Actually, it is all variants (.A - .D). And more specifically, it iterates through all the host IP addresses looking for an address that does not match: 127.0.0.1 10. 172.16 - 172.31 (inclusive) 192.168. 169.254
Then, using this address it creates a random address (sometimes changing all octets, sometimes just the last three, and sometimes just the last two). ...Eric --- Shawn Cox <[EMAIL PROTECTED]> wrote: > It appears that only .D skips private ranges. I > incorrectly assumed that > the original would do the same. > http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.D&VSect=T > > --Shawn _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
