Re: Self propogating virii and spam correlation

[Felipe Franciosi <franciozzy () terra com br>]

>     Thats a possibility, but since most worms / virii are disected very
> quickly, with detailed descriptions of their inner workings outlined for
> anybody who cares to look a wary spammer would be hesitant to device a
> mechanism for shipping their bounty of addresses back to themselves for fear
> of discovery.

What do you mean by VERY QUICKLY? I guess we just missed the point
here.

What Keith guessed is that a virii/worm  like this would produce a
huge list of valid email addresses within a few minutes (obviously
less than an hour).

So, the coder can easily hack some machine (ANY MACHINE),  like  a
linux box on a cable modem,  for example, set up a server (perhaps
even a MySQL server) and tell his worm to  dump the addresses over
there.

He can stay online for  the next hour grabing the data or fetch it
all some time later.

My guesses is that the sysadm of the  hacked  box  would take more
time to find out  his  system  have  been compromised, and then it
would be too late.

...

It looks so easy that I will go deeper:  if the coder doesn't want
to increase the traffic on the hacked box, he can code his worm to
send only a package saying "hi, I'm inffected". Then the coder can
grab the IP address, connect to the virii  (actually it would look
more like a backdoor) and say: "send me my money".

Regards,
Felipe

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Felipe Franciosi        paradoxo networking
 felipe () paradoxo org                  Brazil
 http://www.paradoxo.org   Porto Alegre - RS
 Fone: (55)(51) 9806 7387     UIN - 33596050
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=