I've noticed I'm getting a load of messages to my catch all domains with addresses like [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] - it's highly unlikely that this would be part of anyone's address book - is there some mechanism in the worm to try and propagate to random e-mail within a domain?
Yeah, here's a list of the names it can use, from a copy I got and UPX/ROT-13 decoded:
sandra linda julie jimmy jerry helen debby claudia brenda anna alice brent adam ted fred jack bill stan smith steve matt dave dan joe jane bob robert peter tom ray mary serg brian jim maria leo jose andrew sam george david kevin mike james michael alex john accoun certific list servntivi support icrosoft admin page the.bat gold-certs cafeste submit not help service privacy somebody nosoft contacts iterating bugs me you your someone anyone nothing nobody noone webmaster postmaster samples info root be_loyal: mozilla
There are a lot of interesting strings in this thing.
;-)
m5x
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
