[prev in list] [next in list] [prev in thread] [next in thread]
List: inet-access
Subject: Re: strange Netsky worm behavior
From: up () 3 ! am
Date: 2004-03-16 22:14:56
Message-ID: Pine.BSF.4.44.0403161713550.86387-100000 () richard2 ! pil ! net
[Download RAW message or body]
On Tue, 16 Mar 2004, Steve VanDevender wrote:
> up@3.am writes:
> >
> > Has anyone heard of a worm that gets alias info directly off the server,
> > using qmail specific aliases?
>
> Does anyone ever send mail to this alias from a Windows system? If it's
> stored on a Windows system in some accessible location (such as an
> address book, in a browser cache file, etc.) and that Windows system
> becomes infected, then worm can pick it up.
>
> Have you ever checked whether that "secret" alias actually shows up in
> email headers? Just because you send to it via Bcc:, that doesn't mean
> it won't show up in a Received: header or elsewhere.
It's sent via pine, but I just did a test and the alias DOES show up in
the Delivered-To: header, as others have noted here...I can't believe I
didn't know this :-/
James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
=========================================================================
_______________________________________________
"Eat sushi frequently". - Avi
inet@inet-access.net is the human contact address.
list@inet-access.net is the list posting address.
See below URL for subscribe/unsubscribe and list options:
http://inet-access.net/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic