[olug] luser trickery

[Andrew]

 From a shell prompt you can do a:
wget http://olug.org/~roberson/windoze/stupid_trick1.php
And then look at the source.  I did this and found that it doesn't 
appear to do anything other than attack an Internet Explorer iFrame 
vulnerability.
The page just says "No Privacy Protection Software Found" and provides a 
link to a webpage that will supposedly fix your problem.  The page is 
called download.html and you can view it's source by doing a:
wget http://olug.org/~roberson/windoze/stupid_trick1.php
And then look at the source.

The big grand exploit contained in the download.html?  
"Some Stupid exploit"
It contains that text string and nothing more.  It COULD have been a 
mime encoded nastygram, but it's just a harmless text string.

To further aleviate your fear of exploit consider John Warren's Post 
from May 15:

On Wednesday 15 May 2002 23:08, Jonathan Warren wrote:

>I just had to try it.  I got some stupid exploit on my box now.  :)
>
Some Stupid Exploit is now on his box.  Nothing to see here.  No harm no 
foul.  Hope this cleared something up for you.

Andrew


Mark Martin wrote:

>Okay, Brian.  For those of us who were naive enough to trust you and followed 
>your link believing that you wouldn't risk damaging our systems and were 
>providing a link to a description of an exploit that we should avoid rather 
>than enticing us into compromising our systems with a cryptic "warning", 
>would you please explain what the (insert favorite expletive here) you have 
>done to our systems?  Galeon showed an almost completely blank page but I 
>found an uninvited server listening on the doom port (666) thereafter, which 
>I am guessing came from your exploit.  Do those of us who trusted you have to 
>waste more of our lives cleaning up after your joke?  Maybe the first 
>security lesson to learn from your message is not to trust you.
>
>Also, I'm guessing that "luser" is really "loser".  Ha, Ha.  I'm a loser.  
>Now, can you please tell us slower students what you did so we can stop 
>wasting our time and stop worrying about what nefarious code is covertly 
>running on our boxes?
>
>Mark
>
>On Friday 17 May 2002 07:00, Mark Martin wrote:
>  
>
>>Dear Brian,
>>
>>Does this URL point to a description of the exploit or an implementation of
>>the exploit?
>>
>>Mark
>>
>>On Wednesday 15 May 2002 23:08, Jonathan Warren wrote:
>>    
>>
>>>I just had to try it.  I got some stupid exploit on my box now.  :)
>>>
>>>On Wed, May 15, 2002 at 10:16:58PM -0500, Brian Roberson wrote:
>>>      
>>>
>>>>Sadly enough... people fall for this.. ( dont try it unless you are
>>>>running windoze )
>>>>
>>>>
>>>>http://olug.org/~roberson/windoze/stupid_trick1.php
>>>>        
>>>>
>
>-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
>
>For help contact olug-help at olug.org - run by ezmlm
>to unsubscribe, send mail to olug-unsubscribe at olug.org
>or `mail olug-unsubscribe at olug.org < /dev/null`
>(c)1998-2002 OLUG http://www.olug.org
>
>-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
>  
>




-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

For help contact olug-help at olug.org - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at olug.org
or `mail olug-unsubscribe at olug.org < /dev/null`
(c)1998-2002 OLUG http://www.olug.org

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_