[ale] question about sobig
John Marasco
john at marasco.net
Wed Aug 20 09:46:02 EDT 2003
I agree although the IE cache could potentially have a lot more email
addresses (of complete strangers) than the address book (web mail
clients, web based newsgroups, etc...).
In any case, I was trying to verify the original assumptions about the
bounced messages. The point is that if you get "bounced messages" it
doesn't mean you have a virus and it could easily be a fools errand to
try and track down how your email got used because of the wide variety
of sources this virus gathers email from.
Geoffrey wrote:
> John Marasco wrote:
>
>> Geoffrey wrote:
>>
>>> I'm not aware that it pulls addresses from the internet, but pretty
>>> sure it does pull them from address books on the infected machines.
>>>
>>> Where'd you get this quote?
>>>
>> From the link I posted earlier.
>>
>> http://www.msnbc.com/news/954470.asp?0cv=CB10
>
>
> I don't put much faith in the lowly news folks...
>
>> Cert says the same thing but more technically...
>>
>> http://www.cert.org/current/archive/2003/07/16/archive.html
>
>
> Note the reference to the extension .wab, which is in fact the Outlook
> address book extension. :)
>
>>
>> I appologize if this information is incorrect. Technical, it's quite
>> easy to pull addresses from many sources on a machine and not simply
>> the address book.
>
>
> See my reference above...
>
> Chances are it's more likely to find an Outlook address book with
> email addresses in it then html files, since it's showing up as an
> email attachement itself. Most all folks who are reading email have
> address books, but few, in the Outlook world, will have html files
> containing email addresses.
>
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list