[Dshield] Friendgreetings.com mass emailer

Russell Washington russ.washington at vaultsentry.com
Fri Oct 25 15:09:20 GMT 2002


Craig nailed it, that's the one.  Symantec now has a doc up too:

http://securityresponse.symantec.com/avcenter/venc/data/friendgreetings.html

Truth is that these companies can call it non-malicious all they want.
Anything that masquerades itself as coming from someone else to facilitate
propagation and mail-bombs contact lists is definitely treading in
wormspace... and I'll bet this thing does a lot more than what the EULA
authorizes although I have nothing to back that up.  We're thinking over
here that the email addresses it pulls are probably getting culled for
resale and reuse.

But that's another discussion.  For anyone looking to extract this thing
from their systems, good luck.  We're nuking the two boxes we found it on
because we can't verify their integrity.

"It's not a virus, it's not a worm... because it has a EULA" :)

-----Original Message-----
From: Tom Liston [mailto:tliston at premmag.com] 
Sent: Friday, October 25, 2002 6:47 AM
To: list at dshield.org
Subject: Re: [Dshield] Friendgreetings.com mass emailer


Could it be something like this?

http://www.theregister.co.uk/content/55/27782.html

On 24 Oct 2002 at 15:02, Russell Washington wrote:

> We've been researching an item that "landed" in an end-user's inbox 
> this morning.  Given the lack of information on this mass emailer I 
> thought I should get some more seasoned eyes on it.  Here's the dump 
> of information I have to date.  Symantec is aware of this item but (at 
> least when we talked
---- >8 ---- Snip! 

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list