Girl Geekette

Heads up, once again, there is another PayPal Scam going around that might look legitimate to some. In it, the email states you have added a new email address to your PayPal account and wants you to be aware of this. If you don’t believe it is right, it gives you a link to log in and check and protest.

The email reads:

——– Original Message ——–
From:  - Tue Sep 20 17:36:28 2005
X-Account-Key:  account3
X-UIDL:  i^N”!og["!dld!!/l/!!
X-Mozilla-Status:  0001
X-Mozilla-Status2:  00000000
Return-Path:  guest@bf-l.ch
Received:  from smtp.bf-l.ch (194-158-242-54.adslpremium.ch [194.158.242.54]) 
Tue, 20 Sep 2005 16:32:07 -0500 (CDT) (envelope-from guest@bf-l.ch)
Received:  by smtp.bf-l.ch (Postfix, from userid 520) id 307652CDC2; Tue, 20 Sep 2005 23:31:55 +0200 (CEST)
To:  kyralea@tranquility.net
Subject:  New email address added to your PayPal account !
From:  service@paypal.com
Content-Type:  text/html
Message-Id:  <20050920213155.307652CDC2@smtp.bf-l.ch>
Date:  Tue, 20 Sep 2005 23:31:55 +0200 (CEST)
X-milter-7bit-Pass:  YES
X-milter-date-PASS:  YES
X-UIDL:  i^N”!og[”!dld!!/l/!!

Needless to say, I was inspired by an article on Windows Security that did a test using Windows 2000 to try my own test with Windows XP using NTFS. Now, I have decided to test it using Windows 2003. Below are my findings and screen by screen snapshots (Thumbnails are shown, click them to see a larger picture):

ADS test using Windows 2003

1. I begin by making a test directory and copying the c:\windows\system32\calc.exe to it. Notice the original date and timestamp (last modified time and date stamp) of the file is 4/3/2003 8:00AM and the size is 113KB. (Image 1 Below)

Alternate Data Streams 2003 Image 1

Here is a listing in DOS that shows the directory with the copied calc.exe file. (Image 2 below)

Needless to say, I was inspired by an article on Windows Security that did a test using Windows 2000 to try my own test with Windows XP using NTFS. Below are my findings and screen by screen snapshots (Thumbnails are shown, click them to see a larger picture that Opens in this window):

ADS test using Windows XP

1. I begin by making a test directory and copying the c:\windows\system32\calc.exe to it. Notice the original date and timestamp (last modified time and date stamp) of the file is 8/23/2001 8:00AM and the size is 112KB.

Alternate Data Streams WinXP Image 1

Here is a listing in DOS that shows the directory with the copied calc.exe file.

Alternate Data Streams WinXP Image 2

2. I append an ADS (Alternate Data Stream) to the Windows Calculator program I copied to the test directory with another Windows program (Notepad - c:\windows\notepad.exe).

I was thumbing through my website and checking the theme, working on come CSS when I happened to look at my logs. It seemed every time I clicked on a post to check some alignments of the theme, that there was another entry right under mine - from a different IP address. The 2nd time I noticed it, I figured that maybe it was a coincidence and someone happened to click on the post the same time I did. The third and fourth time it happened, I had to wonder. Below is a copy and paste from my logs. The 192 address is mine, but look at the log entries right below mine: