[vox-tech] Viruses coming from UC Davis.....
Mitch Patenaude
vox-tech@lists.lugod.org
Wed, 11 Feb 2004 10:12:23 -0800
On Wednesday, Feb 11, 2004, at 09:15 US/Pacific, Gabriel Rosa wrote:
> I wouldn't say that's the only way you could be getting targeted. My
> mail
> server at home has been getting dictionaried lately.
>
> With such a short username, it's entirely possible that someone just
> guessed
> your username at sonic.
While I've heard of spammers trying dictionary attacks, I've never
heard of viruses using it.
Also, it's unlikely that they would get my initials (mrp) from a
dictionary attack, and trying all ~17000 3 letter combinations seems a
low yield method, considering so many better techniques exist, and
it's even MORE unlikely that they'd hit that twice within 24 hours from
he same machine.
However, MANY current viruses (including mydoom.{a,b,c}, which is what
I suspect these were) use address books and return addresses from
recently received messages, which seems a much more "profitable" method
from a virus writers perspective. I'm hoping that somebody AT UC Davis
who recognizes the IP will track down the machine and patch it.
-- Mitch