girlfriend's / dog's
name or something similar)

>  Ur password has been stolen by our team. 
>  U may be wondering what may be our aim ..  .. without changing
> the password, we r just warning and leaving the password to the owner itself..
> We r the team who keep on try to find loopholes.
 
Spells like a script kiddie ... and an Indian script kiddie at that.  Ask
manicmail about this.

-- 
Suresh Ramasubramanian  <---->  mallet <at> efn dot org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin
X-rated movies are all alike ... the only thing they leave to the
imagination is the plot.

Follow-Ups:
- Re: got a mail with * Ur password has been stolen * as subject
  - From: Udhay Shankar N
- Re: got a mail with * Ur password has been stolen * as subject
  - From: Suresh Ramasubramanian

References:
- got a mail with * Ur password has been stolen * as subject
  - From: M K Saravanan

Prev by Subject: got a mail with * Ur password has been stolen * as subject
Next by Subject: Re: got a mail with * Ur password has been stolen * as subject
Previous by thread: got a mail with * Ur password has been stolen * as subject
Next by thread: Re: got a mail with * Ur password has been stolen * as subject
Index(es):
- Subject
- Thread