[!CrackMonkey!] (forw) Detecting Intruders in Linux
Peter Lowe
pgl at yoyo.org
Sun Jun 23 04:54:06 PDT 2002
On Jun 23, dep wrote:
> begin Rick Moen's quote:
> | Quoting Mikael Pawlo (mikael at pawlo.com):
> | > What are the characteristics of SirCams emailing? Where does it
> | > get its addresses?
> |
> | Windows Address Book files and similar files found via the
> | Registry.
>
> which has led me to believe for some time now that there must be
> another address selection mechanism as well -- i've received *way*
> too many of these over the year from people in whose addressbook i
> have no business being.
http://www.sophos.com/virusinfo/analyses/w32sircama.html
The worm contains its own SMTP routine which is used to send
email messages to email addresses found in the Windows address
book and the temporary internet folder, where cached internet
files are kept.
--
Litres of beer drunk in the Czech Republic so far this year: 779800051.67
http://prague.tv/toys/beer/
More information about the Crackmonkey
mailing list