Full Disclosure mailing list archives
Random SoBig.F Thoughts
From: "Jason Coombs" <jasonc () science org>
Date: Mon, 1 Sep 2003 13:06:05 -1000
Consider the following creative interpretation of the spread of SoBig.F -- 1. View each e-mail address found by the virus that it used to send forged e-mail (From:) as a universe of potential re-infection. 2. Consider that some electronic social circles are more or less clueless, and that certain From: addresses will have highly successful reinfection rates versus other From: addresses, particularly when a more clueless social circle is penetrated by a highly-successful From: address. 3. Reinfection *should* cause the original highly-successful e-mail address to end up present as plaintext on the newly-infected computer, where it most likely was not present before the virus delivered itself to the target using the From: address. 4. Given enough time to execute and spread itself on the newly-infected host, the same highly-successful From: address *should* be used again on the downstream host in new forged messages; should, by chance, this address end up used to send a copy of the virus to another member of the original more clueless social circle whose first member's computer originally contained said e-mail address, perhaps the chances of reinfection increase? 5. Regardless of probabilities and cluelessness of those people targetted by the virus with forged e-mails, there *should* be a marked difference between the recurrence of infection based on From: address, and there *must* be some address in particular that ends up being the *winner* -- the most successful address used to spread reinfections. 6. Is there any way to determine who the winner is? 7. Does anyone care? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Virus, whether the scanners say so or not? Scott Phelps / Dreamwright Studios (Sep 01)
- Re: Virus, whether the scanners say so or not? Bennett Todd (Sep 01)
- Re: Virus, whether the scanners say so or not? Paul Schmehl (Sep 01)
- Re: Virus, whether the scanners say so or not? misiu_ (Sep 01)
- Re: Virus, whether the scanners say so or not? gregh (Sep 01)
- Random SoBig.F Thoughts Jason Coombs (Sep 01)
- Tracking a virus by logging infected machines Richard M. Smith (Sep 01)
- Re: Tracking a virus by logging infected machines Ralf (Sep 01)
- Re: Tracking a virus by logging infected machines Marcus Graf (Sep 02)
- Re: Tracking a virus by logging infected machines morning_wood (Sep 02)
- Re: Tracking a virus by logging infected machines Joel R. Helgeson (Sep 02)
- RE: Tracking a virus by logging infected machines Richard M. Smith (Sep 02)
- Tracking a virus by logging infected machines Richard M. Smith (Sep 01)
- <Possible follow-ups>
- Re: Virus, whether the scanners say so or not? roman . kunz (Sep 01)
- Fw: Virus, whether the scanners say so or not? morning_wood (Sep 01)