-----------------------------------------------------------------------------------------------------------------
Hi All :
While everyone is reading the 'Clinton Papers' at thomas.loc.gov,
I've been quite busy researching 'exploits' history. Here is the actual letter
which prompted the new 'mail filtering' rules. Origionally, this exact e-mail
reportedly had the 'password stealing' program attached - does it look real to
you ? Seems 132.15.128.128 *is* really an Air Force domain, of the recipient,
but the 'Microsoft' notice was mailed from Bulgaria ! ( see below ) and notice
that the authentication failed - as the 'sender' was UNVERIFIED. Also notice the
typos - like Microsoft doesn't have a spell checker ;) interesting to see ... I'd like
to think I'd have caught it before it was too late !
-------------------------------------------
Return-Path:
Received: from emh.kadena.af.mil (emh.kadena.af.mil [132.15.128.128])
by users.qual.net (8.9.0/8.9.0/QualNet) with ESMTP id XAA12652
for <>; Fri, 7 Aug 1998 23:06:24 -0400 (EDT)
Received: from zmei.bg (tarnovo17.pip.digsys.bg [193.68.14.17]) by
emh.kadena.af.mil with SMTP (Microsoft Exchange Internet Mail Service
Version 5.5.1960.3)
id PY001CB7; Sat, 8 Aug 1998 11:57:29 +0900
Message-Id: <3.0.5.32.19980808013413.007a4eb0@microsoft.com>
X-Sender: IEsupport@microsoft.com (Unverified)
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32)
Date: Sat, 08 Aug 1998 01:34:13 +0300
To: (Recipient list suppressed)
From: Microsoft Internet Explorer Support Center
Subject: FREE! Your upgrade for Microsoft Internet Explorer
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=====================_902518453==_"
Status:
As user of Microsoft Internet Explorer Microsoft Corporation provide
you
an upgrade for your Microsoft Internet Explorer. Please run Ie080898.exe to
install the upgrade. This file will fix some serious bugs in your Internet
Explorer.
For more information please visit Microsoft Internet Explorer Home Page
at:
http://www.microsoft.com/ie/
---------------------------------------------------------------------------
(rest deleted)
---------------------------------------------------------------------------
Trace Info : whois.ripe.net -
inetnum: 193.68.0.0 - 193.68.20.255
netname: BGNET
descr: EUnet Bulgaria Backbone Network
country: BG
admin-c: DK234
tech-c: DK234
rev-srv: ns.digsys.bg
rev-srv: ns2.digsys.bg
status: ASSIGNED PA
mnt-by: AS3245-MNT
source: RIPE
route: 193.68.0.0/16
descr: EUnet Bulgaria customer
origin: AS3245
mnt-by: AS3245-MNT
source: RIPE
person: Daniel Kalchev
address: Digital Systems
address: Neofit Bozveli 6
address: BG-9000 Varna
address: Bulgaria
phone: +359 52 259135
phone: +359 52 235866
fax-no: +395 52 234540
e-mail: daniel@digsys.bg
nic-hdl: DK234
source: RIPE
------------------------
------------------------
73's radioman
radioman@seasurf.com
http://seasurf.com/~radioman
<<BACK