[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] RE: Spam Solution

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] RE: Spam Solution
From: "Larry Seltzer" <larry@xxxxxxxxxxxxxxxx>
Date: Sat, 19 Jun 2004 06:57:05 -0400

>>Correct me if I'm wrong. One worm some time ago even _asked_ users to enter 
>>their SMTP
AUTH credentials. And it spread quite well. Attach a spam engine and reduce its
spreading rate to stay under the AV radar as long as possible and you're set.
>>Was it SWEN? Or one of the encrypted ZIP thingies? I can't remember but it 
>>happened. 

Yes, you are thinking of Swen, but it doesn't do what you suggest. It asks you 
for SMTP
and POP3 server and login info, but it uses them to access your POP3 server. 
It's a
weird story; see
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@xxxxxxx for 
details
and screen shots.

Of course, they could ask you for your SMTP credentials too, but this doesn't 
worry me
too much. 

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer@xxxxxxxxxxxxx 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] RE: Spam Solution
  - From: Valdis . Kletnieks

References:
- [Full-Disclosure] RE: Spam Solution
  - From: Max Mustermann

Prev by Date: [Full-Disclosure] [SECURITY] [DSA 521-1] New sup packages fix format string vulnerabilities
Next by Date: Re: [Full-Disclosure] Re: USB risks (continued)
Previous by thread: [Full-Disclosure] RE: Spam Solution
Next by thread: Re: [Full-Disclosure] RE: Spam Solution
Index(es):
- Date
- Thread