[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Spam - Snow white
morb_@_bit_._net_._au (Brendan Morley) wrote in
<nMAb6.13$Fw.627752@news.interact.net.au>:
>a) People have to run the enclosed attachment for the Hybris worm to
>infect their local system.
Add to that, the fact that the attachment comes from a source that the
recipient doesn't know. To be loading an executable file from someone you
don't know, you'd have to be pretty silly.
>b) The worm only seems to infect Windows/Outlook combinations.
Taking the next two points into consideration, and also the consideration
that the worm utilises wsock32.dll to perform it's activities, would it be
correct to assume that only those who use Outlook are silly enough to
execute the worm? It would not surprise me in the slightest. Apart from any
non standard commands an email client may attempt to use, SMTP, POP3 and
NNTP are still the same protocol respectively, across the board.
>c) The worm scans outgoing traffic for any email addresses
>
>d) The worm at random intervals sends out the Snow White message to the
>scanned email addresses.
M.
--
To email me, just remove ".spam" or else your reply gets directed to the
bit bucket.
Whip ME, Beat ME. "Windows ME".