[pmmail-list] newlines in filters? -- Sircam virus/worm
xavier caballe
pmmail-list@blueprintsoftwareworks.com
Mon, 30 Jul 2001 13:06:19 +0200
>SirCam doesn't need to send an executable. It could be a 'data' file
That's absolutely not true. Sircam sends a Win32 .EXE file... Sircam
searchs on the victim hard disk for document files, but the file sent by
mail is an executable (with the data source filename and its contents
attached to it). Sircam it's not a macro virus... It uses the Windows
ability to run a Win32 file despite of its name. Windows can run a Win32
file using its fully qualified filename (Name.Ext) even if the extension
is not .EXE. The Win32 loader checks for its contents.
When the user executes the sircam executable file, it begins the infection
on the computer and then shows the data file to the user (in order to hide
himself).
>when using Windows. A data document can be sent to a Windows user and
>completely alter the operating characteristics of Windows without any
This is true, but it's not the case for Sircam.
>Virus, worms, and trojans are directed at Windows because Windows is
>more vulnerable with a greater number of users.
I believe virus and other malware is targeted to Windows mainly because
there are more Windows boxes than any other OS boxes...
Xavi
---
http://www.quands.com
Portal de seguretat informātica en catalā
- pmmail-list - The PMMail Dicussion List ---------------------------
To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com with the first
line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com