[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <5E1F351F4AE1D611A7FE00B0D0AB064A02352884@is6b>
Date: Mon, 19 Jan 2004 15:46:50 -0600
From: "Perrymon, Josh L." <PerrymonJ@....com>
To: "'Gadi Evron'" <ge@...tistical.reprehensible.net>,
bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.netsys.com
Subject: RE: new outbreak warning - Bagle
What am I missing about this worm?
How many companies allow *.exe attachments @ the perimeter? Then allow 6777
outbound.
I'm speculating that small shops / home users are the largest targets. But
*shouldn't* enterprise
solutions stop this.
Say that a remote user with no desktop firewall and old defs got infected...
THEN--- the user connects to the core switch.. It's only going to spread
with the emails collected off the HD right?
Because it doesn't exploit another *wndoze vuln it has an .exe payload...?
-JP
-----Original Message-----
From: Gadi Evron [mailto:ge@...tistical.reprehensible.net]
Sent: Sunday, January 18, 2004 11:01 PM
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.netsys.com
Subject: new outbreak warning - Bagle
This possible worm outbreak warning was received on TH-Research (The
Trojan Horses Research Mailing List) from Moosoft Development
(www.moosoft.com) a few hours ago.
AV and AT firms have had a few hours to update their databases.
Info can be found only on Kaspersky's web page, so far:
http://www.viruslist.com/eng/alert.html?id=783050
Let's hope it is stopped before it can do too much damage!
This email comes and an heads-up and FYI so you can take measures to
stop it.
Gadi Evron
The Trojan Horses Research Mailing List - http://ecompute.org/th-list
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists