Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: WORM_MIMAIL.A Anyone have any info on what this does yet?
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: WORM_MIMAIL.A Anyone have any info on what this does yet?
  • From: Alex 'CAVE' Cernat <[EMAIL PROTECTED]>
  • Date: Mon, 4 Aug 2003 18:57:06 +0300
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
.
 
On Mon, 4 Aug 2003 09:53:53 -0400
"att13543" <[EMAIL PROTECTED]> wrote:

> I'd be interested if anyone can correlate what I've seen:  we have 2
> MX records, one weighted at 10 (primary) and one at 20 (secondary). 
> Of the 200 or so MiMail's we've seen 100% have come through our
> SECONDARY mail server.  Maybe the SMTP engine was written poorly, or
> maybe it was this way on purpose?

if the virus send emails throught local smtp connection, it's a dns
problem;
but if the virus connects directly to the 'backup' smtp server, then,
lamerish, the virus programmer probably believed that bigger value
associated with mx meens 'prefered server', which is the exactly
opposite as the rfc or any documentation available :-)

Alex

---------------------------------------------------------------------------
----------------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.