23
December 2003 Nationalantispamregistry.com Fraudulent Anti-spam web
site
10
December 2003 Chatmag releases our top ten chat topics list for 2003
10
December 2003 "Yahoo Matchmakers" bogus emails spreading the W32/Yaha.t@MM
Worm
1
December 2003 Opinion: Flawed "CAN SPAM" Bill
21
October 2003 Skoolchat. Safe Chatroom System for Children
18
October 2003 NY Times. Two Agencies to Fight Online Narcotics Sales
9
October 2003 Petition Created asking Yahoo! to Install Monitors in
Chat Rooms
3
October 2003 EarthStation 5 P2P application contains malicious code
2
October 2003 Strange Email Conceals Yaha Worm
24
Sept. 2003 MSNBC. Spam Block Lists Bombed into Oblivion
26
August 2003 Slashdot.org Osirusoft Blacklists the World-Fate of SPEWS
unclear
15
August 2003 Polish web site marketing "Message Blocker" by using celebrity
domain names
12
August 2003 Globalremoval.com, A Spam "do not email" registry, gets their
message out by, you guessed it, Spam!
8
August 2003 From MSNBC.com Who profits from spam? Surprise
7
August 2003 From CNN.com Are you a Web addict?
25
July 2003 Houston, TX. Men Indicted in "Nigerian Scam"
9
July 2003 Hotmail overwhelmed with Yaha Worm emails
9
June 2003 From the Detroit Free Press: "Laptop is a weapon in this war
of words.
24
May 2003 SPEWS linked to spammers.
18
May 2003 IRC/Unity Task Force Decodes and Disables Fizzer Worm
17
May 2003 DALnet Announces a Modification to their AUP
16
May 2003 Federal Trade Commission Tackles Internet Scammers
9
May 2003 Fizzer Worm Attacks IRC Networks-Removal Tool Link
8
May 2003 Spywarenuker, Do Not Download or Install
1
May 2003 Diana Griego Erwin: Fools rush in
to
brighten days of online friend DingBatAnnie
23
April 2003 New Internet Version of SARS.
17
March 2003 SPEWS No Longer Anonymous
13
Mar. 2003 "Bug Travel" IRC chatters deface web sites worldwide
12
Mar. 2003 DO NOT DOWNLOAD HOTBAR!!!
13
Jan 2003 Chatmag News. Dalnet Update
9
Jan. 2003 Chatmag News. Dalnet Disappears
7
Jan. 2003 DCC Send does not work with DSL
1
Jan. 2003 Chatmag News. New Yaha Worm Version being Distributed
23
December 2003 Chatmag News. Nationalantispamregistry.com Fraudulent
Anti-spam web site
With the passage
of the CAN-SPAM legislation in the U.S.A. it was only a matter of
time before fraudulent "do not spam" web sites appeared. The Nationalantispamregistry
site purports to be a database of "do not spam" email addresses.
Discussions on various Discussion Boards such as Webproworld
seem to refute the authenticity of the Nationalantispamregistry site.
Chatmag does not recommend users to use third party registration sites,
rather, keep informed of any future Official U.S. sponsored/affiliated
"do not spam" registry.
Please be advised
that these sites are not Official US Government sites, and should
be wary of any site that leads one to believe that by signing onto their
service, they are assured that they will see a decrease in spam.
10
December 2003 Chatmag News. "Yahoo Matchmakers" email sending the
W32/Yaha.t@MM Worm.
Chatmag has received
several emails from a company called GC Softwares Limited, which has an
attached W32/Yaha.t@MM Worm. You are advised NOT to open the attached
zip file marked "Setup.zip". Delete the email without opening any
attachment.
21
October 2003 Birmingham, UK – Before you subscribe to a chatroom
service for your child, can you be sure they are safe? Utilising
a unique security system, Skoolchat offers one of the safest chatroom systems
available.
No newcomers
to website design and software development, Colin Foster and Stuart Kelly
have over 20 years of experience in their respective fields.
According
to Colin, who has worked in programming for more than 13 years, “The question
we get asked most often is, ‘Why is Skoolchat so safe?’ Put simply,
we do not use digital passports or any other standard authentication process.
Digital passports have many security issues, the most serious of which,
is they can be copied. The chainguard security system operated by
skoolchat uses
a continuous chain of random passwords which are used to authenticate every
single transaction and not just when the user logs in. This ‘Ever
Changing List of Passwords’ has the interesting side effect of making the
connection software that is used uncopyable! Anyone attempting to
copy the software, in order to give to a friend or post on the Internet
for anyone to use, will be left with only one working copy, the others
will be useless.”
“We have
also made it extremely difficult for anyone using the system to give out
or request personal information without the moderators being notified.
This, together with the chainguard security system, makes skoolchat one
of the safest chatroom systems on the net today.”
For information:
http://www.skoolchat.com
18
October 2003 NY Times. By GARDINER
HARRIS
From the New York
Times:
"Two federal agencies, the Food and
Drug Administration and the Drug Enforcement Administration, have formed
a special task force to crack down on the growing tide of illicit sales
of narcotics on the Internet..."Like anyone else, I'm inundated with spam
for hydrocodone, Valium and Ambien," said Elizabeth Willis, chief of the
drug operation section of the D.E.A.'s office of diversion control."".
For the Full Story, Click
Here (free registration required).
9
October 2003 Petition Created asking Yahoo! to Install Monitors
in Chat Rooms.
From the Petition:
"We need to put
a stop to pediphiles, stalkers, booters, hackers, spam and scam merchants
once and for all from abusing Yahoo users. We understand that Yahoo Inc.
is in business to have advertising targeted at their users via Banners
and pop up ads. But the chat users don't need to put up with spammers,
booters and hacks etc. etc. on a daily basis.
We feel that Yahoo Inc. has a total lack of disregard for its users. And
something needs to be done about it. If Yahoo Inc. doesn't have the means
to motitor their chat rooms. Then the chats should be shut down until it
has the staff to monitor the chats. Yahoo Inc. Needs to own up to their
resposibility to provide a valuable service."
To Sign the Petition,
Click
Here.
3
October 2003 Lists.netsys.com EarthStation 5 P2P application contains
malicious code.
EarthStation 5
(aka ES5, aka ESV) (http://www.earthstation5.com and http://forums2.es5.com/)
is a P2P application first released about 6-12 months ago. The people behind
ES5 claim that ES5 is the most secure P2P software in the world. For the
Full Article, Click
Here. Also, discuss this story on Slashdot.org
2
October 2003 Strange Email Conceals Yaha Worm
Have you received
an email with the following text:
"Should we as
teenagers have to put up with emotional abuse or should we stand up for
ourselves as well as speak out and
protect our constitutional
rights In the United States Supreme Court law of the land we as a whole
even teenagers are granted
rights under
the constitution Certain rights gra"
This is a version
of the Yaha Worm. Delete the email without opening the attachment.
24
September 2003 MSNBC. Spam Blocklists Bombed into Oblivion
"Denial of service
attacks by “zombie armies” of compromised computers have put two more spam-blocking
lists out of business, adding to the body count in what one victim described
as an “all-out war” raging in cyberspace."
For the full
story on MSNBC, Click
Here.
26
August 2003 Slashdot.org Osirusoft Blacklists the World
Slashdot, the
"News for Nerds" web site, has published an article regarding Osirusoft,
provider of the SPEWS blocklist and open relay block lists, has ceased
operations. For the full story Click
Here.
The Inquirer is
also running a piece regarding Osirusoft and SPEWS, For their story, Click
Here.
Osirusoft was
one of the main sites providing the SPEWS blocklist, and with the demise
of Osirusoft, takes a large dent out of SPEWS. On the News Group
N.A.N.A.E there is growing dissention regarding the future of SPEWS.
The SPEWS.org site has been unavailable for some time, with a mirror site
on sorbs.net
It is doubtful
that SPEWS will survive. The owner of Sorbs.net by providing a mirror of
SPEWS, has most likely left himself vulnerable to litigation by a wide
variety of entities that had been part of SPEWS "collateral damage" tactics.
Also see: SPEWS
No Longer Anonymous
15
August 2003 Chatmag News. Polish web site using celebrity domain names
to sell "spamming ad blaster" software.
Chatmag has received
several emails pointing to web sites such as indiaarie.biz and gladysknight.info
selling Windows Messenger Service ad blaster software, and ad blaster blocking
software. A third site, known only by it's IP, 62.181.187.231, and connected
to the two celebrity domains, is selling a "do it yourself" web site kit.
All web sites point to a web server in Poland. Persons are advised not
to purchase any product offered by these bogus web sites. The sites do
not use encryption to pass credit card information, and should be regarded
as "Identity Theft" sites. The celebrities have been informed as to the
unlicensed use of their names.
12
August 2003 Chatmag News. "Do not email" site Globalremoval.com gets their
message out in spam emails.
One of the latest
enterprises on The Internet are privately operated "do not email" list
sites. The two largest are Remove.org and Globalremoval.com. Neither
site is connected to the "Do not call" list operated by the Federal Trade
Commission, but has taken their cue from the list, creating what the unsuspecting
public believe is a valid method to help stem the tide of spam emails.
Chatmag has received
an invitation to join Globalremoval.com's list, in a spam email from one
of their affiliates. An email to Globalremoval.com has gone unanswered.
People are advised that these sites are not Official US Government
sites, and should be wary of any site that leads one to believe that by
signing onto their service, they are assured that they will see a decrease
in spam.
Boston.com has
a more in depth article regarding Globalremoval.com,
Click
Here.
8
August 2003 MSNBC.com Who profits from spam? Surprise...
"There wouldn't
be spam if there wasn't money in spam. So to understand what primes the
spam economy, MSNBC.com answered a single unsolicited commercial e-mail."
For the full story, Click
Here.
7
August 2003 CNN.com Are you a Web addict?
GAINESVILLE,
Florida (AP) -- "To determine whether someone is spending an unhealthy
amount of time with their computers, two University of Florida psychiatrists
say doctors need to only remember the acronym MOUSE."
To read the full
story, Click
Here.
25
July 2003 Houston Chronicle. Houston residents indicted in Nigerian
e-mail scam For the full story, Click
Here.
9
July 2003 Chatmag News. A flood of emails infected with the Yaha
Worm has slowed the Hotmail email service. A large number of infected
emails are coming from NTL World, an ISP in The Netherlands. Chatmag
advises individuals to install and run a good anti virus program. The Yaha
Worm email is approximately 40Kb in size, and is also known as the "Friends
Screensaver".
9
June 2003 The Detroit Free Press. "Laptop is a weapon in this war of words".
The Free Press ran this article on 17 March 2003, and we feel it would
be of interest to our viewers.
"BY JEFF SEIDEL
FREE PRESS STAFF
WRITER
DOHA, Qatar --
Lt. Joshua Rushing sits at a laptop, fighting a cyberwar. For four hours
every night, Rushing surfs the Internet, trying to find chat rooms where
people debate whether the United States should go to war against Iraq."
For the complete
story, Click
Here.
This is one of
dozens of stories, and we encourage our viewers to purchase the book, "Portraits
of War". More information can be found on their web
site.
24
May 2003 Chatmag News. SPEWS linked to spammers.
Note: 24 January
2004 SPEWS is currently hosted by Supernews, a division of Critical
Path.
SPEWS, the shadowy
anti spam organization (see Editors Opinion: Is Terry
Gilsenan administrator of SPEWS) has been linked to spammers.
The site Baycity.com lists spam they
had received from a porn site hosted by Maxim.net, the same hosting service
as SPEWS.
The premise of
SPEWS is that anyone using a web host that condones or host spammers is
as guilty of spamming by association. SPEWS publishes a black list
of Internet IP's accused of spamming, or hosting spammers. At present,
Burst.net
has the better part of it's network blacklisted by SPEWS, though the original
problem was with a few individual domains, and not the vast majority of
Burst hosted domains.
From the baycity.com
site:
Email looks like:
From: kacey3q@baycity.com Subject: OMG!! I cant believe i found your email!!
Below is the
result of your
feedback form. It was submitted by kacey3q@baycity.com Hey its sarah, and
i just got my new webcam put
in my living
room - check it out http://rd.yahoo.com/?http://amateurz1.nip.net the reason
you got this email is because you
were on an opt-in
mailing list. to get off this list email response905@hotmail.com
Tracing route
to amateurz1.nip.net [216.65.41.144] over a maximum of 30 hops:
7 50 ms 40 ms
30 ms paix.maxim.net [198.32.176.45]
8 60 ms 50 ms
60 ms vlan5.paix-1.hostcentric.com [216.65.0.5]
9 30 ms 50 ms
40 ms GE6-0.FMT-2.hostcentric.com [66.40.24.109]
10 40 ms 30 ms
40 ms VLAN3.FMT6509-1.hostcentric.com [66.40.24.106]
11 30 ms 50 ms
40 ms 206.171.15.169
12 60 ms 60 ms
50 ms nnw.net [216.65.41.144]
Maxim Computer
Systems
42712 Lawrence
Place Fremont CA 94538
Phone: +1-800-640-4629
Email: abuse@maxim.net, abuse@hostcentric.com , and uce@ftc.gov
SPEWS Tracert:
Tracing route to www.spews.org [216.65.63.103]
over a maximum of 30 hops:
17
98 ms 98 ms 99 ms pos5-0.mpr1.pao1.us.mfnx.net
[208.184.233.142]
18
103 ms 103 ms 102 ms giga-abovenet.hostcentric.com
[64.124.50.164]
19
102 ms 103 ms 101 ms GE6-0.FMT-2.hostcentric.com
[66.40.24.109]
20
103 ms 103 ms 104 ms VLAN3.FMT6509-1.hostcentric.com
[66.40.24.106]
21
103 ms 103 ms 104 ms www.spews.org [216.65.63.103]
(Note 28 August
2003: For the latest SPEWS discussions on Slashdot.org, Click Here
and Here.
Also see Somethingawful.com
for more SPEWS information.
18
May 2003 IRC/Unity.
IRC/Unity Task
Force Decodes and Disables Fizzer Worm
FOR IMMEDIATE
RELEASE -- 18th May 2003
IRC/Unity
Glasgow, Scotland
The Fizzer Task
Force, part of the IRC Unity project, is pleased to announce a breakthrough
regarding the notorious Fizzer worm. A member of the Task Force has successfully
decompiled the worm to reveal the command list and how to gain access to
the commands.
The worm itself
contains a variety of commands for replicating itself
over AOL Instant
Messenger and through email, amongst other methods. An "uninstall" command
that instructs the worm to remove itself is built-in, as is a command to
pop up a message on an infected user's screen.
Members of the
Fizzer Task Force have confirmed that these commands do seem to remove
the worm. IRC operators from many different networks are currently taking
advantage of these built-in commands to alert users that they are infected,
and then removing the worm.
The Fizzer Task
Force highly recommends that all Internet users run an anti virus program
to remove any traces that the worm may leave behind, as the uninstall mechanism
in a virus is not to be trusted. If you have been infected, it is also
very important that you change your passwords, as Fizzer contains a key-logging
aspect which could have transmitted everything you have typed since infection
to a remote site.
It is important
to note that without the unprecedented intra-network
cooperation that
this worm has triggered, it would have been impossible to have made so
much progress in so little time; the Fizzer Task Force has been operational
for under a week and has already discovered how to remotely remove this
worm.
Our thanks go
to all networks who have contributed to this project, and we hope they
will continue to contribute to the irc/unity project, to help stamp out
any future threats.
This press release
and contact details are available at
http://www.irc-unity.org/
Regards,
John McGarrigle
Irc/Unity Chairman
+44 (0)141 580
9876
press@irc-unity.org
17
May 2003 Chatmag News. DALnet Announces
a Modification to their Acceptable Use Policy
A modification
to DALnet's Acceptable Use Policy has been voted through by the administration,
the following change will take effect on the 11th of May 2003.
Harassment, as
mentioned above, shall include, but is not limited to, the following:
Repeated unwanted
communication to a user beyond that user's reasonably expected ability
to deal with the situation (e.g. /ignore & /silence).
The use of network
resources to publicly (viewable from outside a channel; e.g. in a /topic)
antagonize, defame, or demean any person.
Transmitting,
without consent, a person's private/privileged identification and/or financial
information. Examples being: Real Name, Phone Number, Address, Social Security
Number, Bank Accounts Numbers, Credit Card Numbers, etc ...
[Note: Channels
structured to facilitate harassment as detailed above are subject to closure.]
16
May 2003 Chatmag News. Federal Trade Commission "Posse" Tackles Internet
Scammers.
In the latest
in a series of law enforcement initiatives targeting Internet fraud, the
Federal Trade Commission, Securities and Exchange Commission, United States
Postal Inspection Service, three United States Attorneys, four state attorneys
general, and two state regulatory agencies today announced they have filed
45 criminal and civil law enforcement actions against Internet scammers
and deceptive spammers. Please see the Federal Trade Commission Web
Site for full story.
9
May 2003 Chatmag News. Fizzer Worm Attacks IRC Networks.
A new Worm, first
reported by Sophos, and distributed via KaZaa, is attacking over 314 IRC
Networks. A number of networks have formed the "Fizzer
Task Force". Chatmag recommends users delete KaZaa, a file sharing
program plagued by Worm and virus distributors.
A removal
tool is being provided by Symantec. For more information, please see
Symantec
or Sophos.
IRC Network Server
Administrators wishing more information, click on the links for The
Fizzer
Task Force and
IRC-Unity
.
8
May 2003 Spywarenuker Information
Spywarenuker proports
to be a removal tool for spy ware, but is itself a harmful program.
We downloaded and installed the program, and our computer locked up, would
keep disconnecting Yahoo! Messenger, and added a hidden Registry entry.
It also is delete protected, and is difficult to remove. We DO NOT endorse
Spywarenuker, and advise anyone that has installed it to delete the program
and the Registry entry.
1 May 2003 Sacramento
Bee. Diana Griego Erwin:
Fools rush in to brighten days of online friend DingBatAnnie.
She goes by "Annie," although her legal
name is La Vona Lynne Schamber. Online, she is known and adored as DingBatAnnie.
This is not a put-down.
Annie, 39, who lives in Stockton, has
become the global darling of the Pet Lovers Forum at the The Motley Fool
on the Web (www.fool.com) in part because
of her humor, compassion, eloquence and courage. Oh, yes. She's also dying.
For the full story, Click
Here. (Story courtesy of The Sacramento Bee, all rights reserved)
23
April 2003
Sophos
Anti Virus Announces W32/Coronex-A Worm
This one can
be placed in the "copycat" category. Sophos
Anti Virus announced a new worm, W32/Coronex-A, which is the online
version of SARS. For more information, and removal instructions, please
see Sophos
Anti Virus.
13
Mar. 2003
The past month,
a group of IRC (Internet Relay Chat) users operating from Brazil have been
exploiting a fault in web servers, deleting web sites and replacing pages
with a warning from their group that the
server has been
compromised. The group, calling themselves "Bug Travel" are using
an exploit in usr/local/cpanel/cgi-sys/guestbook.cgi
found in servers
utilizing CPanel, a popular web site administration program used on most
Unix/Linux servers, to gain access as the root user. CPanel is aware of
this exploit, and states that it affects CPanel 5, advising clients to
upgrade to CPanel 6.
The group, "Bug
Travel" operates from a chat room hosted by Brasnet.org, a Brazilian web
hosting and IRC chat network. Once "Bug Travel" gains access to a
server, they replace the existing web pages with a warning page that the
server has been compromised, and provide an email address to receive help
to remedy the defacement.
Securityfocus.com
had issued an advisory on this exploit, on 16 Feb
2003, at:
http://www.securityfocus.com/archive/1/312298/2003-02-16/2003-02-22/0
A Google search
for "bug travel" will show results for a dozen or
more sites affected
by the actions of this group. Current Google results show sites in Australia,
Brazil, Cyprus, Taiwan, and The United States that have been defaced. The
Provincetown Banner, Provincetown Ma. reported on January 23, 2003 that
over 100 web sites operated by Provincetown Design Group had been defaced,
at a loss of over $20,000.00 in repair costs.
Link to Provincetown
Banner article:
http://www.provincetownbanner.com/news/1/23/2003
12
Mar. 2003 HOTBAR is no friend!
Hotbar, from hotbar.com,
is one of the worst spyware programs we have found. We'll be adding review
information regarding it shortly, in the meantime, please see all the reviews
on ZDNet.
Do not download HOTBAR! If you have downloaded Hotbar, and want to send
the inventor an email, click here,
if you are still able to use your computer without reformatting the hard
drive.
13
Jan. 2003 Dalnet Web Site Operational
The Dalnet
web site is now up and running, however, we have not been able to log into
their IRC Network. Please see IRCNEWS.COM
for more complete information regarding Dalnet. Also see the latest
information from Dalnet regarding the attacks and how to report abusers.
What you can do
to help.
We advise running
Swatit,
a free program from Lock Down,
to find and remove many Trojans, Worms, Bots and other Hacker programs.
9
Jan. 2003 Chatmag News. Dalnet, one of the largest IRC networks,
disappears.
Dalnet, plagued
by DDoS attacks, has failed to respond to repeated attempts to connect
to their IRC network. The Dalnet web site has also gone dark, no
longer accesible either by web browser or tracert. More information
regarding the status of Dalnet will be forthcoming. According to IRCNews.com,
users of the once popular network are seeking other IRC networks, moving
their chat rooms to Undernet and others.
7
Jan. 2003 DCC Send does not work with DSL
ATTENTION DSL
USERS. You may experience difficulty when attempting to DCC Send, in that
case, go to File>Options>Connect>Local Info in your mIRC, and change the
"Lookup Method" to Server. You may also need to change the "On connect,
always get" to Local Host. Try the Lookup Method first before changing
any other settings.
1
Jan. 2003 Chatmag News. New Yaha Worm Version being Distributed
A new version
of the Yaha Worm is being distributed. The worm is sent as an attachment
to an email, with one of the following messages in the text body of the
email.
This E-Mail is
never sent unsolicited. If you receive this
E-Mail then it is because you have subscribed to the official
newsletter at the KOF ONLINE website.
King Of Fighters is one of the greatest action game ever made.
Now after the mind boggling sucess of KOF 2001 SNK proudly
presents to you KOF 2002 with 4 new charecters.
Even though we need no publicity for our product but this
time we have decided to give away a fully functional trial
version of KOF 2002. So check out the attached trial version
of KOF 2002 and register at our official website to get a free
copy of KOF2002 original version
Best Regards,
Admin,KOF ONLINE..
Version 2.
Hello,
The attached product is send as a part of our official campaign
for the popularity of our product.
You have been chosen to try a free fully functional sample of our
product.If you are satified then you can send it to your friends.
All you have to do is to install the software and register an account
with us using the links provided in the software. Then send this software
to your friends using your account ID and for each person who registers
with us through your account, we will pay you $1.5.Once your account reaches
the limit of $50, your payment will be send to your registration address
by check or draft.
Please note that the registration process is completely free which means
by participating in this program you will only gain without loosing anything.
Best Regards,
Admin,
-----
Do not open any
attachment, just delete the email.
Peter J. Carr
Editor
