Vulnerability Development mailing list archives
Re: Win32.Sircam.Worm Alert.....
From: Nicolas Gregoire <nicolas.gregoire () 7thzone com>
Date: Wed, 25 Jul 2001 10:05:35 +0200
Tom Geldner wrote :
Some of our corporate accounts have been pounded on by a particular user on verizon.net. None of those e-mail addresses are from someone's address book. They are all things like info@, webmaster@, postmaster@ etc. so in our case, someone seems to be trying to propogate it deliberately.
The worm/virus use 2 sources of email adresses. The first one is the *.wab (Windows Adress Books) found on the hard-drives. The second one is from the Temporary Internet Files. Fox example, I usually receive emails for adresses like info@my_domain.com & help@my_domain.com and these 2 adresses are listed on our website. Every person infected by SirCam, using IE and browing our site will send me one of his personnal documents. I have receive more than 100 this week. Nicob Please excuse my shitty english, it's very early
Current thread:
- RE: Win32.Sircam.Worm Alert..... Johnson, Greg (Jul 24)
- RE: Win32.Sircam.Worm Alert..... Tom Geldner (Jul 24)
- RE: Win32.Sircam.Worm Alert..... Jeremy Rodriguez (Jul 25)
- Re: Win32.Sircam.Worm Alert..... Nicolas Gregoire (Jul 25)
- Re:Sircam Kimberly Anne McKinnis (Jul 26)
- RE: Sircam Dom De Vitto (Jul 26)
- <Possible follow-ups>
- Re: Win32.Sircam.Worm Alert..... Kimberly Anne McKinnis (Jul 24)
- Re: Win32.Sircam.Worm Alert - Report from Argentina Mariano Vassallo (Jul 25)
- RE: Win32.Sircam.Worm Alert..... Arturo "Buanzo" Busleiman (Jul 25)
- RE: Win32.Sircam.Worm Alert..... Eric D. Williams (Jul 25)
- Re: Win32.Sircam.Worm Alert..... Nicolas Gregoire (Jul 25)
- Re: Win32.Sircam.Worm Alert..... Bruno Lustosa (Jul 25)
- RE: Win32.Sircam.Worm Alert..... Obert, Jack E. (Jul 25)
- Re: Win32.Sircam.Worm Alert..... Peter Gutmann (Jul 25)
(Thread continues...)
- RE: Win32.Sircam.Worm Alert..... Tom Geldner (Jul 24)