Full Disclosure mailing list archives

RE: RE: Spam Solution

From: "Larry Seltzer" <larry () larryseltzer com>
Date: Sat, 19 Jun 2004 06:57:05 -0400

Correct me if I'm wrong. One worm some time ago even _asked_ users to enter their SMTP

AUTH credentials. And it spread quite well. Attach a spam engine and reduce its
spreading rate to stay under the AV radar as long as possible and you're set.

Was it SWEN? Or one of the encrypted ZIP thingies? I can't remember but it happened.


Yes, you are thinking of Swen, but it doesn't do what you suggest. It asks you for SMTP
and POP3 server and login info, but it uses them to access your POP3 server. It's a
weird story; see
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a () mm html for details
and screen shots.

Of course, they could ask you for your SMTP credentials too, but this doesn't worry me
too much. 

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer () ziffdavis com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Spam Solution, (continued)
- Re: Spam Solution Gadi Evron (Jun 18)
  - RE: Spam Solution Larry Seltzer (Jun 18)
    - Re: Spam Solution Gadi Evron (Jun 18)
    - Re: Spam Solution Valdis . Kletnieks (Jun 18)
    - RE: Spam Solution Larry Seltzer (Jun 18)
    - Re: Spam Solution Valdis . Kletnieks (Jun 18)
    - RE: Spam Solution Bojan Zdrnja (Jun 19)
    - RE: Spam Solution Larry Seltzer (Jun 19)
    - Re: Spam Solution Aditya, ALD [ Aditya Lalit Deshmukh ] (Jun 20)
    - RE: Spam Solution Max Mustermann (Jun 19)
    - RE: RE: Spam Solution Larry Seltzer (Jun 19)
    - Re: RE: Spam Solution Valdis . Kletnieks (Jun 21)
- RE: Spam Solution Ng, Kenneth (US) (Jun 18)
- RE: Spam Solution James . Cupps (Jun 18)