Re: [vox-tech] Viruses coming from UC Davis.....
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox-tech] Viruses coming from UC Davis.....
On Wed, Feb 11, 2004 at 10:12:23AM -0800, Mitch Patenaude wrote:
> On Wednesday, Feb 11, 2004, at 09:15 US/Pacific, Gabriel Rosa wrote:
> >I wouldn't say that's the only way you could be getting targeted. My
> >mail
> >server at home has been getting dictionaried lately.
> >
> >With such a short username, it's entirely possible that someone just
> >guessed
> >your username at sonic.
>
> While I've heard of spammers trying dictionary attacks, I've never
> heard of viruses using it.
MyDoom has a small dictionary of common usernames that it uses.
A very brief scan of my mail logs shows "john", "maria", "stan",
"jimmy", and "leo". There are dozens of others, but that shows the
pattern.
> Also, it's unlikely that they would get my initials (mrp) from a
> dictionary attack, and trying all ~17000 3 letter combinations seems a
> low yield method, considering so many better techniques exist, and
> it's even MORE unlikely that they'd hit that twice within 24 hours from
> he same machine.
That's true; plus, "mrp" isn't in MyDoom's dictionary, so it must have
been snarfed from a file on the infected machine.
> However, MANY current viruses (including mydoom.{a,b,c}, which is what
> I suspect these were) use address books and return addresses from
> recently received messages, which seems a much more "profitable" method
> from a virus writers perspective. I'm hoping that somebody AT UC Davis
> who recognizes the IP will track down the machine and patch it.
>
> -- Mitch
>
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
--
Samuel Merritt
OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc
Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/
Attachment:
pgp00011.pgp
Description: PGP signature
|
