PDA

View Full Version : Am I being hacked?

iamaposer
10-23-02, 12:06 PM
I keep getting emails to my webite email address that say


L2uɍy>u;:IuM;
:Iu%:IMB_^[á:I
:IVW3;u0DPP5:IW5KIL@;ta:I:I :I
:IhAj5KI4@;ljFt*jh hWP@;ljF uvW5KI@3N>~:IF_^UQMSVWqA3ۅ|Cj? iZ0DE@@Jujy hhWP@u铍p;w<GH@HǀH;vNjE O j_HAJ HAdDĊFCENCu x!P_^[á:Itt$ЅYtjX3USVu 3;t9]t:uE;tf3^[]9<9IuM;tffjX
*ADAtM,A~*9E|/39]QuPVj 5L9Ix@,Au9Er8^uT9I*39]PujVj 5L9Ix@y̋D$L$ ȋL$ u D$S؋D$d$؋D$[̀@s sË333Vt$F Ĩ@t
F f F u VYFvvv FtltgV ‚u4NWt< KI<,AO_ႀu V ~uN t uFHFA^ F f^S\$VtAt$F ut2u.~uVY;Fu ~u@F @t8t@^[F F$ F %jjt$  D$L$ aMIu|$tE*A#D$3ujXS39:IVWuBh @@;tg58@h@Wօ:ItPh@Wh@W:I ֣:I:ItЋ؅t:ItSЋt$t$t$S :I_^[3L$3҉
X9I00A;t B=1A|r$wT9I
Ë40AT9IÁrT9Iv
T9IËL$V;
LIWsU< KI@t78t2=)Au3+tItIuPjPj PjH@ 03%X9IT9I _^ËD$; LIsȃ KIDtÃ%X9IT9I SVt$ Wt$w
uj^3w*; 0Aw
SYu+Vj5KI@u"=:ItVYtSjWA _^[3VWj3^95KI~D:It/@ t
P=YtG|:I4:IY$F;5KI|_^V t$u VY^V#Yt^F
@tv2Y^3^SVt$ 3WF ȃu7ft1F>+~&WPv ;uF t$F N Ff_^[jYSVW33395KI~M:It8H t0|$uP.YtC|$utPYu F;5KI||$t_^[j&YU SVuW;5 LIƃ KI KIƊPe} }tgubHt@<
tMOED0
EjPuQ40p@u:@jY;uT9I
X9I>mu35P5Y&UUL0D0t ?
u $E ME;MˋE<<
t GEI9MsE@8
uE^
GEsEjPEEjP40p@u
@uG}tAD0HtE<
t
GD1);} u }
u
jju }
t
GM9MGt0@u +} }E%X9IT9I _^[Vt$WF @t:t4VV9v~ }Ft P|fYǃf _^ËD$; LIs=ȋ KIDt%PbYPD@u@3tX9IT9I SUVW|$;= LINj KID0tiWYt<tujjY;YtWYP$@u
@3W:Yd0t UY3%X9IT9I _^][Vt$F ttvLff 3YFF^%@%@%@%\@UQ<9IS3;É]u!E8t
a|
z
B8ugVWjSSSjuVP ;t8W;YEt*jSWPjuV5<9I t
uuYYuEY_^[UWVSM u} 49IxuCAZ I&
t!
tFG8r8w8r8w8u Iu38tKrD@33ۋ t# tFGQPSܱ ұY;u Iu3;t rً[^_UWVSu }49Ixu;
t.F'G8t,A<ɀ A,A<ɀ A8t43ۋ
t'FG8tPS=؃38t[^_UQ<9IS3;É]u!E8t
A|
Z
B8ugVWjSSSjuVP ;t8W ;YEt*jSWPjuV5<9Iܿ t
uu_YYuEY_^[Öܨݞ݊ݰdPz:n^܄>0L" @R^j
4ڜڲھ~ڎ.@Vjۂےۢ۰٤ ٴvpؐؒل>`P. ضخ~جޜ߼߰ߢߔ߆xhFZlzކސ V߼
$<.
4t os  
 /@C@@@ŋ@ɋ@EEE50P (8PX700WP `h````ppxxxx(null)(null)runtime error
TLOSS error
SING error
DOMAIN error
R6028
- unable to initialize heap
R6027
- not enough space for lowio initialization
R6026
- not enough space for stdio initialization
R6025
- pure virtual function call
R6024
- not enough space for _onexit/atexit table
R6019
- unable to open console device
R6018
- unexpected heap error
R6017
- unexpected multithread lock error
R6016
- not enough space for thread data

abnormal program termination
R6009
- not enough space for environment
R6008
- not enough space for arguments
R6002
- floating point not loaded
Microsoft Visual C++ Runtime Library

Runtime Error!

Program: ...a@e@GetLastActivePopupGetActiveWindowMess ageBoxAuser32.dlldЄD4>ްіܨݞ݊ݰdPz:n^܄>0L" @R^j
4ڜڲھ~ڎ.@Vjۂےۢ۰٤ ٴvpؐؒل>`P. ضخ~جޜ߼߰ߢߔ߆xhFZlzކސ V߼
$<.
4t osFreeLibrary>GetProcAddressLoadLibraryACloseHandleSleep TerminateProcessReadProcessMemoryOpenProcess Module32FirstLCreateToolhelp32Snapshot$GetModuleF ileNameAProcess32NextProcess32FirstMapViewOf File5CreateFileMappingAGetFileSize4CreateFileA UnmapViewOfFileGetLocalTimeGetLastErrorLocal FreeLocalAllocGetCurrentProcessIdWideCharToMu ltiByteMultiByteToWideCharGetComputerNameA(Copy FileAIsDBCSLeadByteWriteFileReadFilecGetTem pFileNameAeGetTempPathAWDeleteFileAhSetFileAttri butesAFindCloseFindNextFileAFindFirstFileAaSet EndOfFilejSetFilePointerGetFileTimelSetFileTim emGetTickCountDCreateProcessAYGetSystemDirectory AGetCurrentProcessSystemTimeToFileTime]GetSystemTimeuGetVersionExAtGetVersionWaitFor SingleObjectGetCommandLineAExpandEnvironmentStri ngsAGetDriveTypeAJCreateThreadKERNEL32.dll[RegCloseKeyfRegEnumKeyAqRegOpenKeyAdRegDeleteV alueAjRegEnumValueA4CloseServiceHandleLCreateServ iceAEOpenSCManagerAStartServiceCtrlDispatcherA SetServiceStatusGOpenServiceARegisterServiceCt rlHandlerAFreeSidEqualSidAllocateAndInitializeS idGetTokenInformationBOpenProcessToken\RegConne ctRegistryAStartServiceA{RegQueryValueExARegS etValueExA^RegCreateKeyAAdjustTokenPrivilegesLo okupPrivilegeValueAADVAPI32.dllWS2_32.dllWNetClos eEnumWNetEnumResourceA@WNetOpenEnumAMPR.dll&GetModuleHandleAPGetStartupInfoA}ExitProcessGet CPInfoGetACP1GetOEMCPLCMapStringALCMapString WHeapFreeHeapAlloc_UnhandledExceptionFilterF reeEnvironmentStringsAFreeEnvironmentStringsWGe tEnvironmentStringsGetEnvironmentStringsWmSetHa ndleCountRGetStdHandleGetFileTypeHeapDestroy HeapCreateVirtualFree/RtlUnwindSGetStringTypeAVGetStringTypeWVirtua lAllocHeapReAlloc|SetStdHandleFlushFileBuffers [@o@@3
A@ ,--\QUIT

.
DATA
HELO %s


and a lot more stuff. I was just wondering what was going on....

I have gotten two emails like that...
Ddr
10-23-02, 12:15 PM
That doesn't look any of the emails I get telling Me I can regrow my hair. Do you have a secret decoder ring to read all that?

Maybe TeamAntivirus will swing through and recognize what that is.

Good luck

Dale
kim
10-23-02, 12:33 PM
we have been getting a lot of trojan/ hack attack warnings from our Antivirus software - when we trace it - it's always from Korea - we have also gotten some emails resembling yours- deleted them due to warnings also generated from antivirus software.

I won't hold out hope of descrambling them - just delete them and move on.

Peace
NMS
10-23-02, 12:37 PM
I totally agree with Kim. Never think twice before deleting spam...it may be enough for the virus to walk over your system :)

No you are not being hacked.
teamantivir
10-23-02, 01:25 PM
Ddr, thanks for the vote of confidence.

Looks like two possibilities to me, the first being an Asian Language message, I often get emails in Chinese Big five, and have to adjust the coding. After I do that, my wife can read it, and usually says someone wants to sell me something. In our house it's nice, I read Korean, she reads Chinese, so we're only missing <yea right> the Japanese SPAM.

The other, and more troubleing is a possible buffer overflow attack. There have been a lot of these lately and most applications that are vulnerable to that type attack have patches out, so make sure to have all the security patches for your system and applications in place. The information you posted almost looks like they're going after a PHP buffer, which if memory serves correct PowWeb just patched/ upgraded.

In all cases, the best course of action is just delete them, of course you can always send it to your favorite AV Vendor/ Researcher for analysis.
iamaposer
10-26-02, 12:03 PM
Thanks for the information guys. So, I have to just keep deleting them when I get them? They keep sending them to me from my personal email address, and some from a MAILER-DAEMON or however you spell that. So I have nothing to worry about though?
SLSTEK
10-26-02, 02:17 PM
If running something like Outlook or most others, just set up a "Rule" to autodelete selected email based on filter settings as needed also. I would disable Preview Panel also...
iamaposer
10-26-02, 05:58 PM
I check my mail on the net. Through my "http://mail.mydomainname.com"
thing...