l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2004 Feb 11 13:08

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Viruses coming from UC Davis.....
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Viruses coming from UC Davis.....

On Wed, Feb 11, 2004 at 10:12:23AM -0800, Mitch Patenaude wrote:
> On Wednesday, Feb 11, 2004, at 09:15 US/Pacific, Gabriel Rosa wrote:
> >I wouldn't say that's the only way you could be getting targeted. My 
> >mail
> >server at home has been getting dictionaried lately.
> >
> >With such a short username, it's entirely possible that someone just 
> >guessed
> >your username at sonic.
> While I've heard of spammers trying dictionary attacks, I've never 
> heard of viruses using it.

MyDoom has a small dictionary of common usernames that it uses. 

A very brief scan of my mail logs shows "john", "maria", "stan",
"jimmy", and "leo". There are dozens of others, but that shows the

> Also, it's unlikely that they would get my initials (mrp) from a 
> dictionary attack, and trying all ~17000 3 letter combinations seems a 
> low yield method, considering so many better techniques exist,  and 
> it's even MORE unlikely that they'd hit that twice within 24 hours from 
> he same machine.

That's true; plus, "mrp" isn't in MyDoom's dictionary, so it must have
been snarfed from a file on the infected machine. 

> However, MANY current viruses (including mydoom.{a,b,c}, which is what 
> I suspect these were) use address books and return addresses from 
> recently received messages, which seems a much more "profitable" method 
> from a virus writers perspective.  I'm hoping that somebody AT UC Davis 
> who recognizes the IP will track down the machine and patch it.
>   -- Mitch
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

Samuel Merritt
OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc
Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/

Attachment: pgp00011.pgp
Description: PGP signature

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.