The Worm Speaks!
As shown in Figure 5, Hannibal programmed his worm to send an e-mail after a specified interval of time elapsed. The worm sent the e-mail to an anonymous e-mail account Hannibal owned at a popular free e-mail site on the Internet. The worm's e-mail included the Internet address of the victim machine, as well as a copy of the initial home page of the Web server that was just compromised.
Figure 5 The worm sends e-mail with Web server splash pages.
Mistake #3: The Clarice Commerce Web site was allowed to send outgoing e-mail. For most organizations, an Internet-accessible Web server shouldn't be allowed to send e-mail. All outgoing connections from the web server should be blocked, except responses to Web requests and any other communication with a vital business need, such as database access or management traffic. The firewall and routers protecting a Web server should block all connections other than those explicitly required.