An ICQ user 178987664 posing as Jim Perkison (Nugget) attacked me today from IP address (client.dsl.net) 188.8.131.52
He is running an FTP server, and attempting to get people to download malicious virus code that will allow him to infect my computer and hack me. Although I was to smart for him, I suspect many may not be. I’ve alerted his provider to take any action they can. Note that these IP addreses are probably dynamic, so he may already be gone.
Session Start (ICQ – 9729896:178987664
[08:09] 178987664: hi
[08:09] jeffg: hi
[08:10] 178987664: We are a company and ask questions on people
Do you want to answer?
[08:10] jeffg: I’m not sure I believe you – but sure… go ahead.
[08:11] 178987664: Okay
You will get the question sheet
I will send it now okay?
[08:11] jeffg: I can not receive ICQ files. Sorry.
[08:12] 178987664: Download it from: (Link: ftp://184.108.40.206/Questions.zip)ftp://220.127.116.11/Questions.zip
[08:13] jeffg: hahaa… Either you’re an idiot, or you think I am.
[08:13] 178987664: ?
[08:13] jeffg: You don’t say who you are, and you don’t even have a real web page, and you want me to download a file. How stupid you are, or you expect me to be.
[08:14] 178987664: Sorry for any convenience
Thanks for your time
[08:14] jeffg: Try kids under 16. They’re much more gullible and will download candy from strangers.
[08:17] jeffg: Nice virus. Who are you really?
[08:18] jeffg: You know that files doesn’t work, right? It’s just a virus that doesn’t work. You need some help setting up one that will work.
[08:19] jeffg: I was trying to help, even though you’re evil. Oh well…
[08:20] 178987664: ?
[08:20] 178987664: what do you mean?
[08:21] jeffg: I mean I was trying to explain that the file you are getting me to download doesn’t infect me with the virus the way you want it to.
[08:21] 178987664: Can you explain what do you mean?
[08:21] jeffg: Ok. The questions file is a virus, right? You know that I assume.
[08:22] 178987664: No it is not a virus
[08:22] jeffg: Yes, it is.
[08:22] 178987664: Okay
And what kind of virus is it?
[08:23] jeffg: The ZIP contains a fake HTML file. This file TRYS to start the Backdoor virus, but it is created incorrectly.
[08:24] jeffg: You obviously know this, and it is the intent of your mysterious attack. I’m just letting you know it isn’t configured correctly. Has it worked for other stooges?
[08:24] 178987664: Okay okay
I cannot talk with you..
[08:25] jeffg: Maybe it just doesn’t infect my XP system the way you expected. Maybe it’s a Win98 virus.
[08:25] 178987664: Okay Okay
no it is not for win98 it is for linux
[08:25] 178987664: Why it doesn’t infect?
[08:25] jeffg: It is hidden to LOOK like an HTML web page.
[08:26] jeffg: What did you expect it to do?
[08:26] 178987664: COOL!
[08:26] 178987664: To open a html file with questions
[08:26] jeffg: haha… No, I mean really. What did you expect it to do?
[08:27] jeffg: It’s not an HTML file.
[08:27] 178987664: Okay okay
it is not a html file
it is an alien file
[08:28] jeffg: Just admit to me that you’re a punk trying to infect me, and hack into systems… and we can be friends.
[08:28] 178987664: Okay
I wanted to hack you
Do you know about trojans?
[08:29] jeffg: Yes, and this one doesn’t seem to be correct. It links to a secondary file not included in the zip.
[08:29] 178987664: Which secondaru file?
[08:29] jeffg: I couldn’t see that because my Norton deletes it too quickly.
[08:30] 178987664: Oh okay
Which are the best trojans?
[08:30] jeffg: You’re an idiot. Conversation end.
I’ll be taking this message exchange, and creating a web page about it. It was fun making fun of you. Now a lot more people will be able to laugh at you. Bye.
[08:31] 178987664: Cool!
[08:31] 178987664: Hehe
that would be cool
[08:32] jeffg: Can I assume you’re not really Jim Perkison?
[08:32] 178987664: I am his brother
[08:37] *** 178987664 signed on at Fri Apr 04 08:37:24 2003.