RE: FW: Virus alert

From: "Christian Huitema" <huitema(_at_)windows(_dot_)microsoft(_dot_)com>

...
Yes. Maybe not a full MTA, but definitely enough to format messages and
execute SMTP. ...


What do you mean by "execute SMTP"?  Does it interpret and respond to
SMTP response codes to its SMTP commands or just open a TCP connection
and send a largely constant handful of lines of text before the first
header line?  The samples I've captured have pretty rudimentary SMTP
envelopes.

...
By the way, the worm does not only include its own SMTP service. It
seems to also include its own DNS code, probably in order to get the MX
records of its targets. ...


That would be far more impresssive, although given the many resolver
libraries available, nothing to write home about.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com

<Prev in Thread]	Current Thread	[Next in Thread>
Re: FW: Virus alert, (continued) Re: FW: Virus alert, Tim Chown RE: Virus alert, A. Kremer RE: FW: Virus alert, Christian Huitema Criminals, Keith Moore Re: Criminals, Masataka Ohta Re: Criminals, Valdis . Kletnieks Re: Criminals, Masataka Ohta RE: FW: Virus alert, shogunx RE: FW: Virus alert, Christian Huitema Re: FW: Virus alert, Zefram RE: FW: Virus alert, Vernon Schryver <= RE: FW: Virus alert, Christian Huitema Testing Root A going away, bill

Previous by Date:	RE: FW: Virus alert, Christian Huitema
Next by Date:	Testing Root A going away, bill
Previous by Thread:	Re: FW: Virus alert, Zefram
Next by Thread:	RE: FW: Virus alert, Christian Huitema
Indexes:	[Date] [Thread] [Top] [All Lists]