FreeBSD Mail Archives

Date:      Wed, 25 Jul 2001 17:27:06 -0400
From:      James Housley <jim@thehousleys.net>
To:        Rick Hamell <hamellr@heorot.1nova.com>
Cc:        Wm Brian McCane <root@mccons.maxbaud.net>, freebsd-isp@freebsd.org
Subject:   Re: Possible spammers with a virus
Message-ID:  <3B5F39AA.95B7580B@Thehousleys.net>
References:  <Pine.BSF.4.21.0107251408240.21810-100000@heorot.1nova.com>

index | next in thread | previous in thread | raw e-mail


[-- Attachment #1 --]
Rick Hamell wrote:
> 
>         Apparently... the virus is somehow picking up email addresses off
> of web pages... a friend is being hit hard with it and that's the only
> place we can figure it's coming from.
> 

>From (http://www.f-secure.com/v-descs/sircam.shtml)

The worm uses Windows Address Book to collect e-mail addresses ('*.wab
files). The worm also tries to look for e-mail addresses in \Temporary
Internet Files\ folder ('sho*', 'get*', 'hot*', '*.html'). If a user has
a working e-mail account the worm reads the its setting. Otherwise the
'[username]@prodigy.mx.net' is used as the default sender's address and
'prodigy.net.mx' is used for the SMTP server name. The worm has its own
SMTP engine and it sends out messages using this engine. 

Jim
-- 
/"\   ASCII Ribbon Campaign  .
\ / - NO HTML/RTF in e-mail  .
 X  - NO Word docs in e-mail .
/ \ -----------------------------------------------------------------
jeh@FreeBSD.org      http://www.FreeBSD.org     The Power to Serve
jim@TheHousleys.Net  http://www.TheHousleys.net
---------------------------------------------------------------------
Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
[-- Attachment #2 --]
0�	*�H��
���0��10	+0	*�H��
���0��0�%�L"0
	*�H��
0��10	UZA10UWestern Cape10UDurbanville10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 1999.9.160
000921154029Z
010921154029Z0^10UHousley10U*James10U
James Housley1"0 	*�H��
	jim@thehousleys.net0��0
	*�H��
��0���������+�����hvȦi;�s������b�&[ŔGF�[0㩌��O#��j�d�Fo�C��s������:X0�IZzm��&�,��' ��'��L�#˦�xA0���c�<B�����A<�"3m��k� ��
�Q0O0U0�jim@thehousleys.net0U�00U#0����`�fU��X�F�a�#�Ì0
	*�H��
��U��e|�̕��^����.3�.��on%j�{�-���3��7��vD���kx^��o9h��sIJTV���j���cG�.�j߄@~�І�U�!)ȷKE�+QKf����n�ɵ����B#�庝��o0�0�}�0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��
	personal-freemail@thawte.com0
990916140140Z
010915140140Z0��10	UZA10UWestern Cape10UDurbanville10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 1999.9.160��0
	*�H��
��0�����iZ���z��]�!�#r�LK�~����r$�BR�W��{az���r98����e��^��e���yvL>�hpu��t�,O	1��A�rƦ]�D��.�M��օ>l�x�~@�эW��s�0�F�O�7050U�0�0U#0�rI�s4�U�vr�~w��Ʋ0
	*�H��
��k�Y�1�����rr��`H��U�{�g��ap�m¥7؝�(V��\uoƑ��lfq�|k�o��!6-���	��-mƃR����������t��\���~��
orzg,ks�����n�Ν��c)�	~U�1��0��0��0��10	UZA10UWestern Cape10UDurbanville10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 1999.9.16L"0	+���0	*�H��
	1	*�H��
0	*�H��
	1
010725212706Z0#	*�H��
	1���0��Z-A�t��D]���0R	*�H��
	1E0C0
*�H��
0*�H��
�0+0
*�H��
@0
*�H��
(0
	*�H��
��w|u��������925����w�IZ��mj���/�Q��&�^�@
0
��~Ee%�2O!z.�@$P�t�=6��B�)�I>ԫ��)�6,>ʫ漻�b<!U5,����Zg��s�쩘

help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B5F39AA.95B7580B>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation