lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5.0.0.25.2.20040127120128.046e5978@pop3.direcway.com>
From: madsaxon at direcway.com (madsaxon)
Subject: MyDoom Email targets

At 09:26 AM 1/27/2004 -0800, Scott Manley wrote:

>I've noticed I'm getting a load of messages to my catch all domains with 
>addresses like adam@.... joe@.... sandra@.... - it's highly unlikely that 
>this would be part of anyone's address book - is there some mechanism in 
>the worm to try and propagate to random e-mail within a domain?

Yeah, here's a list of the names it can use, from a copy I got
and UPX/ROT-13 decoded:

sandra
linda
julie
jimmy
jerry
helen
debby
claudia
brenda
anna
alice
brent
adam
ted
fred
jack
bill
stan
smith
steve
matt
dave
dan
joe
jane
bob
robert
peter
tom
ray
mary
serg
brian
jim
maria
leo
jose
andrew
sam
george
david
kevin
mike
james
michael
alex
john
accoun
certific
list
servntivi
support
icrosoft
admin
page
the.bat
gold-certs
cafeste
submit
not
help
service
privacy
somebody
nosoft
contacts
iterating
bugs
me
you
your
someone
anyone
nothing
nobody
noone
webmaster
postmaster
samples
info
root
be_loyal:
mozilla

There are a lot of interesting strings in this thing.

;-)

m5x


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ