Thursday, 19. January 2006
Another reason not to use port 25 for message submission
F-Secure reports:
When application in infected system sends data to network [sic], Feebs [the malware being described here] makes some extra checks. If it detects traffic to port 25 (SMTP default port) which looks like e-mail with MIME attachment, it generates the HTA script and injects it in e-mail as extra attachment.
This is a sophisticated trick designed to inject malware into an otherwise legitimate email rather than the usual trick of creating an email specifically for the purpose of delivering malware.
Of course any Notes/Domino shop eschews SMTP completely for message submission and internal transfers, doesn't it? We all use NRPC (TCP:1352) for those things. Right?
Category: Viruses and Worms
Technorati: Viruses and Worms
Comments :
1. Nathan T. Freeman19/01/2006 15:25:51
I do. I've never understood why people do Notes-to-Notes via SMTP. It just seems retarded to me.
2. Simon Barratt20/01/2006 20:48:38
Homepage: http://apps.fmc.com/blog.nsf
Of course we do, why use SMTP for Domino server to server?
Unable to post a comment? Please read this for a possible explanation...
- 
