Worms and SMTP email

Discussion in 'malware problems & news' started by Rmus, Oct 6, 2005.

Thread Status:
Not open for further replies.
  1. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Many worms use their own SMTP email engine to propagate.

    I have never found a good description of how a worm's self-contained SMTP engine works to send out email.

    If it's like a normal SMTP server, it must have to connect out through a port - I understand, SMTP normally uses port 25.

    So, if a firewall is configured correctly, it seems to me that the worm would be stuck within that computer and not be able to connect out.

    If that's not correct, could someone explain in detail exactly how a worm's email actually connects out?

    thanks,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  2. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Rmus,

    Programs do not necessarily have to use the standard port 25 for SMTP.
    There are mass mailer programs that can use other ports as well.
    I would assume that malware can do the same and use any arbitrary port it wants.
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Then your firewall should block these attempts to arbitrary ports, true?

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  4. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Yes, a properly configured firewall will alert and/or block these attempts.
     
Loading...
Thread Status:
Not open for further replies.