Leeland Heins wrote: > > A little searching on Google shows that those user agent strings > show up in significant numbers all over the web, in people's > user agent logs and guest books. > > My guess is that they are somehow searching for guestbooks > because those often have people's email addresses in them and > are scanning them to build spam lists. I've seen spammers do > that before.
I think you're absolutely right. At this point I am mostly interested in knowing exactly how these programs are being run. Are they used intentionally on a given computer, or is this some kind of trojan/virus/worm that executes without the user's knowledge, and then forwards the harvested email addresses to a server elsewhere? If so, then we might be able to disable the thing altogether by getting the ISP of the destination server to take it down. Also: If I can nail down the particular virus/worm/trojan, then I can give the sysadmin at the ISP concerned much more useful information, e.g. "Hi, it appears that xxx.xxx.xxx.xxx has been hacked by XXXXX worm. Please inform the user and get them to fix it, by going to XXXXX.com". This, as I said before, could even potentially be automated in a small script. Potentially nice little open source project. Thanks again, and once again apologies for bringing this up in the Embperl list. Any other info much appreciated. -Neil --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
