On Tue, 24 Jan 2006 18:35:08 +0100, "ad@xxxxxxxxxxxxxxxx" said: > "The worm has an interesting feature. When it infects a computer it > opens a web browser on a certain webpage. This increments the counter > on that webpage." > no much informations about this ? There are zillions of "You are visitor number NNNN to this page since.." scripts for people to put on their web pages. The worm makes an HTTP connection to the URL. The *interesting* question is whether it's possible to use this to count the *actual* number of affected machines by excluding all the rubberneckers that are visiting the page and hitting "refresh" to see the numbers go up. Maybe by looking at the Referer or User-Agent values?
Attachment:
pgptMgQV2huLX.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/