Re: virus' on the list

To: debian-user@lists.debian.org
Subject: Re: virus' on the list
From: Arnt Karlsen <arnt@c2i.net>
Date: Wed, 27 Aug 2003 07:34:12 +0200
Message-id: <[🔎] 20030827073412.36e0382b.arnt@c2i.net>
In-reply-to: <[🔎] 20030827002055.61231a11.ph33rful@optonline.net>
References: <[🔎] 20030827002055.61231a11.ph33rful@optonline.net>

On Wed, 27 Aug 2003 00:20:55 -0400, 
amg <ph33rful@optonline.net> wrote in message 
<[🔎] 20030827002055.61231a11.ph33rful@optonline.net>:

> Hello all, 
> 
> Being relatively new to the whole mailing-list scene I have a question
> about the linux mailing-list scene actually (actually part of a
> mailing list in my windows days).
> 
> While browsing my inbox, which I only do every several days, I notice
> messages from places such as "info@winram.com" (this was recently, I
> received (or it was sent?) it: 03.08.28).
> 
> I am wondering what this is. Did someone send a virus/worm/whatever to
> debian-user@lists.debian.org? Is info@winram a security company
> protecting us happy debian users from such a horrible thing? Is this a
> common thing (have seen before, but can't remember where/when)? Did
> "info@winram.com" mistakingly judge a "normal/safe" message as a
> threat to our security, and in the end, choose to inform us about the
> potential threat?
> 
> I am not afraid of receiving a virus through this list (I could be
> blind to the danger I don't know about). I never open an attachment
> from anyone. I am under the impression this is a good thing. (Hint:
> maybe you could tell me otherwise :))
> 
> This isn't an important question, so don't rack your brains. I am
> simply curious of what it all means.
> 
> Anything on the matter would be helpful, and greately appreciated.
> 
> afterthought: while on the windows mailing-list, I never received
> anything closely related to a "virus warning", which is why I ask the
> question now, instead of my pre-Linux days.

..something on the matter:  ;-)
arnt@a45:~$ jwhois winram.com
[Querying whois.internic.net]
[Redirected to whois.dotster.com]
[Querying whois.dotster.com]
[whois.dotster.com]

 The data contained in the WHOIS database, while
believed by the company to be reliable, is provided "as is",
with no guarantee or warranties regarding its accuracy.  This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records.
Any use of this data for any other purpose, including, but not
limited to, allowing or making possible dissemination or
collection of this data in part or in its entirety for any
purpose, such as the transmission of unsolicited advertising and
solicitations, is expressly forbidden without the prior written
permission of this company. By submitting an inquiry, you agree
to these terms of usage and limitations of warranty.
Please limit your queries to 10 per minute and one connection.

Registrant:
   Ken Hopkins
   vancouver
   vancouver, bc v6h1r5
   CA

   Registrar: DOTSTER
   Domain Name: WINRAM.COM
      Created on: 15-JUN-97
      Expires on: 14-JUN-04
      Last Updated on: 10-APR-03

   Administrative, Technical Contact:
      Hopkins, Ken  khopkins@intersoft.ca
      vancouver
      vancouver, bc  v6h1r5
      CA
      6048017007


   Domain servers in listed order:
      NS1.CLGRAB.GROUPTELECOM.NET
      NS2.TOROON.GROUPTELECOM.NET
      NS1.CYBEK.COM

End of Whois Information
arnt@a45:~$ dig winram.com

; <<>> DiG 9.2.1 <<>> winram.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58250
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 2

;; QUESTION SECTION:
;winram.com.                    IN      A

;; ANSWER SECTION:
winram.com.             86400   IN      A       209.17.173.149

;; AUTHORITY SECTION:
winram.com.             86400   IN      NS      ns.cg.sfl.net.
winram.com.             86400   IN      NS      ns.mt.sfl.net.
winram.com.             86400   IN      NS     
	ns1.clgrab.grouptelecom.net. 
winram.com.             86400   IN      NS 
	ns2.toroon.grouptelecom.net.

;; ADDITIONAL SECTION:
ns1.clgrab.grouptelecom.net. 172798 IN  A       139.142.2.3
ns2.toroon.grouptelecom.net. 172798 IN  A       209.135.99.3

;; Query time: 2383 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Aug 27 07:28:49 2003
;; MSG SIZE  rcvd: 186

arnt@a45:~$ dig -x 209.17.173.149

; <<>> DiG 9.2.1 <<>> -x 209.17.173.149
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33899
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;149.173.17.209.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
149.173.17.209.in-addr.arpa. 86400 IN   PTR    
h209-17-173.gtconnect.net.

;; AUTHORITY SECTION:
173.17.209.in-addr.arpa. 86400  IN      NS      ns.cg.sfl.net.
173.17.209.in-addr.arpa. 86400  IN      NS      ns.mt.sfl.net.

;; Query time: 254 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Aug 27 07:30:19 2003
;; MSG SIZE  rcvd: 128

arnt@a45:~$

..draw your own conclusions.  ;-)

-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.

Reply to:

Follow-Ups:
- Re: virus' on the list
  - From: Ashley Graham <ph33rful@optonline.net>

References:
- virus' on the list
  - From: amg <ph33rful@optonline.net>

Prev by Date: Re: COBOL compiler
Next by Date: RE: virus' on the list
Previous by thread: Re: virus' on the list
Next by thread: Re: virus' on the list
Index(es):
- Date
- Thread