(A Javascript-enabled browser is required to email me.)



NaughtyRobot
From TBTF for 1997-02-11



In the email message below I've highlighted parts of the header lines that were probably forged by the perpetrators of the NaughtyRobot hoax. Red items are the To: and From: addresses (I've substituted my own for that of the original recipient). Blue items represent the system from which the recipient is supposed to believe the message originated. The single green item is the system that a knowledgable sysadmin, studying these entrails, might suppose was the ultimate origin of the message. In fact the perpetrators covered their tracks well. I have seen instances of the note apparently relayed through these sites:

electriciti.com
iclnet.org
avebury.arch.soton.ac.uk
geocities.com
and apparently originating from these sites: earthlink.net
dds.nl
Some posters on Usenet were particularly amused by the use of  iclnet.org,  a Christian organization, to assist with the robot's naughtiness.


Received: from powergrid.electriciti.com (root@electriciti.com)
[198.5.212.8]) by home.atlantech.net (8.8.2/8.6.12) with SMTP id DAA28321
for <dawson@world.std.com>; Sun, 26 Jan 1997 03:25:26 -0500 (EST)
From: Keith Dawson <dawson@world.std.com>
Received: from dds.nl by powergrid.electriciti.com with smtp
        (Smail3.1.29.1 #3) id m0voGeh-0006lnC; Sat, 25 Jan 97 14:32 PST
Message-Id: <m0voGeh-0006lnC@powergrid.electriciti.com>
Date: Sat, 25 Jan 97 14:32 PST
Apparently-From: dawson@world.std.com
Apparently-To: dawson@world.std.com
Subject: EMERGENCY - security breached by NaughtyRobot
Comment: Authenticated sender is <dawson@world.std.com>
Precedence: Urgent

This message was sent to you by NaughtyRobot, an Internet spider that
crawls into your server through a tiny hole in the World Wide Web.
  
NaughtyRobot exploits a security bug in HTTP and has visited your host
system to collect personal, private, and sensitive information.
  
It has captured your Email and physical addresses, as well as your phone
and credit card numbers.  To protect yourself against the misuse of this
information, do the following:
  
        1. alert your server SysOp,
        2. contact your local police,
        3. disconnect your telephone, and
        4. report your credit cards as lost.
  
Act at once.  Remember: only YOU can prevent DATA fires.
  
This has been a public service announcement from the makers of
NaughtyRobot -- CarJacking its way onto the Information SuperHighway.

[ TBTF for 1997-02-11 ]