Home page logo

fulldisclosure logo Full Disclosure mailing list archives

URLs used by W32/MyDoom-O (aka .AX, .BB) to query search engines?
From: Alain Fauconnet <alain () ait ac th>
Date: Fri, 18 Feb 2005 08:01:27 +0700

Hello List,

Does anyone have a list of query URLs used by W32/MyDoom-O
(Sophos name: http://www.sophos.com/virusinfo/analyses/w32mydoomo.html)
to dig e-mail addresses from search engines?

Are these specific enough that there's a chance to catch them in the
config of a web proxy (e.g. Squid) and avoid being "blacklisted" by
the search engines? (seems to me that Google temporarily blacklists
IPs that drown them under such requests)

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]