> From: "Christian Huitema" <huitema@windows.microsoft.com> > ... > Yes. Maybe not a full MTA, but definitely enough to format messages and > execute SMTP. ... What do you mean by "execute SMTP"? Does it interpret and respond to SMTP response codes to its SMTP commands or just open a TCP connection and send a largely constant handful of lines of text before the first header line? The samples I've captured have pretty rudimentary SMTP envelopes. > ... > By the way, the worm does not only include its own SMTP service. It > seems to also include its own DNS code, probably in order to get the MX > records of its targets. ... That would be far more impresssive, although given the many resolver libraries available, nothing to write home about. Vernon Schryver vjs@rhyolite.com