Security Incidents mailing list archives
Re: Tracking SirCam
From: Gary Flynn <flynngn () jmu edu>
Date: Wed, 25 Jul 2001 16:31:25 -0400
Peter Krawczyk wrote:
In the header of the message, everything looks dynamic, and so tracking it seems to be hard. However, there is a slip -- the Date: header actaully appears as 'date:'.
Sorry I haven't kept up with this one. This message seems to be saying the virus engineers its own SMTP header. Is the FROM: information correct? ------------------------- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Tracking SirCam Peter Krawczyk (Jul 25)
- Re: Tracking SirCam Don Hammond (Jul 25)
- Re: Tracking SirCam Greg A. Woods (Jul 25)
- Re: Tracking SirCam Nick FitzGerald (Jul 26)
- Re: Tracking SirCam Gary Flynn (Jul 25)
- Re: Tracking SirCam Nick FitzGerald (Jul 26)