19 October 2010

From the Mark-Weeks.com Team

A few days ago I received this email...

Subject: Report
From: Automatic Email Delivery Software
To: wcc@mark-weeks.com
Date: Saturday, October 16, 2010, 2:06 PM

Dear user wcc@mark-weeks.com,

Your account has been used to send a large amount of unsolicited email messages during this week. Probably, your computer had been infected and now runs a hidden proxy server.

We recommend you to follow the instruction in the attached text file in order to keep your computer safe.

Best wishes,
The mark-weeks.com team.

...The email address wcc@mark-weeks.com is the contact address I use on my World Chess Championship site. It is an alias for another mailbox and is never used to send mail of any type. As for the mark-weeks.com team, it consists of me, myself, and I. All three of us agreed that the email message was some kind of a fraud. The exact kind of fraud wasn't too difficult to determine...

-----Inline Attachment Follows-----

***************** VIRUS REMOVED *****************

An attachment has been removed because it contained a virus.

***************** VIRUS REMOVED *****************

Virus name: [W32/Sality.AD]
Virus scanner: [Authentium]
Attachment name: [wcc@mark-weeks.com]
Attachment type: [application/octet-stream]

...While I'm on the subject of egregious attempts to infect my system with malware, almost every day I get hundreds of hits on my server looking for files that have something do with PHP, for example:-

  • GET //~/admin/config/config.inc.php?p=phpinfo(); HTTP/1.1
  • GET //mysqladmin/config/config.inc.php?p=phpinfo(); HTTP/1.1
  • GET //phpMyAdmin-2.2.3/config/config.inc.php?p=phpinfo(); HTTP/1.1

I shudder to think what would happen if the perpetrators actually found such a file. Would my site become a command & control center for an Elbonian botnet?


In case you came to this post looking for something that had to do with chess, I don't want you to leave disappointed. While I was looking at the server stats, I noticed traffic from a domain I had never seen before: 14th WMCCC, Gunadarma University, Jakarta, Indonesia, October 8-15, 1996. That particular page has all sorts of info on the 14th WMCCC (World Microcomputer Chess Championship) and I assume the other pages in the domain are equally detailed. The index page is at Chessprogramming.wikispaces.com/Tournaments.

No comments: