[pmmail-list] newlines in filters? -- Sircam virus/worm

[Kris Sorem Sr]

On Mon, 30 Jul 2001 13:06:19 +0200, xavier caballe wrote:

>>SirCam doesn't need to send an executable. It could be a 'data' file
>
>That's absolutely not true. Sircam sends a Win32 .EXE file... Sircam

What I said is _true_! I _did not_ say that the SirCam worm sent a
'data' file. I said it _could_ send one. Windows is vulnerable to both
executable and data files. That's my point.

>searchs on the victim hard disk for document files, but the file sent by
>mail is an executable (with the data source filename and its contents
>attached to it). Sircam it's not a macro virus... It uses the Windows
>ability to run a Win32 file despite of its name. Windows can run a Win32
>file using its fully qualified filename (Name.Ext) even if the extension
>is not .EXE. The Win32 loader checks for its contents.

I don't need an explanation of what SirCam is. If you took some time to
digest my prior post, you would know that I was addressing Windows
vulnerability in general and _not_ SirCam specifically. I never said
that SirCam is a macro virus. But it _could_ have been one as far as
Windows is concerned.

<snip>

>I believe virus and other malware is targeted to Windows mainly because
>there are more Windows boxes than any other OS boxes...

Windows could have ten times the users it has now and not be targeted.
It's targeted first because it is so _vulnerable_ to attack and then
because any attack can have mega results. If Windows were invulnerable
(or less vulnerable), there would be fewer hackers or pranksters trying
to embarrass Microsoft.
--
JMO, 
/s/~Kris
-------------------------------+------------------------------------------



- pmmail-list - The PMMail Dicussion List ---------------------------
To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com with the first 
line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com