Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Purdy (2383)

Purdy
  jasonNO@SPAMpurdy.info
http://purdy.info/
AOL IM: EmeraldWarp (Add Buddy, Send Message)
Yahoo! ID: jpurdy2 (Add User, Send Message)

Bleh - not feeling creative right now. You can check me out on PerlMonks [perlmonks.org].

Journal of Purdy (2383)

Tuesday September 14, 2004
04:17 PM

5iantlavalamp.com ?

[ #20877 ]

I have this rule in my postfix configuration to block out .com attachments:

/name=[^>]*\.(ade|adp|asd|bas|bat|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|inf|in
s|isp|lnk|js|jse|lnk|ocx|mde|mdt|mdw|msc|msi|msp|mst|nws|ops|pcd|pi|pif|prf|reg|
scf|scr|sct|shb|shm|shs|swf|uue|vb|vbe|vbs|vbx|vxd|wab|wsc|wsf|wsh)/ REJECT Potentially dangerous file attachment. Please do not include any executable attachments in your email.

So what's interesting is that some people are complaining b/c they're sending us e-mail and the server is rejecting it:

Sep 14 14:13:00 mail postfix/cleanup[24893]: D6354198047: reject: body name=3D"place" downloadurl=3D"(Link: http://www.5iantlavalamp.com/)http://www.5iantlavalamp.com/"/>; from=<someemail@domain.com> to=<someemail@domain.com>: Potentially dangerous file attachment. Please do not include any executable attachments in your email.

It kinda stuck out at me b/c this was the 2nd time I saw that 5iantlavalamp.com domain, so it piqued my interest. A WHOIS reported it was owned by Microsoft! I go to the Web site and it redirects me to some Office site. So I'm guessing that some new version of Outlook has that stuff embedded in the e-mail message and other Outlooks know about it and will do something (spiffy ;)) w/ that. I'm sure there's no security vulnerabilities, there. ;)

I could refine that rule a bit (not sure how at the moment), but I'll wait & see if it becomes a big problem.

Peace,

Jason

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • You may find the google cache [216.239.57.104] of the page interesting.

    So I'm guessing that some new version of Outlook has that stuff embedded in the e-mail message and other Outlooks know about it and will do something (spiffy ;)) w/ that.

    Q:  What measures did you do to research how it was being created?
    A:  My company started blocking this particular domain because it looked like another Spam referenced domain name.  We had no idea that it was being imbedded within our own outgoing emails until we start