[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Spam - Snow white

Subject: Re: Spam - Snow white
From: usenet.spam@gunzel.net (Michael)
Date: Sun, 28 Jan 2001 10:12:55 GMT
Newsgroups: aus.rail
Organization: Gunzel
References: <3a6588bc$1@fl.net.au> <3a663fda$0$15478$7f31c96c@news01.syd.optusnet.com.au> <3a6d553e$0$16376$7f31c96c@news01.syd.optusnet.com.au> <3a6d5753$0$16387$7f31c96c@news01.syd.optusnet.com.au> <nMAb6.13$Fw.627752@news.interact.net.au>
User-Agent: Xnews/03.04.11
Xref: bclass.spectrum.com.au aus.rail:29659

morb_@_bit_._net_._au (Brendan Morley) wrote in
<nMAb6.13$Fw.627752@news.interact.net.au>: 

>a) People have to run the enclosed attachment for the Hybris worm to
>infect their local system.

Add to that, the fact that the attachment comes from a source that the 
recipient doesn't know. To be loading an executable file from someone you 
don't know, you'd have to be pretty silly. 

>b) The worm only seems to infect Windows/Outlook combinations.

Taking the next two points into consideration, and also the consideration 
that the worm utilises wsock32.dll to perform it's activities, would it be 
correct to assume that only those who use Outlook are silly enough to 
execute the worm? It would not surprise me in the slightest. Apart from any 
non standard commands an email client may attempt to use, SMTP, POP3 and 
NNTP are still the same protocol respectively, across the board. 

>c) The worm scans outgoing traffic for any email addresses
>
>d) The worm at random intervals sends out the Snow White message to the
>scanned email addresses.

M.

-- 
To email me, just remove ".spam" or else your reply gets directed to the 
bit bucket.

Whip ME, Beat ME. "Windows ME".

Follow-Ups:
- Re: Spam - Snow white
  - From: "Michael McDonald" <michael.and.colleen.mcdonald@xtra.co.nz>

References:
- Spam - Snow white
  - From: "Chris" <chrisc@fl.net.au>
- Re: Spam - Snow white
  - From: "Sean" <spam@doctornick.org>
- Re: Spam - Snow white
  - From: "Sean" <spam@doctornick.org>
- Re: Spam - Snow white
  - From: "Andrew Tailby" <atailby@optusnet.com.au>
- Re: Spam - Snow white
  - From: "Brendan Morley" <morb_@_bit_._net_._au>

Prev by Date: Re: Connex rail maps in refurbished cars
Next by Date: Re: Spam - Snow white
Prev by thread: Re: Spam - Snow white Stop the Virus before it gets to you!
Next by thread: Re: Spam - Snow white
Index(es):
- Date
- Thread