Re: Tracking SirCam
From: Gary Flynn (flynngn@jmu.edu)Date: 07/25/01
- Previous message: Greg A. Woods: "Re: Tracking SirCam"
- In reply to: Peter Krawczyk: "Tracking SirCam"
- Next in thread: Nick FitzGerald: "Re: Tracking SirCam"
- Reply: Nick FitzGerald: "Re: Tracking SirCam"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3B5F2C9D.2D0B0C9F@jmu.edu> Date: Wed, 25 Jul 2001 16:31:25 -0400 From: Gary Flynn <flynngn@jmu.edu> To: Peter Krawczyk <petek@mc.net> Subject: Re: Tracking SirCam
Peter Krawczyk wrote:
>
> In the header of the message, everything looks dynamic, and so tracking it
> seems to be hard. However, there is a slip -- the Date: header actaully
> appears as 'date:'.
Sorry I haven't kept up with this one. This message seems to be saying
the virus engineers its own SMTP header.
Is the FROM: information correct?
-------------------------
Gary Flynn
Security Engineer - Technical Services
James Madison University
Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Greg A. Woods: "Re: Tracking SirCam"
- In reply to: Peter Krawczyk: "Tracking SirCam"
- Next in thread: Nick FitzGerald: "Re: Tracking SirCam"
- Reply: Nick FitzGerald: "Re: Tracking SirCam"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
