> Thats a possibility, but since most worms / virii are disected very > quickly, with detailed descriptions of their inner workings outlined for > anybody who cares to look a wary spammer would be hesitant to device a > mechanism for shipping their bounty of addresses back to themselves for fear > of discovery. What do you mean by VERY QUICKLY? I guess we just missed the point here. What Keith guessed is that a virii/worm like this would produce a huge list of valid email addresses within a few minutes (obviously less than an hour). So, the coder can easily hack some machine (ANY MACHINE), like a linux box on a cable modem, for example, set up a server (perhaps even a MySQL server) and tell his worm to dump the addresses over there. He can stay online for the next hour grabing the data or fetch it all some time later. My guesses is that the sysadm of the hacked box would take more time to find out his system have been compromised, and then it would be too late. ... It looks so easy that I will go deeper: if the coder doesn't want to increase the traffic on the hacked box, he can code his worm to send only a package saying "hi, I'm inffected". Then the coder can grab the IP address, connect to the virii (actually it would look more like a backdoor) and say: "send me my money". Regards, Felipe -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Felipe Franciosi paradoxo networking felipeat_private Brazil http://www.paradoxo.org Porto Alegre - RS Fone: (55)(51) 9806 7387 UIN - 33596050 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This archive was generated by hypermail 2b30 : Thu Mar 07 2002 - 12:13:05 PST