Dangerous E-mails.

Discussion in 'Computer Security' started by Plompetta, Jun 4, 2004.

  1. Plompetta

    Plompetta Guest

    Hi, I understand that some HTML-enabled e-mails can contain dangerous code
    (I think it is things like HTA files, Active X and Javascript, etc).

    Does anyone know of a good resource where I can (as a newbie) learn more
    about such things?

    Thanks.
     
    Plompetta, Jun 4, 2004
    #1
    1. Advertising

  2. Plompetta

    Chuck Guest

    On Fri, 4 Jun 2004 20:07:21 +0100, "Plompetta" <> wrote:

    >Hi, I understand that some HTML-enabled e-mails can contain dangerous code
    >(I think it is things like HTA files, Active X and Javascript, etc).
    >
    >Does anyone know of a good resource where I can (as a newbie) learn more
    >about such things?
    >
    >Thanks.


    Plompetta,

    In Usenet, news.admin.net-abuse.email is where I always go for any email
    exploits news. Warning - that is a very vocal group, and not always polite.

    Websites that I read frequently:
    Broadband/DSLReports <http://www.dslreports.com/forum/>
    SANS <http://isc.sans.org/>
    SecurityFocus / Bugtrac <http://www.securityfocus.com/>
    SpywareInfo <http://forums.spywareinfo.com/>

    Cheers,
    Chuck
    Paranoia comes from experience - and is not necessarily a bad thing.
     
    Chuck, Jun 4, 2004
    #2
    1. Advertising

  3. Plompetta

    Purl Gurl Guest

    Chuck wrote:

    > Plompetta wrote:


    (snipped)

    > > I understand that some HTML-enabled e-mails can contain dangerous code
    > > (I think it is things like HTA files, Active X and Javascript, etc).


    > >Does anyone know of a good resource where I can (as a newbie) learn more
    > >about such things?


    > In Usenet, news.admin.net-abuse.email is where I always go for any email
    > exploits news. Warning - that is a very vocal group, and not always polite.


    Boy Howdy! I never knew of news.admin.net-abuse.email until
    they started spamming our email server with harassment and
    hate email. Continued for weeks. They made every effort possible
    to enrage our family and elict responses.

    My experience is the more vocal populating that group are
    amongst the worst of spammers and those who attempt to
    send exploits to innocent victims. They certainly do all
    possible to spread discontent and hatred.

    I also discovered their suggestions, advice and techniques,
    to be significantly less than intelligent. Their methodology
    is to drop an atomic bomb as a cure. Messy.

    I wrote off that group as a classic AOL "I Hate Everything" chat-group
    populated by a bunch of frustrated wanna-be administrators.


    On email protection, many email readers can be set for "plaintext" only,
    defeating html embedded exploits. Some email readers render all email
    as plaintext, inherently, afforded a lot of safety.

    Chuck's advice to research, read and learn is excellent and should
    be heeded. Today, the greatest source of viruses and trojans, is
    your email. You will be suprised after reading Chuck's resources.

    More of a surprise, being a musician and involved in providing
    free music to others, I learned of methods to include exploits
    in music files, such as midi and mpg files. This really suprised
    me; last thing I expected. You really cannot trust any email,
    especially email attachments.

    As Chuck hints, never trust anything which arrives in email,
    even if the return address is,




    Purl Gurl
     
    Purl Gurl, Jun 4, 2004
    #3
  4. >Hi, I understand that some HTML-enabled e-mails can contain dangerous code
    >(I think it is things like HTA files, Active X and Javascript, etc).


    >Does anyone know of a good resource where I can (as a newbie) learn more
    >about such things?


    Chuck lists some good resources, but while you are absorbing all that
    information, set your mail reader to read all mail in plain text. You won't miss
    anything. The only HTML mail I get is advertising, which I don't want to see,
    anyway.
    --
    Dave "Crash" Dummy - A weapon of mass destruction
    ?subject=Techtalk (Do not alter!)
    http://lists.gpick.com
     
    \Crash\ Dummy, Jun 5, 2004
    #4
  5. Plompetta

    Martin Guest

    "Purl Gurl" <> wrote in message
    news:...
    > Chuck wrote:
    >
    > > Plompetta wrote:

    >
    > (snipped)
    >
    > > > I understand that some HTML-enabled e-mails can contain dangerous code
    > > > (I think it is things like HTA files, Active X and Javascript, etc).

    >
    > > >Does anyone know of a good resource where I can (as a newbie) learn

    more
    > > >about such things?

    >
    > > In Usenet, news.admin.net-abuse.email is where I always go for any email
    > > exploits news. Warning - that is a very vocal group, and not always

    polite.
    >
    > Boy Howdy! I never knew of news.admin.net-abuse.email until
    > they started spamming our email server with harassment and
    > hate email.


    Got any evidence this was spamming? Or was it legitimate complaints about
    your illegal and imoral activities.

    http://groups.google.com/groups?hl=...btnG=Search&meta=group=news.admin.net-abuse.*

    > I wrote off that group as a classic AOL "I Hate Everything" chat-group
    > populated by a bunch of frustrated wanna-be administrators.


    hardly! But then again, spammers would hope that :)



    ---
    Outgoing mail is certified Virus Free. AVG
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.699 / Virus Database: 456 - Release Date: 04/06/2004
     
    Martin, Jun 5, 2004
    #5
  6. Plompetta

    Purl Gurl Guest

    Martin wrote:

    > Purl Gurl wrote:
    > > Chuck wrote:
    > > > Plompetta wrote:


    (snipped)

    > > Boy Howdy! I never knew of news.admin.net-abuse.email until
    > > they started spamming our email server with harassment and
    > > hate email.


    > Got any evidence this was spamming? Or was it legitimate complaints about
    > your illegal and imoral activities.
    >http://groups.google.com/groups?hl=...btnG=Search&meta=group=news.admin.net-abuse.*


    > > I wrote off that group as a classic AOL "I Hate Everything" chat-group
    > > populated by a bunch of frustrated wanna-be administrators.


    > hardly! But then again, spammers would hope that :)


    There is never a shortage of those who are quick to
    flaunt their ignorance. You don't have a clue and
    serve as an icon for functional illiterates.

    Have a neighborhood child assist you with your
    exceptionally poor reading comprehension skills.


    Purl Gurl
     
    Purl Gurl, Jun 5, 2004
    #6
  7. Plompetta

    Jason Guest

    * Purl Gurl <>:
    > Martin wrote:
    >
    >> Purl Gurl wrote:

    >
    > There is never a shortage of those who are quick to
    > flaunt their ignorance. You don't have a clue and
    > serve as an icon for functional illiterates.
    >
    > Have a neighborhood child assist you with your
    > exceptionally poor reading comprehension skills.
    >
    >
    > Purl Gurl


    tracker? Could be but no mention of those evil ferrets though.

    Jason
     
    Jason, Jun 5, 2004
    #7
  8. Plompetta

    Martin Guest

    "Purl Gurl" <> wrote in message
    news:...
    > Martin wrote:
    >
    > > Purl Gurl wrote:
    > > > Chuck wrote:
    > > > > Plompetta wrote:

    >
    > (snipped)
    >
    > > > Boy Howdy! I never knew of news.admin.net-abuse.email until
    > > > they started spamming our email server with harassment and
    > > > hate email.

    >
    > > Got any evidence this was spamming? Or was it legitimate complaints

    about
    > > your illegal and imoral activities.

    >
    >http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&q=Heaven.net&btnG=Search

    &meta=group%3Dnews.admin.net-abuse.*
    >
    > > > I wrote off that group as a classic AOL "I Hate Everything" chat-group
    > > > populated by a bunch of frustrated wanna-be administrators.

    >
    > > hardly! But then again, spammers would hope that :)

    >
    > There is never a shortage of those who are quick to
    > flaunt their ignorance. You don't have a clue and
    > serve as an icon for functional illiterates.
    >
    > Have a neighborhood child assist you with your
    > exceptionally poor reading comprehension skills.


    you obviously prefer this one then


    While gargling concrete on 17 Sep 2003, Purl Gurl <>
    wrote in news: right
    after begin :

    > We are not threatening you. We are telling upfront precisely
    > what will happen. We have very nice hotels here in our city.
    > Write and we will make suggestions for your stay to appear
    > in court. Win or lose, you have to appear, here in Riverside
    > or lose by default.


    PURLGIRL.NET is now blocked at SpamBlocked.com for making cart00ney
    threats and being owned and operated by a fucktard.or maybe


    From: Purl Gurl <>
    To: easynet.nl abuse handling dept. <>
    Date: Wed, 17 Sep 2003 17:39:21 -0700
    Subject: [Fwd: [EA ticket 09170927] Re: Dynablocker Mistake]


    Our home server well qualifies by your own set standards, partially
    quoted below my signature, to not be blacklisted.

    This is what will happen, and be assured we have sued other servers
    with success, but related to spam or unlawful pornography being sent
    to our email addresses. Your abuse of us, however, is no different;
    you have been notified of your mistakes yet continue to abuse our
    family. Doing so places you in a position of civil liability.

    You have been notified several times you have blacklisted our home
    webserver, without reason, without justification, without cause.
    Clearly, we have exemplified and proven you have caused our family
    harm, have caused us damage. You have been provided technical details.
    You have been provided with a Charter Communications internal contact.
    All which we have provided, can easily be independently verified by
    you.There is more of course.Going to sue me also for blocking your email
    servers?
    >
    >
    > Purl Gurl



    ---
    Outgoing mail is certified Virus Free. AVG
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.699 / Virus Database: 456 - Release Date: 04/06/2004
     
    Martin, Jun 5, 2004
    #8
  9. Plompetta

    Chuck Guest

    On Sat, 05 Jun 2004 14:57:50 GMT, Jason <> wrote:

    >* Purl Gurl <>:
    >> Martin wrote:
    >>
    >>> Purl Gurl wrote:

    >>
    >> There is never a shortage of those who are quick to
    >> flaunt their ignorance. You don't have a clue and
    >> serve as an icon for functional illiterates.
    >>
    >> Have a neighborhood child assist you with your
    >> exceptionally poor reading comprehension skills.
    >>
    >>
    >> Purl Gurl

    >
    >t******? Could be but no mention of those evil ferrets though.
    >
    >Jason


    Jason,

    Please don't speak the name of she-whose-name-must-not-be-spoken.

    Don't awaken the wannabe demon. Let it sleep, and die, in peace.

    Cheers,
    Chuck
    Paranoia comes from experience - and is not necessarily a bad thing.
     
    Chuck, Jun 5, 2004
    #9
  10. Plompetta

    Martin Guest

    "Jason" <> wrote in message
    news:Oblwc.30360$...
    > * Purl Gurl <>:
    > > Martin wrote:
    > >
    > >> Purl Gurl wrote:

    > >
    > > There is never a shortage of those who are quick to
    > > flaunt their ignorance. You don't have a clue and
    > > serve as an icon for functional illiterates.
    > >
    > > Have a neighborhood child assist you with your
    > > exceptionally poor reading comprehension skills.
    > >
    > >
    > > Purl Gurl

    >
    > tracker? Could be but no mention of those evil ferrets though.


    it's not is it? I hope not, I've never been sued before, and this kook
    claims to have already been to the law about people who block her or run
    block-lists with her domain listed. Of course she was lying

    I hope she tries :)
    >
    > Jason



    ---
    Outgoing mail is certified Virus Free. AVG
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.699 / Virus Database: 456 - Release Date: 04/06/2004
     
    Martin, Jun 5, 2004
    #10
  11. Plompetta

    Purl Gurl Guest

    Martin wrote:

    > Purl Gurl wrote:
    > > Martin wrote:
    > > > Purl Gurl wrote:
    > > > > Chuck wrote:
    > > > > > Plompetta wrote:


    (snipped)


    > you obviously prefer this one then



    "Feed idiots idiocy for instant inanity."

    - Kira

    Research, read and learn about "Socratic Irony" which
    is a lethal weapon within the mind of an intellect.


    Purl Gurl
     
    Purl Gurl, Jun 5, 2004
    #11
  12. Plompetta

    Martin Guest

    "Purl Gurl" <> wrote in message
    news:...
    > Martin wrote:
    >
    > > Purl Gurl wrote:
    > > > Martin wrote:
    > > > > Purl Gurl wrote:
    > > > > > Chuck wrote:
    > > > > > > Plompetta wrote:

    >
    > (snipped)
    >
    >
    > > you obviously prefer this one then

    >
    >
    > "Feed idiots idiocy for instant inanity."


    no recourse to law then.

    Glad to hear it

    "Purl Gurl" <> wrote in message
    news:...
    > Martin wrote:
    >
    > > Purl Gurl wrote:
    > > > Martin wrote:
    > > > > Purl Gurl wrote:
    > > > > > Chuck wrote:
    > > > > > > Plompetta wrote:

    >
    > (snipped)
    >
    >
    > > you obviously prefer this one then

    >
    >
    > "Feed idiots idiocy for instant inanity."


    no recourse to law then.

    Glad to hear it
     
    Martin, Jun 5, 2004
    #12
  13. "Plompetta" <> wrote in message
    news:c9qhap$e0m$...
    > Hi, I understand that some HTML-enabled e-mails can contain dangerous code
    > (I think it is things like HTA files, Active X and Javascript, etc).
    >
    > Does anyone know of a good resource where I can (as a newbie) learn more
    > about such things?


    (Blatant plug) http://www.codecutters.org/outlook/ for how to set this of
    for what you're using at the moment.

    There's also a guide on how to read email headers (this doesn't cover the
    various specific exploits that you mentioned - it's more background reading
    that should give you an idea of what to Google for..)

    HTH

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Jun 6, 2004
    #13
  14. Plompetta

    johns Guest


    > In Usenet, news.admin.net-abuse.email is where I always go for any email
    > exploits news. Warning - that is a very vocal group, and not always

    polite.

    I can understand why. There are some know-it-alls on this group
    who come on like they know something, and are just basically
    morons.

    johns
     
    johns, Jun 7, 2004
    #14
  15. Plompetta

    johns Guest


    > Does anyone know of a good resource where I can (as a newbie) learn more
    > about such things?


    FTC web pages give an orientation to Identity Theft.
    Then, you can take Security classes with different
    resources .. like Novell. I've been through several,
    and have a new one starting up June 14. Whatever
    you do, don't start taking advice from types who
    can look an obvious phish right in the face, and
    come on like some genius about how some unknow
    news reader could not have copied html .... blah,
    blah, bullshit. You need to pick your resources
    carefully. PC Online is covering Identity Theft pretty
    well these days. I steered them to the FTC pages,
    and they've picked it up and enhanced it a lot ..
    esp the recent Criminal trial in Texas. That guy got
    4 years in prison. Also, there are some small programs
    that try to catch these things. The Aussies have a free
    beta out, that will teach you techniques for spotting
    faked URLs. That is where I learned about pasting
    to Notepad. It works pretty well. Seriously, pick
    your resources better !!

    johns
     
    johns, Jun 7, 2004
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Martin Geers
    Replies:
    1
    Views:
    738
    Mueen Nawaz
    Jul 17, 2004
  2. Simon Telrenner
    Replies:
    2
    Views:
    489
    Ted Mittelstaedt
    Oct 16, 2003
  3. =?Windows-1252?Q?Frisbee=AE?=

    Re: PC use is dangerous

    =?Windows-1252?Q?Frisbee=AE?=, Jul 22, 2004, in forum: MCSE
    Replies:
    0
    Views:
    449
    =?Windows-1252?Q?Frisbee=AE?=
    Jul 22, 2004
  4. Neil
    Replies:
    0
    Views:
    408
  5. Mauricio Freitas
    Replies:
    5
    Views:
    566
    Bruce Sinclair
    Feb 10, 2004
Loading...

Share This Page