[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[pct-l] A followup on those NaughtyRobot Messages (no trail-related content)

A month ago or so, I posted a message to the list flatly stating the
those "NaughtyRobot" messages were a crock.  I wanted to follow up since
this caused quite a bit of  concern, and rightfully so.   Here's some
info from CERT:

CERT(sm) Summary CS-97.01
February 26, 1997

The CERT Coordination Center periodically issues the CERT Summary to
draw attention to the types of attacks currently being reported to our
Incident Response Team. The summary includes pointers to sources of
information for dealing with the problems. We also list new or updated
files that are available for anonymous FTP from

Past CERT Summaries are available from

Recent Activity
- ---------------


3. Naughty Robot Email Messages

The CERT Coordination Center has received a number of reports describing

forged email messages with a subject of "security breached by
These messages appear to originate from the victim's own account and
claim to
have exploited a security hole in the victim's web server. The messages
claim to have collected a variety of information including the victim's
card numbers.

As far as the CERT Coordination Center is aware, there has been no
indication that the activities described in the message have actually
taken place on any machine. Other response teams have been
investigating these messages. The Computer Incident Advisory
Capability (CIAC) has additional information on their web site at:


For additional information concerning email spoofing and what you can
do, please see our document:


* From the Pacific Crest Trail Email List | For info http://www.hack.net/lists *