Netsky-Q

  • Thread starter Thread starter Stewart Hargrave
  • Start date Start date
S

Stewart Hargrave

Having recieved a dozen or so copies of this worm over the past few
days, I was wondering if it only accessed the infected computer's
address book, or whether it can get addresses directly from emails
that have been saved.
--

Stewart Hargrave

Never wear a hat that has more character than you - Utah Philips


For email, replace 'SpamOnlyToHere' with my name
 
Quoth the raven named Stewart Hargrave:
Having recieved a dozen or so copies of this worm over the past few
days, I was wondering if it only accessed the infected computer's
address book, or whether it can get addresses directly from emails
that have been saved.
Click to expand...

Most of the recent worms do scour the infected computer looking for
addresses in other file. You've just learned why it is important to
forward your jokes by using the BCC: field, and trimming out all those
addresses everyone else left in...
 
Because there's more to the internet than hits alone, Beauregard T.
Shagnasty said:
Quoth the raven named Stewart Hargrave:


Most of the recent worms do scour the infected computer looking for
addresses in other file.
Click to expand...

OK, thanks. In that case I think I may know where they may be coming
from.
You've just learned why it is important to
forward your jokes by using the BCC: field, and trimming out all those
addresses everyone else left in...
Click to expand...

Ah, yes; internet humour. I've heard about it...

--

Stewart Hargrave

Never wear a hat that has more character than you - Utah Philips


For email, replace 'SpamOnlyToHere' with my name
 
Having recieved a dozen or so copies of this worm over the past few
days, I was wondering if it only accessed the infected computer's
address book, or whether it can get addresses directly from emails
that have been saved.
Click to expand...

only asking, but all the virii I get are in the form of spam, they are
very very rarely from somebody I know who is infected

Steve
 
only asking, but all the virii I get are in the form of spam, they are
very very rarely from somebody I know who is infected
Click to expand...
follow up unless its from me - I get 10% virii from a spoofed me
10% from support @ my isp-domain - with different text and payload

Is this a general observation or do I just not appear in many other
people email lists :(


Steve
 
Because there's more to the internet than hits alone, Steve Walton
wrote:
only asking, but all the virii I get are in the form of spam, they are
very very rarely from somebody I know who is infected
Click to expand...


It is, of course, possible that my address has been generated by a
spambot. However, the particular address that it is coming to is
*very* well protected against spam - I have had one single item of
spam in the last 18 months; now I am getting Netsky by the dozen.

There is also a distinctive peculiarity in the way my name has been
mis-spelled that makes me think it has come from a subscriber to a
particular mailing list, but this is only likely if the worm can pick
up addresses from saved emails. Hence my original enquiry.

And, of course, I could be 100% wrong in my conclusions.
--

Stewart Hargrave

Never wear a hat that has more character than you - Utah Philips


For email, replace 'SpamOnlyToHere' with my name
 
Stewart said:
Because there's more to the internet than hits alone, Steve Walton
wrote:


It is, of course, possible that my address has been generated by a
spambot. However, the particular address that it is coming to is
*very* well protected against spam - I have had one single item of
spam in the last 18 months; now I am getting Netsky by the dozen.

There is also a distinctive peculiarity in the way my name has been
mis-spelled that makes me think it has come from a subscriber to a
particular mailing list, but this is only likely if the worm can pick
up addresses from saved emails. Hence my original enquiry.

And, of course, I could be 100% wrong in my conclusions.
--

Stewart Hargrave

Never wear a hat that has more character than you - Utah Philips

For email, replace 'SpamOnlyToHere' with my name
Click to expand...

See "Email Propagation"
on
http://www.f-secure.com/v-descs/netsky_q.shtml

J
 
Quoth the raven named Steve Walton:

These modern worms scour the hard drive, looking for files with email
addresses within. This would include messages / jokes forwarded to
'all your friends' using the TO or CC, and not snipping out the
addresses from the previous forwards.
only asking, but all the virii I get are in the form of spam, they
are very very rarely from somebody I know who is infected
Click to expand...

In my experience, I have never once gotten a spam that had a virus
attached. Spam is Unsolicited *Commercial* Email, and viruses are
generated by your infected friends and others. Please do not confuse
the two terms. Thanks.

Since the FROM is generally spoofed, you surely may not know that
person. It is likely just another address on the infected machine,
which could be your friend.
 
Back
Top