Re: [Full-Disclosure] MyDoom Email targets

From: madsaxon (madsaxon_at_direcway.com)
Date: 01/27/04

  • Next message: pask_at_open3s.com: "[Full-Disclosure] OPEN3S-2003-08-08-eng-informix-onshowaudit"
    To: full-disclosure@netsys.com
    Date: Tue, 27 Jan 2004 12:02:49 -0600
    
    

    At 09:26 AM 1/27/2004 -0800, Scott Manley wrote:

    >I've noticed I'm getting a load of messages to my catch all domains with
    >addresses like adam@.... joe@.... sandra@.... - it's highly unlikely that
    >this would be part of anyone's address book - is there some mechanism in
    >the worm to try and propagate to random e-mail within a domain?

    Yeah, here's a list of the names it can use, from a copy I got
    and UPX/ROT-13 decoded:

    sandra
    linda
    julie
    jimmy
    jerry
    helen
    debby
    claudia
    brenda
    anna
    alice
    brent
    adam
    ted
    fred
    jack
    bill
    stan
    smith
    steve
    matt
    dave
    dan
    joe
    jane
    bob
    robert
    peter
    tom
    ray
    mary
    serg
    brian
    jim
    maria
    leo
    jose
    andrew
    sam
    george
    david
    kevin
    mike
    james
    michael
    alex
    john
    accoun
    certific
    list
    servntivi
    support
    icrosoft
    admin
    page
    the.bat
    gold-certs
    cafeste
    submit
    not
    help
    service
    privacy
    somebody
    nosoft
    contacts
    iterating
    bugs
    me
    you
    your
    someone
    anyone
    nothing
    nobody
    noone
    webmaster
    postmaster
    samples
    info
    root
    be_loyal:
    mozilla

    There are a lot of interesting strings in this thing.

    ;-)

    m5x

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: pask_at_open3s.com: "[Full-Disclosure] OPEN3S-2003-08-08-eng-informix-onshowaudit"

    Relevant Pages

    • Re: W32/Swen@MM
      ... Jerry, please try either McAfee's stinger tool: ... Others have been successful with these tools--let us know what worked for ... This virus is a pain, but it can be licked, and fairly easily once the ... > I've been infected with the W32/Swen@MM worm. ...
      (microsoft.public.security.virus)
    • Re: W32/Swen@MM
      ... Thanks for suggesting the Stinger Tool to delete ... >Jerry, please try either McAfee's stinger tool: ... >> it because the worm won't allow my computer to load the ...
      (microsoft.public.security.virus)