Security Incidents mailing list archives

Re: Tracking SirCam

From: Gary Flynn <flynngn () jmu edu>
Date: Wed, 25 Jul 2001 16:31:25 -0400

Peter Krawczyk wrote:


In the header of the message, everything looks dynamic, and so tracking it
seems to be hard.  However, there is a slip -- the Date: header actaully
appears as 'date:'.


Sorry I haven't kept up with this one. This message seems to be saying
the virus engineers its own SMTP header.

Is the FROM: information correct?

-------------------------
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Tracking SirCam Peter Krawczyk (Jul 25)
- Re: Tracking SirCam Don Hammond (Jul 25)
- Re: Tracking SirCam Greg A. Woods (Jul 25)
  - Re: Tracking SirCam Nick FitzGerald (Jul 26)
- Re: Tracking SirCam Gary Flynn (Jul 25)
  - Re: Tracking SirCam Nick FitzGerald (Jul 26)