Stephen Wilson <[EMAIL PROTECTED]> wrote:
>>
> I was figuring it was something like that but it doesn't look like
> klez. Klez and bigbear (or bugbear, whatever...) are the only email
> worms I have actually seen "in the wild". It just didn't look right
> to me. I figure better to double check with people who have more
> experience.
>
This kind of virus are a potential double pain: one if they catch you or
your users, and another if you have to explain to your users why they
received bounced messages from messages they never sent ;)
Here is a snip from symantec about [EMAIL PROTECTED]:
"In addition, the worm searches the Windows address book, the ICQ
database, and local files (such as .html and text files) for email
addresses. The worm sends an email message to these addresses with itself as
an attachment. The worm contains its own SMTP engine and attempts to guess
at available SMTP servers.
The subject line, message bodies, and attachment file names are random. The
from address is randomly chosen from email addresses that the worm finds on
the infected computer.
NOTES:
Because this worm does use a randomly chosen address that it finds on an
infected computer as the "From:" address, numerous cases have been reported
in which users of uninfected computers receive complaints that they have
sent an infected message to someone else"
(http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED])
Regards,
Leonardo
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
