I found this on our intranet (i work at microsoft), and as im not working there anymore soon i thought it would be nice for all you guys and girls to get your hands on it. Ive put it on
- posted
19 years ago
I found this on our intranet (i work at microsoft), and as im not working there anymore soon i thought it would be nice for all you guys and girls to get your hands on it. Ive put it on
Let me see if I get this correctly ... you have stolen an internal file from Microsoft and you are distributing it in a usenet group. And you think anyone out here dumb enough to blindly open an archive file not knowing its contents.
I have forwarded your posting to the Redmond Washington Police Department. And hope they find you quickly.
People really believe this ???
Here at the University of Washington there have been demonstrations of archive files that autoexecute when opened (not even unpacked) which is more than enough to trigger an attack.
How serious is the problem? All .zip files are deleted by our mail server. I'll let you be the judge, knowing that, of how you feel about opening and archive that is self-identified as stolen from an internal web site (what does that say about the poster's integrity level) and for which the poster has done his or her best to not reveal what is actually contained.
Microsoft is now involved. If this person is truly inside the company they may well exit sooner than they planned ... and not through the front door. I've as much use for thieves as for spammers.
What's wrong with unpacking an archive file? I do that every time with software distributions. Most of the time they contain a README file, but even if they didn't, you are free to look through files, no?
If it says that the archive is *not* for everyone to read (like "this is MS property"), then maybe that's a sign you should stop.
But it does or should I say can. It is not that hard to do but I'm not going to advertise how as we seem to already have more than enough people doing malicious computing without creating more.
Get angry if you wish but don't expect to be faculty or student at the University of Washington.
Don't know ... don't care. I handed it off, with full headers, to the proper authorities and they were not amused.
Is it a virus or a Trojan Horse ? What does it do exactly ?
What's "opening" an archive file and how does it execute something?? An archive is a container format, and as such, passive data. Your can look at the contents, or extract the files within. If your look-at-archive program executes random stuff, it's horribly broken.
WHAT? I'd get quite furious if someone just deleted all zips in my email! Why not just delete all emails, then you can't get spam anymore!
I believe it's a virus inside, and no secret MS stuff. So even if there is, how can I be guilty for just *looking* inside? Isn't that the same as finding top-secret documents on the street and looking at them? I didn't sign no NDA. Of course if it's MS code, then distributing it would be illegal.
My eMac cannot run it, so I cannot tell you.
I open it with Emacs and it contains this :
AutoIt 3
I like the text - i work at microsoft ...
Bernard
With the spammer... or with you for wasting their time?
If you do this with every piece of spam you come across it indicates that you have a lot of free time on your hands.
By the way, for your information, the OP, although spamming, for which he should be quite rightly be condemned, was not distributing a file in a usenet group... just its location.
Axel
Hm.... How could this be a hotmail password request tool when it was made with AutoIt v3
P.S. With the large list of newsgroups you posted to (5), I don't see why you didn't post to alt.please.dosomething.bad.to.my.computer or alt.i.am.dumb. You might have more luck with them.
This is happening to several of my friends, especially in academia.
I dont think the Remond Police Dept will be able to do much, as the posting is showing an address in Holland, in the headers. 62.195.137.150 points to a computer at chello.nl, in Holland. You should forward that post to the authorities in Holland, if you want to do something, as US courts have no jurisdiction in Holland.
You'd be surprised. Our local law enforcement agencies, remember Microsoft is in Redmond, are quite good and have very good relations internationally including into the former Soviet Union.
I've no doubt they will pursue it based on other similar cases. Keep in mind this is not just about fact ... it is also about appearance. Microsoft does not even want a rumor flying around about something like this.
What is someone changed the file extension to something like ZPP? That would get it past the filters that delete ZIP files.
While you law enforcment may be very well in Redmond, Wash. they would be hard press to have ANY jurisdiction in Holland. If that was the case then have the cops in Redmond go get some terrorists. Also just because Microsoft is in Redmond does not give any weight to what the cops in Redmond can investigate. Microsoft would not even include the local cops in Redmond as this is an international issue, which would fall under a federal law enforcment agency.
How about YOU not flying rumors and speculation such as this around.
Before you spout things in a public forum at least have a CLUE of what you are even talking about.
It's very common, and a good method, to delete Zip files that are passworded or can't be opened and the contents scanned for malicious code by the email av or firewall software. We always delete unscannable zip file.
Charles Newman wrote
The Dutch won't give a shit.
You would think people *knew*, or at least, investigate, in those circles
Not necesarily. Decent content scanners determine what the file is not based on the extension, but the signature. Same for files included within a zip.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.