We've has Sales@ hit repeatedly. Not sure if that's cos it's in people's address books or not - there definitely haven't been any e-mails sent out from Sales recently.
Jos -----Original Message----- From: madsaxon [mailto:[EMAIL PROTECTED] Sent: 27 January 2004 18:03 To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] MyDoom Email targets At 09:26 AM 1/27/2004 -0800, Scott Manley wrote: >I've noticed I'm getting a load of messages to my catch all domains with >addresses like [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] - it's highly >unlikely that >this would be part of anyone's address book - is there some mechanism in >the worm to try and propagate to random e-mail within a domain? Yeah, here's a list of the names it can use, from a copy I got and UPX/ROT-13 decoded: sandra linda julie jimmy jerry helen debby claudia brenda anna alice brent adam ted fred jack bill stan smith steve matt dave dan joe jane bob robert peter tom ray mary serg brian jim maria leo jose andrew sam george david kevin mike james michael alex john accoun certific list servntivi support icrosoft admin page the.bat gold-certs cafeste submit not help service privacy somebody nosoft contacts iterating bugs me you your someone anyone nothing nobody noone webmaster postmaster samples info root be_loyal: mozilla There are a lot of interesting strings in this thing. ;-) m5x _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html