Re: Swen

[Nick FitzGerald <nick () virus-l demon co uk>]

"Paul Marsh" <pmarsh () nmefdn org> wrote:

> Everyone's talking about if Swen is traceable or not,if it is when would
> gannpm () htc net be the potential infected client?
<<snip>>
> Return-Path: gannpm () htc net

Yes...

...but note that the virus simply grabs a defined (but not hard-coded) 
registry value for this purpose.  Whether that value is the (or "a") 
valid Email address for the user of the infected machine is, of course, 
an open question.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html