IHC/IHC Digest Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[4]: Spam? (or scam)



----- Original Message ----- 
From: "Richard Welty" <rwelty@domain.elided>
To: <ihc@domain.elided>
Sent: Thursday, August 28, 2003 12:36
Subject: Re[4]: Spam? (or scam)


> On Thu, 28 Aug 2003 11:57:57 -0500 Ryan Moore <baradium@domain.elided>
wrote:
> > So what does the worm do after it's termination date?  Does it leave a
> > backdoor access or something to the computer so spam messages or
> > something?
>
> > IE, what does it do to give them the control.
>
> i can't speak to the exact details of sobig, but in network engineering
> parlance, they usually set up a program which listens on some less well
> known "port" for connections from a controller, having previously signaled
> their identity as a compromised host to a central site.
>
> so basically, they wait for "further orders".
>
> richard

In that case, can't the feds decompile the programming to determine what the
central site is to bust the perpetrators?

-Ryan


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.510 / Virus Database: 307 - Release Date: 8/16/03


Home | Archive | Main Index | Thread Index