... darkrealms ...

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

INTERNET

The global pornography network

2,155 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 1,482 of 2,155

mark lewis to August Abolins

another one phishing for a bite

01 Apr 20 09:36:19

   TZUTC: -0400   
   MSGID: 56.fido-internet@1:3634/12 22e9cf0b   
   REPLY: 2:221/1.58@fidonet e2f1afe1   
   PID: Synchronet 3.17c-Linux  Mar 23 2020 GCC 7.5.0   
   TID: SBBSecho 3.10-Linux r3.152 Mar 23 2020 GCC 7.5.0   
   CHRS: ASCII 1   
   NOTE: FSEditor.js v1.103   
     Re: another one phishing for a bite   
     By: August Abolins to mark lewis on Tue Mar 31 2020 20:33:00   
      
      
    ml>> not really because now others of us cannot look up that   
    ml>> information and set blocks or filters in our IDS/IPS ;)   
      
    AA> Oh..  I see.  Good point.  But couldn't http://march262020.* work in a     
   filter?   
      
      
   that depends on the language used... IDS/IPS do not use DOS style... neither   
   does clamav, dspam, or similar content scanners...   
      
      
    AA> But, FYI, replace "####" with "club".   No point keeping it a   
    AA> secret if the goal is to help protect others.   
      
      
   thanks...   
      
      
    AA> BTW, although it is far easier to just drop the phishing   
    AA> email/attachment with the delete key, we can parse the file,   
    AA> extract the clear-text and share the http:// strings found   
    AA> therein.   
      
      
   or our content scanner can detect the byte sequences and pass or fail the   
   item...   
      
      
    AA> Obviously, the macro in the original .xls file relied on Excel   
    AA> functions to run a macro to fetch a bot from a website and launch   
    AA> the payload.   
      
      
   yep... this is why the setting to allow macros and/or executing startup macros   
   should be OFF these days...   
      
      
   )\/(ark   
   --- SBBSecho 3.10-Linux   
    * Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)   
   SEEN-BY: 1/120 123 18/0 90/1 103/705 116/116 123/0 25 50 150 170 755   
   SEEN-BY: 153/757 7715 154/10 30 40 700 203/0 221/0 6 226/30 227/114   
   SEEN-BY: 227/201 400 229/101 426 452 1014 240/5832 249/206 317 400   
   SEEN-BY: 261/38 280/464 5003 288/100 292/854 300/4 310/31 317/3 322/757   
   SEEN-BY: 342/200 396/45 423/120 712/848 770/1 2452/250 3634/0 12 15   
   SEEN-BY: 3634/27 50 119   
   PATH: 3634/12 154/10 280/464 229/426

[ << oldest | < older | list | newer > | newest >> ]