|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
|
Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source |
Forum Announcements Here you can find all forum news, changes, Updates and other useful information about Gsm-Forum. |
| LinkBack | Thread Tools | Display Modes |
03-04-2004, 09:45 | #1 (permalink) |
Administrator Join Date: May 1999 Location: 123 Age: 53
Posts: 4,243
Member: 3 Status: Offline Sonork: [email protected] pm or email Thanks Meter: 1,538 | Attention ( Virus / Trojan ) !!! 2 days ago I become an mail with Virus/Trojan from a known cheater. This hacker/cheater spyed my passwords and logged into admin-panel. If anyone have also got this mail, check your system. There is atm no virus-scanner which can detect this virus/trojan. If I get a new signatur-file from antivirus-company I post it here. Details of mail: Subject: CeBIT 2004 Invitation Attachement: CeBIT2004.zip with included pdf and exe-file exe is an trojan/virus ( more infos comming soon, exe is for analyse by some antivirus-companys ) Mailtext: Dear Friends, We sincerely invite you to visit our booth at hall 12, B69 and see our advanced products in person. If you would like to find out more please find a minute and take a look on presentation that is attached with this message. With best regards, Senderip of virus: 80.53.192.14 This ip used my admin-login some hour laters, this ip: 213.190.37.2 used my admin-login. This ip is also used by a known cheater in our forum at the same time. Here the header from mail: Code: Return-Path: <[email protected]> Received: from localhost (localhost.localdomain [127.0.0.1]) by localhost.localdomain (8.12.8/8.12.5) with ESMTP id i22JohGU029652 for <zfrank@localhost>; Tue, 2 Mar 2004 20:50:43 +0100 X-Flags: 0000 Delivered-To: GMX delivery to zfrank@xxxxxx Received: from pop.xxxx.net [213.165.64.20] by localhost with POP3 (fetchmail-5.9.0) for zfrank@localhost (single-drop); Tue, 02 Mar 2004 20:50:43 +0100 (CET) Received: (qmail 20004 invoked by uid 65534); 2 Mar 2004 19:48:54 -0000 Received: from webmail-outgoing.us4.outblaze.com (EHLO webmail-outgoing.us4.outblaze.com) (205.158.62.67) by mx0.gmx.net (mx039) with SMTP; 02 Mar 2004 20:48:54 +0100 Received: from spf9.us4.outblaze.com (spf9.us4.outblaze.com [205.158.62.169]) by webmail-outgoing.us4.outblaze.com (Postfix) with QMQP id A9D7A1800D9B for <[email protected]>; Tue, 2 Mar 2004 19:48:51 +0000 (GMT) X-OB-Received: from unknown (205.158.62.37) by wfilter.us4.outblaze.com; 2 Mar 2004 19:48:42 -0000 Received: by ws1-9.us4.outblaze.com (Postfix, from userid 1001) id 0EEF943E51; Tue, 2 Mar 2004 19:48:45 +0000 (GMT) Content-Type: multipart/mixed; boundary="----------=_1078256922-3019-0" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 X-Mailer: MIME-tools 5.41 (Entity 5.404) Received: from [80.53.192.14] by ws1-9.us4.outblaze.com with http for [email protected]; Tue, 02 Mar 2004 14:48:42 -0500 From: "xxxx xxxx" <[email protected]> To: [email protected] Date: Tue, 02 Mar 2004 14:48:42 -0500 Subject: CeBIT 2004 Invitation X-Originating-Ip: 80.53.192.14 X-Originating-Server: ws1-9.us4.outblaze.com Message-Id: <[email protected]> X-GMX-Antivirus: 0 (no virus found) X-GMX-Antispam: 0 (Mail was not recognized as spam) Status: Here are some server-logs from virus-sender/cheater: User/Cheater with his own Userid and IP 213.190.37.2 Userid censored with xxxx Code: ======================================== Request: 213.190.37.2 - - [Thu Mar 4 18:25:20 2004] "POST /vbb/newthread.php HTTP/1.1" 200 52184 Handler: (null) ---------------------------------------- POST /vbb/newthread.php HTTP/1.1 Accept: */* Accept-Language: en-us Cache-Control: no-cache Connection: Keep-Alive Content-Length: 8923 Content-Type: application/x-www-form-urlencoded Cookie: bblastvisit=1078136711; __utma=100471433.964153968.1073996504.1073996504.1073996504.1; bblastactivity=1078136711; bbuserid=1xxxx; bbpassword=8ae49dc91cb0432b0fa373e6bcxxxx; sessionhash=0dbecd2ac6802676c275a2e172xxxx; bbforum_view=ax3x-ix35yix1078327997yix203yix1078313769yix112yix1078321940y_; bbthread_lastview=ax13x-ix130085yix1078299682yix130059yix1078327975yix129985yix1078300057yix129948yix1078300096yix129880yix1078300112yix129867yix1078300149yix129804yix1078300195yix129541yix1078300239yix129162yix1078300260yix130259yix1078313510yix126938yix1078313866yix124217yix1078324360yix130359yix1078385311y_ Host: forum.gsmhosting.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) XXXXXXX: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXX: XXXXXXXXXXXXX [POST payload not available] HTTP/1.1 200 OK X-Powered-By: PHP/4.3.4 Cache-Control: private Set-Cookie: sessionhash=9e2e1dc2ca2fa01371928308ebxxxxx; path=/ Content-Length: 52184 Connection: close Content-Type: text/html ======================================== Code: ======================================== Request: 213.190.37.2 - zfrank [Wed Mar 3 18:20:06 2004] "POST /vbb/admincp/xxxxxxx.php HTTP/1.1" 200 2665 Handler: (null) ---------------------------------------- POST /vbb/admincp/xxxxx.php HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */* Accept-Language: en-us Authorization: Basic emZyYW5rOmJvxxxxxxx Cache-Control: no-cache Connection: Keep-Alive Content-Length: 66 Content-Type: application/x-www-form-urlencoded Cookie: bblastvisit=1077727244; bblastactivity=1078269624; x; bbmodsession=1; bbuserid=3; bbpassword=78c139ceaf82db8f67993c83xxxxxx Host: forum.gsmhosting.com Referer: http://forum.gsmhosting.com/vbb/admincp/xxxxxx.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) [POST payload not available] HTTP/1.1 200 OK X-Powered-By: PHP/4.3.4 Expires: Mon, 26 Jul 1997 05:00:00 GMT Last-Modified: Wed, 03 Mar 2004 17:20:06 GMT Cache-Control: no-store, no-cache, must-revalidate Cache-Control: private, post-check=0, pre-check=0 Pragma: no-cache Content-disposition: xxxxxxx Connection: close Transfer-Encoding: chunked Content-Type: unknown/unknown ======================================== Last edited by zfrank; 03-04-2004 at 10:12. |
03-04-2004, 10:59 | #3 (permalink) |
No Life Poster Join Date: Feb 2003 Location: India Age: 39
Posts: 918
Member: 20691 Status: Offline Thanks Meter: 20 | Yes we all would like to know this cheater ! Personal Advice to Zfrank : The security of the server should be upgraded and made better, so that such cheap persons may not hack it, and i think this is the second time.... Regards, Tanvir !!! |
03-04-2004, 11:13 | #5 (permalink) |
No Life Poster Join Date: Jul 2001 Location: Inside Raskal pocket Age: 54
Posts: 3,316
Member: 5325 Status: Offline Thanks Meter: 8,448 | Hi, I received same, but verry interesting in TO: field was written [email protected] So, our good old friend Davor, or who knows .... Lucky me, I was not opened any file, so ... Here is full headers: ----------------------------------------- Received: from ns2.ARtelecom.net [80.97.194.4] by ARtelecom.net (SMTPD32-8.05) id A5834080112; Tue, 02 Mar 2004 21:50:27 +0200 Received: from 80.97.255.66 by ns2.ARtelecom.net (InterScan E-Mail VirusWall NT); Tue, 02 Mar 2004 21:50:23 +0200 Received: (qmail 32029 invoked from network); 2 Mar 2004 19:49:17 -0000 Received: from m1.dnsix.com (63.251.171.167) by ns3.artelecom.net with SMTP; 2 Mar 2004 19:49:17 -0000 Received: from [205.158.62.67] (helo=webmail-outgoing.us4.outblaze.com) by m1.dnsix.com with esmtp (Exim 4.24) id 1AyGPv-0004tk-1a for [email protected]; Tue, 02 Mar 2004 12:23:03 -0800 Received: from spf9.us4.outblaze.com (spf9.us4.outblaze.com [205.158.62.169]) by webmail-outgoing.us4.outblaze.com (Postfix) with QMQP id 1331E1801531 for <[email protected]>; Tue, 2 Mar 2004 19:48:55 +0000 (GMT) X-OB-Received: from unknown (205.158.62.37) by wfilter.us4.outblaze.com; 2 Mar 2004 19:48:42 -0000 Received: by ws1-9.us4.outblaze.com (Postfix, from userid 1001) id 0EEF943E51; Tue, 2 Mar 2004 19:48:45 +0000 (GMT) Content-Type: multipart/mixed; boundary="----------=_1078256922-3019-0" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 X-Mailer: MIME-tools 5.41 (Entity 5.404) Received: from [80.53.192.14] by ws1-9.us4.outblaze.com with http for [email protected]; Tue, 02 Mar 2004 14:48:42 -0500 From: "John Davidson" <[email protected]> To: [email protected] Date: Tue, 02 Mar 2004 14:48:42 -0500 Subject: CeBIT 2004 Invitation X-Originating-Ip: 80.53.192.14 X-Originating-Server: ws1-9.us4.outblaze.com Message-Id: <[email protected]> X-RCPT-TO: <[email protected]> Status: U X-UIDL: 353694390 ----------------------------------------- Best regards, Zulea |
03-04-2004, 11:47 | #8 (permalink) |
No Life Poster Join Date: Nov 2002 Location: Canary Islands Age: 53
Posts: 1,432
Member: 17351 Status: Offline Thanks Meter: 41 | I too was sent virus W32.MyDoom which was picked up thankfully. The name of the sender came up as Spunlock. When I replied it went to a nice chap called Dips from Cellular Services who knew nothing about it. I am not saying Spunlock knows anything about it either, maybe someone dont like him?(Or maybe someone dont like me?) |
03-04-2004, 11:50 | #9 (permalink) | |
No Life Poster Join Date: Oct 2000 Location: Split / Zagreb, Croatia Age: 53
Posts: 2,290
Member: 2236 Status: Offline Thanks Meter: 58 | Quote:
Hi I know Davor many years and I'm sure that he is not behind this attack... he probably opened the attachment thinking that it was a real invitation to CEBIT because me and him will be at CEBIT this year... so maybe he tought that some of known people sended him that invitiation and he was smart enough to open it Oliver | |
03-04-2004, 11:56 | #10 (permalink) | |
Administrator Join Date: May 1999 Location: 123 Age: 53
Posts: 4,243
Member: 3 Status: Offline Sonork: [email protected] pm or email Thanks Meter: 1,538 | Quote:
This was no attack to webserver, it was an attack to my home-system. @kimagsm right @all davor isnīt the sender, heīve nothing to do with this.. Last edited by zfrank; 03-04-2004 at 12:24. | |
03-04-2004, 11:59 | #11 (permalink) |
Freak Poster Join Date: Dec 2003 Location: Leicester ~ UK Age: 37
Posts: 289
Member: 46456 Status: Offline Thanks Meter: 0 | Just to avoid people pointing fingures at others most people know how these worms work... In zfranks case it's a different matter... in other cases mentioned the worm infects a persons computer and then sends itself to other email address stored in the persons address book... the worm will use various peoples email address' to enable a higher chance of infection... |
03-04-2004, 12:14 | #12 (permalink) | |
No Life Poster Join Date: Jul 2001 Location: Universalbox Age: 51
Posts: 740
Member: 5144 Status: Offline Thanks Meter: 19 | Quote:
About Davor... ..Do not be so shure... He is like brother with Anatoly... P>S..I am KIMA...Not KINA... b/r KIMA | |
03-04-2004, 12:20 | #13 (permalink) |
Freak Poster Join Date: Feb 2003 Location: Amsterdam
Posts: 344
Member: 22083 Status: Offline Thanks Meter: 0 | http://www.esecurityplanet.com/trend...le.php/3320501 Virus problem seems to be getting worse. Best method it not to allow any attachments. |
03-04-2004, 12:30 | #14 (permalink) |
Freak Poster Join Date: Oct 2003 Location: EU
Posts: 283
Member: 42756 Status: Offline Thanks Meter: 4 | @The Dog Your virus is a common sh*t and has nothing to do with the hacking of Zfrank's PC - I get few mails a day with such stuff. @Zfrank If you are 100% who did that trick on you please publish his name in the forum. B.R. |
03-04-2004, 12:46 | #15 (permalink) |
Administrator Join Date: Jan 2001 Age: 52
Posts: 3,963
Member: 3188 Status: Offline Thanks Meter: 2,394 | he is the Cheater Anatoly www.gsmunlock.com he uses many Usernames like unlteam & gsmunlock.com |
Bookmarks |
| |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Problem , Virus trojan on version 3.15 | tgcommss | DreamBox | 9 | 06-17-2009 05:24 |
What's problem with Pocket Themida virus and Trojan in software | sokolibrahimi | Easy-Unlocker | 5 | 06-04-2008 18:09 |
TROJAN virus in dct4plus keygen.exe | mind bugler | Nokia Digital Core Technology 4 ( DCT-4 ) | 0 | 12-03-2007 06:51 |
W A R N I N G ! ! ! Trojans/virus | l0l0 | Nokia Multimedia | 15 | 11-09-2007 09:13 |
Attention! New trojan | b0ba | Off Topic Zone | 1 | 03-06-2004 18:44 |
|