[ale] question about sobig
Geoffrey
esoteric at 3times25.net
Wed Aug 20 08:40:02 EDT 2003
John Marasco wrote:
> Geoffrey wrote:
>
>> I'm not aware that it pulls addresses from the internet, but pretty
>> sure it does pull them from address books on the infected machines.
>>
>> Where'd you get this quote?
>>
> From the link I posted earlier.
>
> http://www.msnbc.com/news/954470.asp?0cv=CB10
I don't put much faith in the lowly news folks...
> Cert says the same thing but more technically...
>
> http://www.cert.org/current/archive/2003/07/16/archive.html
Note the reference to the extension .wab, which is in fact the Outlook
address book extension. :)
>
> I appologize if this information is incorrect. Technical, it's quite
> easy to pull addresses from many sources on a machine and not simply the
> address book.
See my reference above...
Chances are it's more likely to find an Outlook address book with email
addresses in it then html files, since it's showing up as an email
attachement itself. Most all folks who are reading email have address
books, but few, in the Outlook world, will have html files containing
email addresses.
--
Until later: Geoffrey esoteric at 3times25.net
The latest, most widespread virus? Microsoft end user agreement.
Think about it...
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list