Re[4]: Spam? (or scam)

[Richard Welty <rwelty@xxxxxxxxxxxxxxx>]

On Thu, 28 Aug 2003 11:57:57 -0500 Ryan Moore <baradium@domain.elided> wrote:
> So what does the worm do after it's termination date?  Does it leave a
> backdoor access or something to the computer so spam messages or
> something?
 
> IE, what does it do to give them the control.

i can't speak to the exact details of sobig, but in network engineering
parlance, they usually set up a program which listens on some less well
known "port" for connections from a controller, having previously signaled
their identity as a compromised host to a central site.

so basically, they wait for "further orders".

richard 
-- 
Richard Welty                                         rwelty@domain.elided
Averill Park Networking                                         518-573-7592
    Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security