l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 18: A professional photographer's view of Linux
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2004 Feb 11 13:08

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Viruses coming from UC Davis.....
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Viruses coming from UC Davis.....



On Wed, Feb 11, 2004 at 10:12:23AM -0800, Mitch Patenaude wrote:
> On Wednesday, Feb 11, 2004, at 09:15 US/Pacific, Gabriel Rosa wrote:
> >I wouldn't say that's the only way you could be getting targeted. My 
> >mail
> >server at home has been getting dictionaried lately.
> >
> >With such a short username, it's entirely possible that someone just 
> >guessed
> >your username at sonic.
> 
> While I've heard of spammers trying dictionary attacks, I've never 
> heard of viruses using it.

MyDoom has a small dictionary of common usernames that it uses. 

A very brief scan of my mail logs shows "john", "maria", "stan",
"jimmy", and "leo". There are dozens of others, but that shows the
pattern. 

> Also, it's unlikely that they would get my initials (mrp) from a 
> dictionary attack, and trying all ~17000 3 letter combinations seems a 
> low yield method, considering so many better techniques exist,  and 
> it's even MORE unlikely that they'd hit that twice within 24 hours from 
> he same machine.

That's true; plus, "mrp" isn't in MyDoom's dictionary, so it must have
been snarfed from a file on the infected machine. 

> However, MANY current viruses (including mydoom.{a,b,c}, which is what 
> I suspect these were) use address books and return addresses from 
> recently received messages, which seems a much more "profitable" method 
> from a virus writers perspective.  I'm hoping that somebody AT UC Davis 
> who recognizes the IP will track down the machine and patch it.
> 
>   -- Mitch
> 
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

-- 
Samuel Merritt
OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc
Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/

Attachment: pgp00011.pgp
Description: PGP signature



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.