Re: IRC -> smtp worm?

From: Eric Chien (ecchien@yahoo.com)
Date: 12/18/02

Next message: Kyle Lai: "Re: Worm on 445/tcp?"

Previous message: H C: "Re: IRC -> smtp worm?"
In reply to: Joao Gouveia: "IRC -> smtp worm?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 18 Dec 2002 10:53:31 -0800 (PST)
From: Eric Chien <ecchien@yahoo.com>
To: Joao Gouveia <tharbad@kaotik.org>, incidents@securityfocus.com

--- Joao Gouveia <tharbad@kaotik.org> wrote:
> Here is a sample (IRC user data changed):
> <quote>
> HELO x4i8x4
> RSET
> MAIL FROM: <>
> RCPT TO: <mask!__@69.69.69.69 PRIVMSG #channel :LOL>
> </quote>

Could be one of the many standard SMTP worms that
parse text and html files looking for email addresses.
The routines that do so are relatively 'inaccurate'
as they may just search for the @ symbol.

And in this case, it may have hit upon an IRC log and
didn't quite parse out the email address properly (or
realize they weren't actually email addresses at all).

...Eric

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Next message: Kyle Lai: "Re: Worm on 445/tcp?"
Previous message: H C: "Re: IRC -> smtp worm?"
In reply to: Joao Gouveia: "IRC -> smtp worm?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]