[thelist] blasterattacko at aol.com?

John.Brooking at sappi.com John.Brooking at sappi.com
Sun Mar 21 17:03:22 CST 2004


I just received an email sent from my contact form at [1] which consisted of
the following:

   >Date: Sun, 21 Mar 2004 05:41:25 +0000 (UT) 
   >From: blasterattacko at aol.com, "To:blasterattacko"@aol.com, 
   > "From:blasterattacko"@aol.com 
   >Subject: [Shoestring] blasterattacko at aol.com To: blasterattacko at aol.com
From: 
   > blasterattacko at aol.com Subject: (43B43741,subject)Esy 8N 2 . 
   >To: undisclosed-recipients: ; 
   >X-Mailer: MIME::Lite 2.117  (F2.6; T0.16; A1.44; B2.12; Q2.03) 
   >Delivered-to: johnbrook at pobox.com 
   >X-Virus-Scanned: Symantec AntiVirus Scan Engine 
   >Original-recipient: rfc822;jbrookin at maine.rr.com 
   >
   >
   >body
   >
   >
   >Additional input included:
   >   : "Send"
   >   maillist: ""
   >   location: "blasterattacko at aol.com
   >To: blasterattacko at aol.com
   >From: blasterattacko at aol.com
   >Subject: M(43B43741,location)n4G
   >
   >
   >GTRbfOA2f9hTTuPjekKnL6PtwCoCAoJ3lIJ
   >
   >
   >.
   >
   >
   >"
   >   lastfield: "lastvalue"

My site appears to be fine, as does my client machine and my host's site,
and the ISP's telephone technical support just said "a lot of weird stuff
happens, don't worry about it." Not that too I'm worried about this specific
attack, but I'm just wondering if it's an indication of some kind of
security hole in my contact form script. Or, more optimistically, an
indication that there was some attack which didn't work?

A Google search reveals only a few discussion-board type sites with a
similar problem, plus lots of information on the Blaster worm, but I'm not
sure how that would manifest itself in this way. Has anyone else experienced
this?

- John

[1] http://www.shoestringcms.com/support/contact.shtml

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This message may contain information which is private, privileged or
confidential and is intended solely for the use of the individual or entity
named in the message. If you are not the intended recipient of this message,
please notify the sender thereof and destroy / delete the message. Neither
the sender nor Sappi Limited (including its subsidiaries and associated
companies) shall incur any liability resulting directly or indirectly from
accessing any of the attached files which may contain a virus or the like. 


More information about the thelist mailing list