Results 1 to 10 of 10

Thread: NREL.gov sends me email, subject "stolen document"

  1. #1
    Junior Member
    Join Date
    Oct 2003
    Posts
    5

    NREL.gov sends me email, subject "stolen document"

    Thank you for clicking on this, here is my story.

    On April 1 2004 I got a weird email from MAILER-DAEMON@nrel.nrel.gov

    Apparently, according to the email I sent a email NREL from my email address, the subject title was stolen document.. before this email i had never even heard of NREL and after much suspicion towards the email i decided to do searches for the strange words that were in it. I found out that NREL is the National Renewable Energy Laboratories here is a copy of some of the email.. I know not much about any of this security stuff and was wondering if someone could help me..
    I did not think it was a virus because there was no attachment.
    Here is the email. Please tell me if I am giving out valuable information about my self, i have no idea what any of this means and don’t want to put my I.p or something and have someone destroy all my papers..

    --------Message not delivered to the following:

    inventions E-mail field not present in nameserver entry

    --------Error Detail (phquery V4.4):

    The message, "E-mail field not present in nameserver entry," is generated
    whenever the ph nameserver matched the supplied name or alias with an
    entry that lacked an email address field. In this case no delivery can
    be made. Recommended action is to contact the individual by alternate
    means via the information included below. If the individual already has
    an email address, s/he should edit their ph entry to include it. N.B.,
    postmaster will not have any information more current than this.

    alias: jim_damm
    name: Damm Jim


    --------Unsent Message below:

    Received: from nrel.gov (67-42-210-171.ptld.qwest.net [67.42.210.171])
    by nrel.nrel.gov (8.11.7p1+Sun/8.11.6) with ESMTP id i31NN6912268
    for <inventions@nrel.gov>; Thu, 1 Apr 2004 16:23:06 -0700 (MST)
    Message-Id: <200404012323.i31NN6912268@nrel.nrel.gov>
    From: k2izzy@hotmail.com
    To: inventions@nrel.gov
    Subject: Stolen document
    Date: Thu, 1 Apr 2004 14:50:11 -0800
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
    X-Priority: 3
    X-MSMail-Priority: Normal

    This is a multi-part message in MIME format.

    ------=_NextPart_000_0016----=_NextPart_000_0016
    Content-Type: text/plain;
    charset="Windows-1252"
    Content-Transfer-Encoding: 7bit

    I cannot believe that.

    +++ Attachment: No Virus found
    +++ Bitdefender AntiVirus - www.bitdefender.com


    ------=_NextPart_000_0016----=_NextPart_000_0016
    Content-Type: application/octet-stream;
    name="about_you_inventions.pif"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;
    filename="about_you_inventions.pif"


    THis part of the message was followed by many pages of a strange incription or something here is a sample of it.


    TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAYAAAAA4fug4AtAnNIbgBTM0hV2luZG93cyBQcm9ncmFtDQokUEUAAEwBAwAAAAAA
    AAAAAAAAAADgAA8BCwEAAAAEAAAAcgAAAAAAAAAgAQAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
    AAAAAAAABAAAAAAAAAAAMAEAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
    AAAAAAAAAAD0IAEAawAAAACwAABobQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdAAAAACgAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AADgAADAAAAAAHRhAAAAcAAAALAAAHRvAAAABAAAAAAAAAAAAAAAAAAA4AAAwAAAAABhAAAA
    ABAAAAAgAQAAAgAAAAIAAAAAAAAAAAAAAAAAAOAAAMAFBAYEAQDOIUAAAgAAQAAAAG4AAAAM
    AAAAAAAAAAAAAAAAAABAAABAAAAAAAAAAAC70AFAAL8AEEAAviwcQQBT6AoAAAAC0nUFihZG
    EtLD/LKApGoCW/8UJHP3M8n/FCRzGDPA/xQkcyGzAkGwEP8UJBLAc/l1P6rr3OhDAAAAK8t1
    EOg4AAAA6yis0eh0QRPJ6xyRSMHgCKzoIgAAAD0AfQAAcwqA/AVzBoP4f3cCQUGVi8WzAVaL
    9yvw86Re65YzyUH/VCQEE8n/VCQEcvTDX1sPtztPdAhPdBPB5wzrB4t7AleDwwRDQ+lR////
    X7soIUEAR4s3r1f/E5UzwK51/f4PdO/+D3UGR/83r+sJ/g8PhKLw/v9XVf9TBAkGrXXbi+zD
    HCEBAAAAAAAAAAAANCEBACghAQAAAAAAAAAAAAAAAAAAAAAAAAAAAEAhAQBOIQEAAAAAAEAh
    AQBOIQEAAAAAAEtFUk5FTDMyLmRsbAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwDr
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAEAAgAYAQCAKAAAgAMAAABAAACADgAAAGAAAIAAAAAAAAAAAAAAAAAAAAEA
    ZQAAAHgAAIAAAAAAAAAAAAAAAAAAAAIAAQAAAJAAAIACAAAAqAAAgAAAAAAAAAAAAAAAAAEA
    AAAmAQCAwAAAgAAAAAAAAAAAAAAAAAAAAQAHBAAA2AAAAAAAAAAAAAAAAAAAAAAAAQAHBAAA
    6AAAAAAAAAAAAAAAAAAAAAAAAQAHBAAA+AAAAAAAAAAAAAAAAAAAAAAAAQAHBAAACAEAADCx
    AAAAaAAAAAAAAAAAAABEGQEA6AIAAAAAAAAAAAAAMEAAACgBAAAAAAAAAAAAADAZAQAiAAAA
    AAAAAAAAAAAGAEIASQBOAEEAUgBZAAEAMAAAAAAAAABrfWaFlBWtHdaU3cSJ5jkxSa21WPCT
    lzJZK9HA/RaOTkibC/U7SahjXd4/321otIeaqs3c98FEgSkIG0C6ODBOmsur3t5wGFBqh50K
    ds6TPEgjC6CdNZN7rjIV8vVYEeYEudN7R75kOiMW8iMOucg+gAgTXuypw1pQ+ca7eliihvH+
    BKZOhikSH0oRAfDprm0Vh687q8QC/ZmshNoRyjjQjMemK1iKjEvkj8KBP4/d0gQrjoViQVpc


    After several pages of similar type "stuff" the email ends with


    ------=_NextPart_000_0016----=_NextPart_000_0016--



    --------End of Unsent Message

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    I did not think it was a virus because there was no attachment.
    Sounds more like a virus. Specifically NetSky.P. I does look like it was bounced or the "attachment" was put in as part of the email message itself rather than identifying it as an attachment.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Virus, check here:

    http://securityresponse.symantec.com...tsky.p@mm.html

    You didn't send it, your e-mail address has been spoofed.

    Cheers:

    /edit
    Dammit MsM, will you cut that out. From now on you are only allowed to type with one hand.
    DjM

  4. #4
    Junior Member
    Join Date
    Oct 2003
    Posts
    5
    I’m checking now, thank you for alerting me i will see if it is a virus soon. BLASTED virus.. I wish i wasn’t such a freak, i would get virus protection software but i don’t trust that either because I’m afraid one day it will act as some sort of controlling gateway and be able to accesses everything on my computer and I cant have my documents stolen!!

  5. #5
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Originally posted here by NXcng
    I’m checking now, thank you for alerting me i will see if it is a virus soon. BLASTED virus.. I wish i wasn’t such a freak, i would get virus protection software but i don’t trust that either because I’m afraid one day it will act as some sort of controlling gateway and be able to accesses everything on my computer and I cant have my documents stolen!!
    Excuse me!!! Your not running any antivirus products (and then I will assume no firewall) because you are worried of losing documents and private data through them?
    I certainly hope that you have all services turned off and all your ports locked down then. There are ways to secure your computer without using AV software and firewalls, but you don't sound like you have the knowledge and or capabilities to do so. If you wish to keep your data safe, I would suggest that you start using something, or contact catch and/or pooh sun tzu to explain to you how to secure your box without using such.
    Sitting with an open computer (no protection used) is like leaving your keys in the ignition and having a large sign on your car saying "Available for a joyride".
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Dude, you need to lighten up on the conspiracy theories. You will certainly suffer more harm w/o AV protection than the risk of your AV product suddenly acting as a gateway device.

    PS
    Most trojans carry a backdoor payload which essentially does this to your machine to begin with.



    -TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    NX: If you _absolutely_ can't have your documents stolen then you shouldn't even _ever_ have them on a computer that attaches to the internet.... period. Clearly this one is/does and viruses are the least of your problems.

    You have three choices really:-

    1. Buy another computer that you will use to connect to the internet and never connect the current one to it or the internet.
    2. Write the files to removable media, (Floppy, CD-RW, whatever), use a program that shreds the existing ones, never have the media in the computer when you connect to the internet and learn how to manage the risk.
    3. Find the strongest encryption program you can for your operating system and encrypt the files in place with a very long and complex password. It will take years to decrypt them.

    It's about managing the risk.... If your "documents" are porn and you are a well known public servant then actually the risk isn't that great. I'll still vote for you if you cut my taxes..... If you are a "spook" and have government crippling information there then you should probably be talking to your boss about a course in computer security.... See how it goes.... It's the risk that needs to be mitigated. Once the risk is understood there will be a cost associated. Once the cost, (it doesn't necesarily have to be in dollars and cents), is determined then the cost, (in dollars and cents), can be more accurately determined. You aren't going to spend a million dollars to make sure that your girlfriend doesn't find out about your porn collection..... But you might spend a million if you are an inventor developing a product that will make you 100 million..... See the point? In any case, the above three options are the basics......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    Junior Member
    Join Date
    Oct 2003
    Posts
    5
    Thank you all for the input it has helped me much.

    I ran the program and the virus was not found on my computer.
    I will delete this email and stop using dammed hotmail, could anyone recommend a good way to secure a computer without downloading something that would popup from a popup add, if not I’m just gona get a new computer and never connect it (good idea).

  9. #9
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Content-Type: application/octet-stream;
    name="about_you_inventions.pif"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;
    filename="about_you_inventions.pif"
    The above is the clue to the fact it contained a virus.. the virus was encrypted and contained with in the email itself, and uses a vulenreability in IE to execute.. when you preview or open the email.
    The total email size would have been about 25k..

    hope this helps and adds to the info given

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  10. #10
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by Und3ertak3r
    .. the virus was encrypted and contained with in the email itself, {..}
    The virus isn't encrypted. Base64 encoding is the same as uuencoded. It's just a way to get binary files transfered using a character based protocol (smtp).
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •