Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question on WORM_NETSKY.P

From: "Mahaveer Saraswat" <mahaveer.s () net4india net>
Date: Fri, 26 Mar 2004 05:04:46 +0530
Hi Marty

This worm gathers target email addresses from files with the following
extensions
htm/html/xml/shtm
asp/cgi/php
doc/txt/rtf
WAB (Addressbook)
eml etc

It uses the DNSQuery API imported from DNSAPI.DLL library to query the
default mail exchanger (type=MX) of the domain of the target email address.

If the first method fails, it invokes GetNetworkParams API imported from
IPHLPAPI.DLL library to acquire the local domain DNS server. It manually
queries the mail exchanger that pertains to the domain name of the target
email address.

Mahaveer saraswat
(Sr.Systems Engineer)
Net4india Ltd.




----- Original Message ----- 
From: "Marty" <m_samson () videotron ca>
To: <security-basics () securityfocus com>
Sent: Thursday, March 25, 2004 9:44 PM
Subject: Question on WORM_NETSKY.P


Hi,

I read a bit about WORM_NETSKY.P and I still have a question.

Can the worm read the incoming email addresses from the infected
computer's inbox or does the email address has to be present in the
address book?


---

:- )

Merci

Marty!

******************************************

Pensée de la semaine : C'est à ce signe qu'on distingue les vrais héros
: ils ne se plaignent jamais de leur sort.

Martin M Samson
Chef de projets,
514-707-7103




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: