[thelist] Does my client have the MyDoom virus?

Anthony Baratta anthony at baratta.com
Fri Jan 30 12:59:19 CST 2004

At 10:39 AM 1/30/2004, Joshua Olson wrote:

>The only scenario I could think of would be that a mutual acquaintance has
>the virus and it picked my client randomly as the sender from their address
>book.  Does that seem consistent with MyDoom?

Yup. Six degrees of separation.

Also - the MyDoom trojan scans multiple files types for email addresses. 
I'm seeing infected email coming in from addresses that are only on my web 
pages which means it's harvesting from web caches.

Via the headers you can usually find the IP address of the sender because 
the MyDoom trojan has it's own internal SMTP service. You can then compare 
that to your mail archives to see if someone else has sent you mail with 
that IP in the header - might be able to identify them that way. If it's a 
static IP, then a note to their ISP could help too.

Anthony Baratta
Keyboard Jockeys

"Conformity is the refuge of the unimaginative."

More information about the thelist mailing list