[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <400CE69C.3030700@linuxbox.org>
Date: Tue, 20 Jan 2004 00:28:12 -0800
From: Gadi Evron <ge@...uxbox.org>
To: "Perrymon, Josh L." <PerrymonJ@....com>
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Re: RE: new outbreak warning - Bagle
> Say that a remote user with no desktop firewall and old defs got infected...
> THEN--- the user connects to the core switch.. It's only going to spread
> with the emails collected off the HD right?
>
> Because it doesn't exploit another *wndoze vuln it has an .exe payload...?
If it exploited the address book like some of these worms, it wouldn't
be as big as it is. It scans the HDD locally, causing no net lag and
uses what it finds.
Its simplicity that gets us every time.
The weakest spot gets by our efforts to stop these things. And this is it.
Gadi Evron
The Trojan Horses Research Mailing List - http://ecompute.org/th-list
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists