On Wed, 24 May 1995 16:32:48 PDT Melvin Klassen said:
>No thanks, I'm not interested. Cyberspam NNTP-software, indeed!
>
>* Filter=Also,*@RTD.COM
>
>----------Original message from Netnews: bit.listserv.cmspip-l----------
>Distribution: local
>Lines: 61
>X-Sender: 83060.4266394158 (Your Lifetime Health Planner)
>Approved: [log in to unmask]
>NNTP-Posting-Host: seagull.rtd.com
>News-Posting-Software: Cyberspam
>Message-ID: <[log in to unmask]>
>Newsgroups: bit.listserv.cmspip-l
>Date: Wed, 24 May 1995 05:12:31 GMT
>Sender: VM/SP CMS Pipelines Discussion List <[log in to unmask]>
>Comments: RFC822 error: <W> Incorrect or incomplete address field found and
> ignored.
>Comments: RFC822 error: <W> Incorrect or incomplete address field found and
> ignored.
>From: Netnews Server <[log in to unmask]>
>Organization: Your Lifetime Health Planner
>Subject: The Key To Organizing Your Health Records
>Comments: To: [log in to unmask],
> [log in to unmask], [log in to unmask]
>
> THE KEY TO ORGANIZING YOUR HEALTH RECORDS
> ... 59 lines mercifully deleted ...
Here's what is returned if you try to email trasoff or dsiegel:
======================================================================= 97
Return-Path: <[log in to unmask]>
Received: from CMUVM (NJE origin SMTP@CMUVM) by CMUVM.CSV.CMICH.EDU (LMail
V1.2a/1.8a) with BSMTP id 0488; Wed, 24 May 1995 20:37:17 -0400
Received: from seagull.rtd.com by CMUVM.CSV.CMICH.EDU (IBM VM SMTP V2R2)
with TCP; Wed, 24 May 95 20:37:15 EDT
Received: (from daemon@localhost) by seagull.rtd.com (8.6.12/8.6.9.1) id
RAA13500 for [log in to unmask]; Wed,
24 May 1995 17:38:39 -0700
Date: Wed, 24 May 1995 17:38:39 -0700
Message-Id: <[log in to unmask]>
From: [log in to unmask] (Mark Beeson)
Subject: NOTICE: Free Health Spam INFO
Organization: [ Neural InterNetworking ]
Apparently-To: [log in to unmask]
PLEASE NOTE: this article was posted to news.admin.net-abuse.misc.
Let me introduce myself. I'm Mark Beeson, the one who generated the cancel
messages for the Free Health Spam. You may reach me at [log in to unmask]
I am, more or less, news administrator for RTD Systems & Networking, Inc.,
a Tucson-Arizona based Internet Provider. All comments about this ordeal
should be directed to me.
Yes, I know the cancel messages were possibly broken, and I'm sorry, but
I'm sort of a newbie at auto-cancelling messages.
Anyways.. a little information..
FIRST: David Siegel is in no way related to Martha Siegel. So all the
"conspiracy theories" can be thrown out the window.
Okay, now for the real info:
- Last night at approximately 9PM MST I received e-mail from one of our
users complaining about a message in comp.infosystems.www.authoring.
I sighed and looked at the message.
- 9:15 PM -- This same user complains that the message is showing up
"everywhere in the rec.* hierarchy". At this point my heart rate begins
to go on a rollercoaster ride.
- 9:30 PM -- I am logged into the news machine (baygull.rtd.com) and
executing a find . -print | xargs grep baygull on each of the
major news hierarchies.
Results of that:
- comp.* was the worst hit, with 790 groups hit.
- rec.*, sci.*, soc.*, bit.*, biz.*, and misc.* each got about 150
groups hit.
- Unfortunately I was not able to target the alt.* groups because
the command you see above always terminated with a broken pipe.
(Probably because of the enormous amount of newsgroups one step
away from the top level). I am told, however, that someone is
working on auto-cancelling the alt.* messages.
- 10:00 PM -- I have hastily written up a perl script to generate
cancel messages and pipe them into inews. Yes, I know this perl script
had errors in it, and unfortunately it cancelled approximately 20
articles that did not appear at our site. For that, I'm sorry, but
again, I was rather rushed.
- 10:15 PM -- I do another grep on the sci.* hierarchy, and find that the
output is _larger_. Much to my horror, I realize what has happened and
quickly execute (as superuser) top, look and see who is doing what on
the system, and find user "trasoff" running a ".may" command, and
also a few instances of inews. I kill these in a heartbeat, and disable
the account.
- 3:00 AM -- The perl scripts finish up with the last of the comp.*
messages and I go home and fall asleep in a cold sweat, sensing
impending doom.
IMPORTANT INFO HERE:
- 9:00 AM -- I am awakened by the phone. Our office has called me,
and according to them, the user [log in to unmask] is part of a
company who contacted CyberSell (Lawrence Canter and Martha Siegel,
who we all know and love). I apparently caught this script in the
middle of rec.*. The veracity of whether CyberSell is actually
responsible for this or not is unknown (by me at this time).
- 10:00 AM -- I log in from home, to find 1400 messages in my inbox.
It's currently 11:08, and I'm sure I'll have more details for everyone
as I get them.
Speaking for RTD Systems & Networking, Inc.,
--Mark
--
Mark Beeson | Same Broken (MB178) President, Neural InterNetworking
"I've seen the enemy, and the enemy is me." -- Sister Machine Gun
URL: <a href="http://www.nin.com/">here</a>.
- If you have to ask, you'll never know. -
----------------------------------------------------------------
Elliott Parker Bitnet: 3ZLUFUR@CMUVM
List Owner, SEASIA-L and CARR-L Internet: [log in to unmask]
Department of Journalism Less certain possibilities:
Central Michigan University [log in to unmask]
Mt. Pleasant, MI 48859 USA CompuServe: 70701,520
Office tele: +1 517 774 3196 The WELL: [log in to unmask]
|
