[RTTY] Educational reading.

To:	<rtty@contesting.com>
Subject:	[RTTY] Educational reading.
From:	edlyn@california.com (Eddie Schneider)
Date:	Wed, 28 Nov 2001 11:35:57 -0800

----- Original Message -----
From: Bill Turner <w7ti@dslextreme.com>
>
> _________________________________________________________
>
> I don't think it's really from Jules.  Look closely and you'll see an
> underscore in front of Jules' address.  All of them I've received so far
> have had the underscore.  It's trying to make you think it's from Jules
> and therefore legitimate.

The worm writes email addresses to the %System%\Protocol.dll file to prevent
multiple emails to the same person. Additionally, the sender's email address
will have the "_" character prepended to it, to prevent replying to infected
mails to warn the sender (eg user@website.com becomes _user@website.com).

http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.ht
ml

Explains it all in great depth. Chau, Eddie.

<Prev in Thread]	Current Thread	[Next in Thread>
[RTTY] Re: virus note - spoke too soon, John Hirth [RTTY] Re: virus note - spoke too soon, Bill Turner [RTTY] Educational reading., Eddie Schneider <= [RTTY] Educational reading., Kok Chen [RTTY] Educational reading., Kok Chen [RTTY] Educational reading., Raj VE6RAJ [RTTY] Educational reading., Jim McDonald [RTTY] Educational reading., Raj VE6RAJ [RTTY] Educational reading., ak0a [RTTY] Educational reading., Bill Turner [RTTY] Jules, WA9ALS - John

Previous by Date:	[RTTY] Re: virus note - spoke too soon, Bill Turner
Next by Date:	[RTTY] another one, Kok Chen
Previous by Thread:	[RTTY] Re: virus note - spoke too soon, Bill Turner
Next by Thread:	[RTTY] Educational reading., Kok Chen
Indexes:	[Date] [Thread] [Top] [All Lists]