Re: Win32.Sircam.Worm Alert.....
From: Nicolas Gregoire (nicolas.gregoire@7thzone.com)Date: 07/25/01
- Previous message: horape@tinuviel.compendium.net.ar: "Re: Win32.Sircam.Worm Alert....."
- In reply to: Tom Geldner: "RE: Win32.Sircam.Worm Alert....."
- Next in thread: Jeremy Rodriguez: "RE: Win32.Sircam.Worm Alert....."
- Next in thread: Martin Lindquist: "Re: Win32.Sircam.Worm Alert....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3B5E7DCF.BE6DD15A@7thzone.com> Date: Wed, 25 Jul 2001 10:05:35 +0200 From: Nicolas Gregoire <nicolas.gregoire@7thzone.com> To: Tom Geldner <tom@xor.cc>, vuln-dev@securityfocus.com Subject: Re: Win32.Sircam.Worm Alert.....
Tom Geldner wrote :
>
> Some of our corporate accounts have been pounded on by a particular user
> on verizon.net. None of those e-mail addresses are from someone's
> address book. They are all things like info@, webmaster@, postmaster@
> etc. so in our case, someone seems to be trying to propogate it
> deliberately.
The worm/virus use 2 sources of email adresses.
The first one is the *.wab (Windows Adress Books) found on the
hard-drives.
The second one is from the Temporary Internet Files.
Fox example, I usually receive emails for adresses like
info@my_domain.com & help@my_domain.com and these 2 adresses are listed
on our website. Every person infected by SirCam, using IE and browing
our site will send me one of his personnal documents.
I have receive more than 100 this week.
Nicob
Please excuse my shitty english, it's very early
- Previous message: horape@tinuviel.compendium.net.ar: "Re: Win32.Sircam.Worm Alert....."
- In reply to: Tom Geldner: "RE: Win32.Sircam.Worm Alert....."
- Next in thread: Jeremy Rodriguez: "RE: Win32.Sircam.Worm Alert....."
- Next in thread: Martin Lindquist: "Re: Win32.Sircam.Worm Alert....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
