[thelist] Does my client have the MyDoom virus?
Anthony Baratta
anthony at baratta.com
Fri Jan 30 12:59:19 CST 2004
At 10:39 AM 1/30/2004, Joshua Olson wrote:
>The only scenario I could think of would be that a mutual acquaintance has
>the virus and it picked my client randomly as the sender from their address
>book. Does that seem consistent with MyDoom?
Yup. Six degrees of separation.
Also - the MyDoom trojan scans multiple files types for email addresses.
I'm seeing infected email coming in from addresses that are only on my web
pages which means it's harvesting from web caches.
Via the headers you can usually find the IP address of the sender because
the MyDoom trojan has it's own internal SMTP service. You can then compare
that to your mail archives to see if someone else has sent you mail with
that IP in the header - might be able to identify them that way. If it's a
static IP, then a note to their ISP could help too.
---
Anthony Baratta
President
Keyboard Jockeys
"Conformity is the refuge of the unimaginative."
More information about the thelist
mailing list