Test =)

ciaxxrprpgyxj

--

Test, yep.





[Non-text portions of this message have been removed]

Did we pass?



--- dghprobe3@... wrote:

>  Test =)

> ciaxxrprpgyxj

> --

> Test, yep.

>

>

> [Non-text portions of this message have been

> removed]

>

>

>

>

> Yahoo! Groups Links

>

> To visit your group on the web, go to:

>  http://groups.yahoo.com/group/probe_control/

>

> To unsubscribe from this group, send an email to:

>  probe_control-unsubscribe@yahoogroups.com

>

> Your use of Yahoo! Groups is subject to:

>  http://docs.yahoo.com/info/terms/

>

>





__________________________________

Do you Yahoo!?

Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes

http://hotjobs.sweepstakes.yahoo.com/signingbonus

--- In probe_control@yahoogroups.com, Michael Hendry <mvhendry@y...>

wrote:

> Did we pass?

>

> --- dghprobe3@a... wrote:

> >  Test =)

> > ciaxxrprpgyxj

> > --

> > Test, yep.





W32.Beagle.A@mm is a mass-mailing worm that will only work until 28th

of January. This worm will insert several files and registry keys on

the system. It will also access remote websites, and email all

contacts it can find. The emails sent by this worm will have the

following characteristics:



Subject: Hi

Message:

Test =)

<Random characters>

--

Test, yep.

Filename: <Random>.exe

Filesize: 16Kbytes





Also Known As:  I-Worm.Bagle [Kaspersky], WORM_BAGLE.A [Trend]



Type:  Worm

Infection Length:  16 Kbytes







Systems Affected:  Windows 2000, Windows 95, Windows 98, Windows Me,

Windows NT, Windows Server 2003, Windows XP

Systems Not Affected:  DOS, Linux, Macintosh, Microsoft IIS, OS/2,

UNIX, Windows 3.x

Thanks for posting the info about the Beagle virus.  Sophos has more

on their site.  When you look at our "Messages" page, which lists all

the most recent messages, you will see that they sent "my" post using

direct email, rather than my usual way of posting using the "Post"

or "Reply" command to the Yahoo list itself.  I don't understand how

they were able to use my email address unless they had my password,

unless they spoofed it somehow?

------------------------------



http://www.sophos.com/virusinfo/articles/bagle.html



19 January 2004



New Bagle worm spreads over internet disguised as Calculator, warns

Sophos



Sophos, a world leader in protecting businesses against spam and

viruses, is warning of a new worm called Bagle-A (W32/Bagle-A).

http://www.sophos.com/virusinfo/analyses/w32baglea.html



Following many reports in Australia, Sophos has already started to

see multiple reports coming from the UK and other countries, and

users are advised to be cautious of emails received over the weekend

with the subject line "Hi". The Bagle-A worm (also known as Beagle)

arrives as an email message which talks about a test and has an

attachment - a program file with a random name. This file which can

pretend to be the Windows calculator, opens a security hole in the

infected user's computer which can be exploited by hackers.



"As users come back to work after the weekend they are at risk of

finding the malicious Bagle worm in their email inbox," said Graham

Cluley, senior technology consultant for Sophos. "The worm pretends

to be a "techie looking" test email to fool people into running the

dangerous attachment - not knowing they are potentially giving

hackers the power to run destructive code on their computer."



"Computer users should be wary of any programs delivered by email

even if they seem to come from a known contact. If you email programs

around, you should get out of this habit now, as it encourages bad

security practice," continued Cluley.



Sophos recommends the use of email gateway software, which can block

all programs, whether infected or not, in order to enforce safe

computing practices."

Hi Don, I thought that your post was a bit of droll humor implying

that we all received a virus from none other than Skip Brown

"skipster61@...". This is how I received, and sucessfully

blocked the email worm. I havent been "on list" for ages, but Skip

must have my old posts in his email. This is how Beagle got my email

adress, so Skip, time to clean out your computer!! Don, if the

program generates random letters, then "cia" might not be random and

probably implies a hacker is involved. More here:



http://news.bbc.co.uk/2/hi/technology/3410209.stm

They can (and probably did) just e-mail it in, using a modified e-mail

account. It is simple to do. And, you can mail into any Yahoo! group.

It might even be posted on the main page.



Tony





--- In probe_control@yahoogroups.com, "dghprobe3" <dghprobe3@a...> wrote:

> Thanks for posting the info about the Beagle virus.  Sophos has more

> on their site.  When you look at our "Messages" page, which lists all

> the most recent messages, you will see that they sent "my" post using

> direct email, rather than my usual way of posting using the "Post"

> or "Reply" command to the Yahoo list itself.  I don't understand how

> they were able to use my email address unless they had my password,

> unless they spoofed it somehow?

> ------------------------------

>

> http://www.sophos.com/virusinfo/articles/bagle.html

>

> 19 January 2004

>

> New Bagle worm spreads over internet disguised as Calculator, warns

> Sophos

>

> Sophos, a world leader in protecting businesses against spam and

> viruses, is warning of a new worm called Bagle-A (W32/Bagle-A).

> http://www.sophos.com/virusinfo/analyses/w32baglea.html

>

> Following many reports in Australia, Sophos has already started to

> see multiple reports coming from the UK and other countries, and

> users are advised to be cautious of emails received over the weekend

> with the subject line "Hi". The Bagle-A worm (also known as Beagle)

> arrives as an email message which talks about a test and has an

> attachment - a program file with a random name. This file which can

> pretend to be the Windows calculator, opens a security hole in the

> infected user's computer which can be exploited by hackers.

>

> "As users come back to work after the weekend they are at risk of

> finding the malicious Bagle worm in their email inbox," said Graham

> Cluley, senior technology consultant for Sophos. "The worm pretends

> to be a "techie looking" test email to fool people into running the

> dangerous attachment - not knowing they are potentially giving

> hackers the power to run destructive code on their computer."

>

> "Computer users should be wary of any programs delivered by email

> even if they seem to come from a known contact. If you email programs

> around, you should get out of this habit now, as it encourages bad

> security practice," continued Cluley.

>

> Sophos recommends the use of email gateway software, which can block

> all programs, whether infected or not, in order to enforce safe

> computing practices."

--- In probe_control, dghprobe3@a... wrote:

>  Test =)

> ciaxxrprpgyxj

> --

> Test, yep.

>

> [Non-text portions of this message have been removed]

----------------------------



Thanks to Jim Alexander for alerting me to the above.  I did not send

this to the list.  Apparently someone hacked into my AOL and/or Yahoo

accounts.  I've changed my passwords, but if they have ways of

getting passwords, that may not work for long.



One of the problems Jim pointed out to me is that my email address

officially starts with a capital "D" whereas it appears as a lower

case "d" in the email that was sent out to the list.



Next, I never use a bogus "Hi" as a subject line.  Usually I tell

what the post is about with a phrase, or use a tongue in cheek line

to catch people's attention.  And I never make smileys like that.



They included "cia" in their gibberish above, which is wierd.  And I

rarely use the word "yep" unless it's in an informal instant message

context.



The line, "[Non-text portions of this message have been removed],"

indicates that someone tried to send an attachment to the list,

probably a virus.



I checked all my other Yahoo groups, and so far the ONLY list this

person bothered with was the SEARCH list.  Why they didn't do any

further damage is a mystery, but they apparently wanted to try to

give everyone on the SEARCH list a virus.  They could have done more

damage here, and to other lists, but they were content do try

something ONLY on the SEARCH list.  (At least, as far as I know.  We

may need to check the Files and Links sections for anything else

bogus posted for 1-19-04.)



Back during Thanksgiving last year, we had some severe trouble with a

member of this list who has since been banned.  I suspect that the

same person is behind this current trouble.  But I'd like a little

more evidence before I name names once again.  If it is the same

person, I'm surprised he missed the opportunity to post extreme

vulgarities.



Does anyone know what else I should check, change, or look out for

with regard to trying to keep these things from happening again?  Is

there any way to track which computer sent this fake "Hi" post?



--Don H.

Here is the email header from the original message, on the one I

received; it shows the IP address that it was sent from, and you may

want to send it to the fraud division at AOL, or whatever they call it

there.  They can trace it back to the originating machine.  If it was

done from a public PC, though, I don't know what can be done to find the

hacker.



Return-path:

<sentto-1030235-2297-1074511157-marta=steveandmarta.com@...

ahoo.com>

Envelope-to: marta@...

Delivery-date: Mon, 19 Jan 2004 05:11:01 -0700

Received: from [66.218.66.101] (helo=n33.grp.scd.yahoo.com)

	 by valley.vosn.net with smtp (Exim 4.24)

	 id 1AiYFB-0000J4-N4

	 for marta@...; Mon, 19 Jan 2004 05:11:01 -0700

X-eGroups-Return:

sentto-1030235-2297-1074511157-marta=steveandmarta.com@...

hoo.com

Received: from [66.218.67.192] by n33.grp.scd.yahoo.com with NNFMP; 19

Jan 2004 11:19:18 -0000

X-Sender: dghprobe3@...

X-Apparently-To: probe_control@yahoogroups.com

Received: (qmail 94617 invoked from network); 19 Jan 2004 11:19:16 -0000

Received: from unknown (66.218.66.167)

   by m10.grp.scd.yahoo.com with QMQP; 19 Jan 2004 11:19:16 -0000

Received: from unknown (HELO oemcomputer) (172.189.95.148)

   by mta6.grp.scd.yahoo.com with SMTP; 19 Jan 2004 11:19:15 -0000

To: probe_control@yahoogroups.com

Message-ID: <jdbokshixkwgnoixyyl@...>

X-eGroups-Remote-IP: 172.189.95.148

From: dghprobe3@...

X-Yahoo-Profile: dghprobe3

MIME-Version: 1.0

Mailing-List: list probe_control@yahoogroups.com; contact

probe_control-owner@yahoogroups.com

Delivered-To: mailing list probe_control@yahoogroups.com

Precedence: bulk

List-Unsubscribe: <mailto:probe_control-unsubscribe@yahoogroups.com>

Date: Mon, 19 Jan 2004 11:21:54 +0000

Subject: [probe_control] Hi

Reply-To: probe_control@yahoogroups.com

Content-Type: text/plain; charset=US-ASCII

Content-Transfer-Encoding: 7bit









Marta



http://www.steveandmarta.com



Home of "The Graveyards of Omaha" and



"The New Twilight Zone" websites (Alan Brennert's new book is featured

on the site!)



"Experience should teach us to be on our guard to protect liberty when

government's purpose are beneficent. Men born to freedom are naturally

alert to repel invasion of their liberty by evil-minded rulers. The

greatest dangers to liberty lurk in insidious encroachment of men of

zeal, well meaning but without understanding."



Supreme Court Justice Louis Brandeis's great statement from Olmstead v.

United States

<http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=us&vol=277&invol

=438>:



-----Original Message-----

From: dghprobe3 [mailto:dghprobe3@...]

Sent: Monday, January 19, 2004 6:07 PM

To: probe_control@yahoogroups.com

Subject: [probe_control] Re: Hi



--- In probe_control, dghprobe3@a... wrote:

>  Test =)

> ciaxxrprpgyxj

> --

> Test, yep.

>

> [Non-text portions of this message have been removed]

----------------------------



Thanks to Jim Alexander for alerting me to the above.  I did not send

this to the list.  Apparently someone hacked into my AOL and/or Yahoo

accounts.  I've changed my passwords, but if they have ways of

getting passwords, that may not work for long.



One of the problems Jim pointed out to me is that my email address

officially starts with a capital "D" whereas it appears as a lower

case "d" in the email that was sent out to the list.



Next, I never use a bogus "Hi" as a subject line.  Usually I tell

what the post is about with a phrase, or use a tongue in cheek line

to catch people's attention.  And I never make smileys like that.



They included "cia" in their gibberish above, which is wierd.  And I

rarely use the word "yep" unless it's in an informal instant message

context.



The line, "[Non-text portions of this message have been removed],"

indicates that someone tried to send an attachment to the list,

probably a virus.



I checked all my other Yahoo groups, and so far the ONLY list this

person bothered with was the SEARCH list.  Why they didn't do any

further damage is a mystery, but they apparently wanted to try to

give everyone on the SEARCH list a virus.  They could have done more

damage here, and to other lists, but they were content do try

something ONLY on the SEARCH list.  (At least, as far as I know.  We

may need to check the Files and Links sections for anything else

bogus posted for 1-19-04.)



Back during Thanksgiving last year, we had some severe trouble with a

member of this list who has since been banned.  I suspect that the

same person is behind this current trouble.  But I'd like a little

more evidence before I name names once again.  If it is the same

person, I'm surprised he missed the opportunity to post extreme

vulgarities.



Does anyone know what else I should check, change, or look out for

with regard to trying to keep these things from happening again?  Is

there any way to track which computer sent this fake "Hi" post?



--Don H.









Yahoo! Groups Links



To visit your group on the web, go to:

  http://groups.yahoo.com/group/probe_control/



To unsubscribe from this group, send an email to:

  probe_control-unsubscribe@yahoogroups.com



Your use of Yahoo! Groups is subject to:

  http://docs.yahoo.com/info/terms/

Please have a look at the attached file.





[Non-text portions of this message have been removed]

Hello everyone:  I had nothing to do with this latest "Hi" post.  We

had this problem back on January 19th in message 2441, where my email

address was spoofed then too.  Or it was gotten from someone's

address book or from old posts on someone's hard drive.  Luckily

Yahoo stopped posting attachments a few years ago because of strange

malicious virus uploads and similar.



In msg 2447, crayresearch reported that we received a variant of the

Beagle virus from Skip Brown.  Might be a good idea for all of us to

do a virus update and scan, which is what I'll be doing.  :-)



-------------------------------------------

--- In probe_control msg 2441, spoof of dghprobe3 wrote:

>  Test =)

> ciaxxrprpgyxj

> --

> Test, yep.

>

> [Non-text portions of this message have been removed]

OMG! You have got to be freaking kidding me!!! This is the very first

time I even heard about all this... I had not even seen msg 2441, and

when I read it, I just about freaked out... OMG! What does someone say

about something like this????? I had NO IDEA whatsoever!!!!



You know what is really freaky about this? I am the moderator/owner of

three lists on Yahoo, and a member of about 10 other lists... This is

the only list I am on that this has happened... I mean, if I were

cursing person, right now, I would be banned from this list... This is

so freaking me out!



I just checked my SENT list, and had not sent any email today (until

now), and plus, I do not have your name, or the list name in my Outlook

address book... This is an obvious ploy or tactic someone is trying to

implicate me in. (It would make a great SEARCH episode -- find the

missing hacker).



There is an alternative answer to this thing... I believe someone is

trying some heavy payback on me....

A few days ago, someone sent an email to the members of one of my email

groups, telling everyone how they could hack into someone's

email/password if they use Yahoo.  I sent a reply letter to the group

warning them that the method being used was, in itself, a hack... In

order to "get" the information, the would-be hacker would have to give

away their own user name and password...  Voila! Someone has just used

your greed, to get your email address and your password.



No one commented about that reply, but mysteriously, yesterday, I got 6

different emails from 6 "different" sources, each with zip files

attached.   I know better than to open ANY zip file, exe, vbs or script

(scr) files sent to me without permission. In doing research on tracking

bogus email, I found out that the headers can be faked.  (I would love

to send the headers in a text only email to anyone who can help me track

the sender... Anyone?)



And now, I hear about this....



OMG! This is so incredibly, freaking crazy!!!



I am sorry for anything that might have been caused by my lack of

"protection", and am willing to be moderated if the mods think so...

I would hate for it to come down to this, but I am truly a nice, guy...

I may have a warped sense of humor, but I genuinely do like SEARCH, and

enjoy chatting with others who do...



Again, my apologies... I suppose that is all I can say...

Skip Brown



-----Original Message-----

From: dghprobe3 [mailto:dghprobe3@...]

Sent: Tuesday, July 27, 2004 4:33 PM

To: probe_control@yahoogroups.com

Subject: [probe_control] Re: Hi





Hello everyone:  I had nothing to do with this latest "Hi" post.  We

had this problem back on January 19th in message 2441, where my email

address was spoofed then too.  Or it was gotten from someone's

address book or from old posts on someone's hard drive.  Luckily

Yahoo stopped posting attachments a few years ago because of strange

malicious virus uploads and similar.



In msg 2447, crayresearch reported that we received a variant of the

Beagle virus from Skip Brown.  Might be a good idea for all of us to

do a virus update and scan, which is what I'll be doing.  :-)



-------------------------------------------

--- In probe_control msg 2441, spoof of dghprobe3 wrote:

>  Test =)

> ciaxxrprpgyxj

> --

> Test, yep.

>

--- In probe_control, "Skip Brown" wrote:

> OMG! You have got to be freaking kidding me!!! This is the very

> first time I even heard about all this...



Hi Skip:  Don't worry too much, other than to do the normal virus

update and scan.  Viruses just do their thing, and I'm sure the

incident in January wasn't something you did deliberately.



I have a feeling this second incident may have a different source,

but I'm not sure how to track it.  Apparently there is a new Beagle

virus going around, so that's not helping matters either.



I'm glad you mentioned some of the other items because I think it

would be a good idea to change our Yahoo passwords on a regular

basis.  It would be a good idea to change them now too.  If anyone

has any other ideas or suggestions, please send them in.



--Don

Don't worry Skip...we know you were not the villian back then...just as we know

Don is not the villian now.



I got a ton of those virus messages from a variety of other places...they were

quite clever, because in the body of the message they even inserted my email's

company name so that it read correctly and looked somewhat authentic.



Some of those same messages were also received by others at the company I am

temping at.  The message really sounded like it was from IT, but we knew it was

not.



-----Original Message-----

From: Skip Brown <skipster61@...>

Sent: Jul 28, 2004 12:13 AM

To: probe_control@yahoogroups.com

Subject: [probe_control] Re: Hi <--- Its NOT ME !!!!



I am sorry for anything that might have been caused by my lack of

"protection", and am willing to be moderated if the mods think so...

I would hate for it to come down to this, but I am truly a nice, guy...

I may have a warped sense of humor, but I genuinely do like SEARCH, and

enjoy chatting with others who do...



Again, my apologies... I suppose that is all I can say...

Skip Brown