[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200406191058.i5JAwTu15733@netsys.com>
From: larry at larryseltzer.com (Larry Seltzer)
Subject: RE: Spam Solution
>>Correct me if I'm wrong. One worm some time ago even _asked_ users to enter their SMTP
AUTH credentials. And it spread quite well. Attach a spam engine and reduce its
spreading rate to stay under the AV radar as long as possible and you're set.
>>Was it SWEN? Or one of the encrypted ZIP thingies? I can't remember but it happened.
Yes, you are thinking of Swen, but it doesn't do what you suggest. It asks you for SMTP
and POP3 server and login info, but it uses them to access your POP3 server. It's a
weird story; see
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html for details
and screen shots.
Of course, they could ask you for your SMTP credentials too, but this doesn't worry me
too much.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer@...fdavis.com
Powered by blists - more mailing lists