A patch has been available that would fix SirCam *and* most other
address-book viruses for a *year*, and we're still getting hosed by it.
I'm told SirCam doesn't look directly in the address book; instead it
searches for email addresses in stored messages and web cache files.
That is why the IETF discussion list is getting hit harder by it than
Melissa or ILOVEYOU or their ilk caused.
Also, SirCam finds your SMTP server and opens a direct connection to
port 25 of that host, bypassing Outlook spool guards.
CodeRed wakes up in about 47 hours ... I'll bet most of the 300K
machines that got hacked are still unpatched and still infected.
I agree. At least it doesn't cause spew on the IETF list. Speaking
of prevention measures, is there anything in i386 architecture which
can prevetn execution of code on the stack, or is that exclusive to
SPARCitecture?
Cheers,
James