This is a multi-part message in MIME format.
--part0_922747674_boundary
Content-ID: <0_922747674(a)inet_out.mail.aol.com.1>
Content-type: text/plain; charset=US-ASCII
Hey Folks,
Just wanted to pass this info on to you, It's important.
Jackie McMinn
List Owner/Manager
--part0_922747674_boundary
Content-ID: <0_922747674(a)inet_out.mail.west.raytheon.com.2>
Content-type: message/rfc822
Content-transfer-encoding: 7bit
Content-disposition: inline
Return-Path: <camcminn(a)west.raytheon.com>
Received: from
rly-zc01.mx.aol.com (
rly-zc01.mail.aol.com [172.31.33.1]) by
air-zc01.mail.aol.com (v58.16) with SMTP; Mon, 29 Mar 1999 17:39:55
-0500
Received: from
fw-es06.hac.com (
fw-es06.HAC.COM [128.152.1.6])
by
rly-zc01.mx.aol.com (8.8.8/8.8.5/AOL-4.0.0)
with ESMTP id RAA07337 for <JackieMc(a)aol.com>;
Mon, 29 Mar 1999 17:39:48 -0500 (EST)
From: camcminn(a)west.raytheon.com
Received: from
pmdf2.es.hac.com ([192.27.182.69])
by
fw-es06.hac.com (8.8.4/8.8.4) with ESMTP
id OAA15927 for <JackieMc(a)aol.com>; Mon, 29 Mar 1999 14:39:52 -0800 (PST)
Received: from
mime.mail.hac.com by
mail.hac.com (PMDF V5.1-12 #D3246)
id <0F9D00J01OC0KR(a)mail.hac.com> for JackieMc(a)aol.com; Mon,
29 Mar 1999 14:42:07 -0800 (PST)
Date: Mon, 29 Mar 1999 16:34 -0800 (PST)
Subject: Fwd:Freeware e-mail program steals your passwords...
To: JackieMc(a)aol.com
Message-id: <0F9D00J2JOE7KR(a)mail.hac.com>
Mime-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: quoted-printable
Some more info.
____________________Forward Header_____________________
Subject: Freeware e-mail program steals your passwords...
Author: Fred Hollis
Date: 3/29/99 10:49 AM
Freeware e-mail program steals
your passwords, other information
March 23 - A freeware e-mail program named ProMail, which has been distrib=
uted
by software Web sites such as
shareware.com, is really a Trojan horse. It
sends
user names and passwords in encrypted form to an account on free e-mail
provider
NetAddress. But aside from that, ProMail is a fully functional e-mail clie=
nt,
and a robust one at that, say the security experts who discovered its secr=
et.
CREATING A LEGITIMATE, FULLY functional Internet e-mail utility as a rogue=
for
a
password stealer is a fresh twist on an Internet Trojan horse. Apparently,=
it
was good enough to fool major software sites such as CNet's
shareware.com =
and
Simtel.Net, and as of Monday evening,
filelibrary.com was still offering i=
t
for
download. But if you install and run the program, it will gather your full
name,
organization, e-mail address, user name, password, SMTP and POP3 servers, =
and
more - then package them up and e-mail them to an account at NetAddress.
Aeon Labs, which calls itself an online technology research company, poste=
d a
warning to its Web site earlier this month. A representative of Aeon Labs
wrote
in a note posted to a security newsgroup that the lab cracked into the
destination accounts for the e-mail and found about 80 victims, and the
company
nows says there are hundreds of victims.
MSNBC downloaded the e-mail client from
freeware.com on Friday. The progra=
m's
readme notes say it was created by Smartware Inc., but Hemal C. Mehtalia,
Smartware Inc.'s president, said his company doesn't write software. Secur=
ity
Firm Data Fellows said ProMail's "About" box indicates the program is base=
d on
an open source code written by Michael Haller, but Haller has nothing to d=
o
with
the Trojan. He developed a free program, Phoenix Mail, and has made the fu=
ll
source code available. Phoenix Mail and its source code are available for
download from this site.
The first reference to the freeware Trojan appears to have come Feb. 24, w=
hen
a
note circulated in newsgroups advising that a free e-mail program, ProMail=
v
1.21, had been uploaded to
ftp.simtel.net. It hawked the program as "an
advanced
and easy to use Internet e-mail client," boasting it offered "no attachmen=
t
size
limitations," "configurable filters" and even "external virus scanner
support."
But while a user enjoys those features, in the background, the program
collects
personal user data, and as soon as an SMTP (simple mail transfer protocol)
connection is established, it sends the data to an e-mail account, presuma=
bly
owned by the author. All e-mails are sent with the same subject line: "kir=
io."
Shareware.com does not filter software it posts - it automatically points =
to
several partner sites that archive downloadable programs - and CNet has no
control over the individual files available from
shareware.com.
Calls to Simtel were not immediately returned, but that site points to 93
different shareware archives, making complete removal of ProMail difficult=
.ProMail is a fully functional e-mail client
Ken Williams, who runs a popular security Web site called Packet Storm
Security,
received an e-mail Monday from someone claiming to be the author of the
Trojan.
It was sent via an anonymous remailer, so its authenticity is suspect. In =
that
note, the alleged author describes himself as a teen-ager who just wanted =
to
prove a point.
"IIt is not an original work. I have modified an existing public domain an=
d
open
source email program adding only the 'trojan horse' code," the teen-ager, =
who
identified himself as David, wrote. "Let me assure all you people using
Pro-mail, I did not use, store, sell or do anything with your passwords or
other
data. And I did not download your mail ... I just wanted to increase the
public's awareness on the problem of Internet privacy.
"Now if a program written by a teenager can be spread SO EASILY over the N=
et,
unchecked ... then something must be wrong."
Forward item:
---------------------------- Forwarded with Changes
---------------------------
From: Fred Hollis at 1-HUNT
Date: 3/29/99 10:49AM
To: Terri J (ray) Tall at MIME
*To: #EADTB-Local
Subject: Freeware e-mail program steals your passwords...
--------------------------------------------------------------------------=
----
-
--part0_922747674_boundary--