Anyone speak/read Russian?

eric halfabee

eric halfabee

You talking to me!
Had a email from a unrecognised source. This email contained a file called text.src. I opened up the attachement in Word and went passed all the stuff that made no sense to me and came across this at the end:

?sÄKERNEL32.DLLADVAPI32.dllMSVCRT.dllUSER32.dllWS2_32.dllLoadLibraryAGetProcAddressExitProcessRegCloseKeymemsetwsprintfA

I believe its a some Windows code but I'm not much of a Windows user or programmer etc.

Anyway I did a search for parts of the words in the text and at the last bit 'setwsprint' (I deleted the w) came across this site.

http://www.krimhacker.narod.ru/setsprint.html

To me it looks like crim(inal) hacker :rolleyes:

Can anyone shed some light on this. :confused:

Cheers

eric
 
It's probably some kind of script that executes on Windows. Nothing for you to worry about. I tried babelfish on that site but it didn't translate it for some reason.

All those DLLs are definately windows.
 
Can I just say that you should never open attachments from an unrecognized source?

Why would you ever do that?
 
You can always run a Russian page through babelfish.altavista.com - or Sherlock's translator.

-------------
Network Sprint Network Network SprintNet - the global network of the commutation of packets, one of the large in the world at present. Cet6 Sprint Is the direct development of network Telenet - one of the first moderately-priced networks of the commutation of packets. The owners of network are the important American communication companies UTI and GTE. To their daughterly company US Sprint belongs the largest in the world network of the optovolokonnykh channels, which constitutes basis Sprint. To Sprint connected about 6000 host- computers are sluice (gates) other firms and the organizations, which allow diverse reference and information services and ensuring output into other networks. This network is considered safe, since with the work with it the loss of information is impossible. With the work with the electronic mail to you is given special "box" on the server, who is connected with the aid of the tele-processor to the system of electronic mail. System itself is maximally thought out and has a mass of commands. Under it also there is license software, which is placed on your computer together with the network. Work with network Sprint is conducted with the aid of the protocol Of kh2shch, which ensures virtual channel to users. This means that each port of network has its address, and if computer is located on other address, then without ceremony it is possible to be connected to it. For the transfer all data are divided on the portion and are transferred by individual lines by one channel. Complex Sprint effectively uses communication systems, reducing the cost of the begun to operate resources and in this case it makes it possible to accelerate work with the network. Motto Sprint - security. Physically and by apparatus it is not possible to trace the information, transferred by network. On the content it is file they can learn only those, they are directly intended to whom. No one learns never address, name and other information about you, if you this do not wish. Bell on Sprint is achieved by most usual te.pminalnoy program. You nabi.payete nome.p Sprint (928-6344, 928-0985, 342-8376, 913-7166, 578-9119 or 578-9161) and after connecting te.pminal govo.pit CONNECT 9'00/.ARTs/Veyab. Further you one should nab.pat' @D and harvest enter. Will be derived st.poki: SPRINT NETWORKS 772 11001a TERMINAL=(vvedite D1) 772 - this is the code of st.pany, on Russia and S.YUG. 11001A - this nome.p of khosta, from the the koto.pogo you entered. I.e., after obtaining the answer of nap.pime.p 772 11001f you they must podoz.pevat', that there are khosty 11001A.b.ch.d. I.e., possibly there are other telephones Sprint in your go.pode. After @ you must nab.pat' nome.p of network - NUA - Network User Address, i.e. the number, which assigns the net address of user. NUI (Network User Identificator) - the code of access and password. DNIC (Data Network Identification Code) - the code of network, represents four numbers, which in the complete net address assign the code of the network of data. If you do not have ID and password, pop.pobuyte to introduce the following: login: guest/demo/new/bbs/help/info/newuser/anonymous/test passw: Guest/demo/new/bbs/help/info/newuser/anonymous/test Sprint Enters into the composition of konso.ptsi.yma Global One as other large networks of the commutation of the packets: SITA aka SCITOR, Infonet, Tymnet and others. Global One Has p.pedstavitel'stvo (both elekt.ponnoye and physical) in each k.pypnoy st.pane (modem telephone: 967-6767, the vocal telephone: 705-9170, ad.pes of the domain: global-one.net) if hacker forces open precisely the sp.pintovyy xost, then him they can draw, but this in eavisimosti from as deeply it climbed up, and they know about this or not. But if hacker paskovy.p4l any grid or anything another che.pez Sprint, then v.pyad whether Sprint to spit who che.pez it b.podit. P.poblemy can arise from that to whom it climbed up hacker. In Internet it is possible to learn about the services to network Sprint through http://www.sprint.com, http://www.sprintlink.net or http://www.rosprint.ru. Through Sprint are accessible the following services:
 
Thansk all

Brian, yeah tried babelfish, but I got even more kak than normal. Anyway I found out its part of this new mass email virus doing the rounds, which I thought was the case, here is a email from my ISP:

"Hi everyone

Most of you will be aware by now that a new mass-mailing worm hit the Internet today, known as Mydoom, Novarg, Shimg or WORM_MIMAIL, depending on which virus checker you use.

This worm has been spreading rapidly and our mail server is continuing to pull out many infected emails per minute.

As always, the best advice we can give in these situations is make sure your virus checker's definition files are up to date, and be suspicious of opening any email attachments.

The emails look fairly innocent, with subject lines such as "hi", "hello", "status", "test", "error" and even "Mail Delivery System" and "Server Report".

The attachment may be "readme", "data", "message", "body", "file" etc (not an exhaustive list) and is designed to look like a text file or a zip file.

The "from" address may be spoofed, so although the email may appear to come from someone you know, in fact it may not have done.

Another feature is that once a machine becomes infected it may take part in a distributed denial of service attack, which will result in increased data transfer on your Internet connection.

More information is available at:

http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html
http://vil.nai.com/vil/content/v_100983.htm
http://www3.ca.com/virusinfo/virus.aspx?ID=38102
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.R

If you have any questions, please feel free to ask.

Regards"

Spishack: Thats a good point too but its a Mac not a PC ;)

Cheers

eric
 
Yep. It's......














LONG PAUSE











A virus! It uses .scr script files to do its dirty work.
 
You must log in or register to reply here.
Back
Top