Results 1 to 2 of 2

Thread: M$ Exchange immuned from MyParty worm...

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Cool M$ Exchange immuned from MyParty worm...

    In the somewhat calm wake of the MyParty virus, security experts have considered the possibility that, for once, users of Microsoft Exchange servers may have been better off.

    A discussion thread on the Virus Focus mailing list suggested that the reason the MyParty virus and its subsequent variant didn't have a high spread ratio is because it couldn't propagate via Exchange servers.

    According to research, the virus uses SMTP commands like 'HELO' and 'RCPT TO' to propagate itself, but Exchange doesn't use these commands when communicating with an Outlook email client.

    Also, MyParty uses non-RFC (request for comments) compliant control characters to end its lines, which Exchange doesn't support either.

    Although there is some argument that the worm's built in SMTP engine could still allow it to mail itself out via Exchange, the second point still cripples its propagation ability.

    "If this is true, then every copy of MyParty is being sent out from non-Exchange servers. It seems hard to believe that we have the first major email worm in the last three years where Exchange users were actually better off than everybody else," read one posting to the newsgroup from IT director Roger Grimes.

    http://www.vnunet.com/News/1128834



    Wow.. isnt this ironic?? lolz!

  2. #2
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Cool M$ Exchange immuned from MyParty worm...

    In the somewhat calm wake of the MyParty virus, security experts have considered the possibility that, for once, users of Microsoft Exchange servers may have been better off.

    A discussion thread on the Virus Focus mailing list suggested that the reason the MyParty virus and its subsequent variant didn't have a high spread ratio is because it couldn't propagate via Exchange servers.

    According to research, the virus uses SMTP commands like 'HELO' and 'RCPT TO' to propagate itself, but Exchange doesn't use these commands when communicating with an Outlook email client.

    Also, MyParty uses non-RFC (request for comments) compliant control characters to end its lines, which Exchange doesn't support either.

    Although there is some argument that the worm's built in SMTP engine could still allow it to mail itself out via Exchange, the second point still cripples its propagation ability.

    "If this is true, then every copy of MyParty is being sent out from non-Exchange servers. It seems hard to believe that we have the first major email worm in the last three years where Exchange users were actually better off than everybody else," read one posting to the newsgroup from IT director Roger Grimes.

    http://www.vnunet.com/News/1128834



    Wow.. isnt this ironic?? lolz!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •