According to Bagle and other worms
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: According to Bagle and other worms

  1. #1

    According to Bagle and other worms

    I was looking around AO and there is (I feel anyway) a surprising increase in threads about people recieving spoofed emails. I am assuming virii search for servers with open SMTP and they can spoof email through that. How do virii find open SMTP servers so efficiently? Why do people leave themselves open to this? Don't they notice mass amounts of traffic going through them.

    -Cheers-

  2. #2
    Senior Member
    Join Date
    Jun 2003
    Posts
    723
    "I am assuming virii search for servers with open SMTP and they can spoof email through"

    They send there own mail its not hard or complicated.
    http://www.google.com/search?q=smtp+...utf-8&oe=utf-8
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

  3. #3
    I mean how do you find one efficiently though.. Lots of IP's that don't support that in any form...

    -Cheers-

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    They contain their own smtp engine (server).

    They don't need to find a relay.. they are their own.

    They just spoof the sender and other parts of the email.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    PM: try this.... from any computer you like with internet access.....

    Telnet <yourisp> 25
    <server response> Blah
    helo ao.com
    <server response> 250 ok Blah
    mail from: pm228@ao.com
    <server response> 250 ok blah
    rcpt to: <your email addy at yourisp>
    <server response> 250 ok Blah
    data
    <server response> 250 ok blah
    this is a test message <enter> . <enter>
    <server response> 250 ok blah
    quit

    You just emulated a virus.

    In fact, if you open a virus in notepad, (assuming it's not encrypted), you can often find just those strings in the virus itself.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    They contain their own smtp engine (server).
    I was trying to do that in a program I was working on lol but I never figured out how. Jinx, how does it determine my ISP? Because I had wanted to have auto alerts via email but I couldn't find a good way to do it, but I figured since virii do it they would be a good place to find/thing to emulate.

    -Cheers-

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    PM: It gets your ISP from your email address that it "harvests" from the infected machine.

    If I have you in my address book and click on a virus it will know your ISP becuase your address is PM8228@ao.com.... thus your isp is ao.com. From there do what I said in my previous post.... every mailserver _has_ to accept mail for it's own domain regardless of the source, (simplified but accept it... ), otherwise there would be no email.... period. thus, what I said to do will work if you contact any valid mailserver in the world and send an email to any valid user within the domain, (again, simplified but accept it).
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    Oh that is if you use outlook though... I am poor and use freemail!

    -Cheers-

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    PM8228 since you insist on being difficult :] , some viruses go threw all cashed html pages and gather all email addresses they also look for the windows address book which many email clients use.

    on your auto-alerter you could try perl using the smtp.pm. makes it real simple or even a bat using one of the many dos emailers or just shell out to it.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    PM:

    Please READ what I said!!!!!

    It gets your ISP from your email address that it "harvests" from the infected machine.
    You will notice that I didn't even mention _YOUR_ operating system let alone _YOUR_ email client. I said "the infected machine".... The infected machine isn't yours it's the other person's who clicked on the damn virus!!!!!!! The virus could give a rats a$$ what client _you_ use or your operating system all of this takes place on someone elses machine.......

    There... Now you made me pissy and I haven't even gone to work yet!!!!!!
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides