From: Jon Hanna (jon@hackcraft.net)
Date: Fri Apr 23 2004 - 09:50:54 EDT
Quoting Marco Cimarosti <marco.cimarosti@essetre.it>:
> Antoine Leca wrote:
> > The virus cannot have any knowledge of a language code. And
> > much less of the language used by its next victim...
>
> It sends e-mails to addresses stolen from the previous victim's address
> list, so it can analyze the top-level domain of these addresses (".it",
> ".fr", etc.). Although, strictly speaking, these domains normally correspond
> to *country* codes, they are a pretty good hint of the language of the next
> victim.
An extremely good hint given that the goal is to infect as many machines as
possible as quickly as possible, anything that gets more than 50% accuracy
should be considered a successful approach in that context.
If the authorities find the author I doubt the robustness of the
content-language heuristic will be top of the list of things they want to
discuss.
-- Jon Hanna <http://www.hackcraft.net/> "…it has been truly said that hackers have even more words for equipment failures than Yiddish has for obnoxious people." - jargon.txt
This archive was generated by hypermail 2.1.5 : Fri Apr 23 2004 - 11:25:33 EDT