[Dshield] How does a worm writer send his worm to other victims

Ed Truitt ed.truitt at etee2k.net
Fri Mar 7 16:24:03 GMT 2003

The worm uses its own built-in SMTP server.  I suspect it also contains the
SMTP commands needed to create and then send the email.  About the only way
you could try this out would be to telnet to your server's SMTP port, and
type in the commands and parameters by hand. There are several places you
can find these commands, I have a book called "Open Source Email Security"
which describes the MIME Message Header Fields (including Content-Type), but
I suspect you can find these defined in the relevant RFCs (in this case,
RFC2045 and RFC 2046.)


Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
From: "sasa s" <compu81baby at yahoo.com>
To: <list at dshield.org>
Sent: Friday, March 07, 2003 7:05 AM
Subject: [Dshield] How does a worm writer send his worm to other victims

> How does a worm writer send his worm to other victims?
> For some worms that use exploits
> the worm writer has to change MIME code by himself
> so how does he do that & how does he send it then?
> Is there a software that enables him to do so?
> I want to test my content filter & I don't know how to send the
> mail to test it, because I've to change MIME code by myself so
> how can I send it to my server?
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, and more
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:

More information about the list mailing list