Full Disclosure mailing list archives
RE: RE: Spam Solution
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Sat, 19 Jun 2004 06:57:05 -0400
Correct me if I'm wrong. One worm some time ago even _asked_ users to enter their SMTP
AUTH credentials. And it spread quite well. Attach a spam engine and reduce its spreading rate to stay under the AV radar as long as possible and you're set.
Was it SWEN? Or one of the encrypted ZIP thingies? I can't remember but it happened.
Yes, you are thinking of Swen, but it doesn't do what you suggest. It asks you for SMTP and POP3 server and login info, but it uses them to access your POP3 server. It's a weird story; see http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a () mm html for details and screen shots. Of course, they could ask you for your SMTP credentials too, but this doesn't worry me too much. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer larryseltzer () ziffdavis com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Spam Solution, (continued)
- Re: Spam Solution Gadi Evron (Jun 18)
- RE: Spam Solution Larry Seltzer (Jun 18)
- Re: Spam Solution Gadi Evron (Jun 18)
- Re: Spam Solution Valdis . Kletnieks (Jun 18)
- RE: Spam Solution Larry Seltzer (Jun 18)
- Re: Spam Solution Valdis . Kletnieks (Jun 18)
- RE: Spam Solution Larry Seltzer (Jun 18)
- RE: Spam Solution Bojan Zdrnja (Jun 19)
- RE: Spam Solution Larry Seltzer (Jun 19)
- Re: Spam Solution Aditya, ALD [ Aditya Lalit Deshmukh ] (Jun 20)
- Re: Spam Solution Gadi Evron (Jun 18)
- RE: Spam Solution Max Mustermann (Jun 19)
- RE: RE: Spam Solution Larry Seltzer (Jun 19)
- Re: RE: Spam Solution Valdis . Kletnieks (Jun 21)