lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <5E1F351F4AE1D611A7FE00B0D0AB064A02352884@is6b>
Date: Mon, 19 Jan 2004 15:46:50 -0600
From: "Perrymon, Josh L." <PerrymonJ@....com>
To: "'Gadi Evron'" <ge@...tistical.reprehensible.net>,
   bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.netsys.com
Subject: RE: new outbreak warning - Bagle


What am I missing about this worm?  

How many companies allow *.exe attachments @ the perimeter? Then allow 6777
outbound.

I'm speculating that small shops / home users are the largest targets. But
*shouldn't* enterprise 
solutions stop this.


Say that a remote user with no desktop firewall and old defs got infected...
THEN---  the user connects to the core switch..  It's only going to spread 
with the emails collected off the HD right?

Because it doesn't exploit another *wndoze vuln it has an .exe payload...?


-JP

-----Original Message-----
From: Gadi Evron [mailto:ge@...tistical.reprehensible.net]
Sent: Sunday, January 18, 2004 11:01 PM
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.netsys.com
Subject: new outbreak warning - Bagle


This possible worm outbreak warning was received on TH-Research (The 
Trojan Horses Research Mailing List) from Moosoft Development 
(www.moosoft.com) a few hours ago.

AV and AT firms have had a few hours to update their databases.

Info can be found only on Kaspersky's web page, so far:
http://www.viruslist.com/eng/alert.html?id=783050

Let's hope it is stopped before it can do too much damage!

This email comes and an heads-up and FYI so you can take measures to 
stop it.

	Gadi Evron

The Trojan Horses Research Mailing List - http://ecompute.org/th-list

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ