Security Basics mailing list archives
Re: Question on WORM_NETSKY.P
From: "Mahaveer Saraswat" <mahaveer.s () net4india net>
Date: Fri, 26 Mar 2004 05:04:46 +0530
Hi Marty This worm gathers target email addresses from files with the following extensions htm/html/xml/shtm asp/cgi/php doc/txt/rtf WAB (Addressbook) eml etc It uses the DNSQuery API imported from DNSAPI.DLL library to query the default mail exchanger (type=MX) of the domain of the target email address. If the first method fails, it invokes GetNetworkParams API imported from IPHLPAPI.DLL library to acquire the local domain DNS server. It manually queries the mail exchanger that pertains to the domain name of the target email address. Mahaveer saraswat (Sr.Systems Engineer) Net4india Ltd. ----- Original Message ----- From: "Marty" <m_samson () videotron ca> To: <security-basics () securityfocus com> Sent: Thursday, March 25, 2004 9:44 PM Subject: Question on WORM_NETSKY.P Hi, I read a bit about WORM_NETSKY.P and I still have a question. Can the worm read the incoming email addresses from the infected computer's inbox or does the email address has to be present in the address book? --- :- ) Merci Marty! ****************************************** Pensée de la semaine : C'est à ce signe qu'on distingue les vrais héros : ils ne se plaignent jamais de leur sort. Martin M Samson Chef de projets, 514-707-7103 --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Question on WORM_NETSKY.P Marty (Mar 25)
- Re: Question on WORM_NETSKY.P Mahaveer Saraswat (Mar 26)