| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1074532365.25704.27.camel@chilly> From: dave at 0dayspray.com (David Maynor) Subject: Bagle worm status + more blocking information No cap yet, I just started seeing the email come in this morning so it shouldn't be long. On Mon, 2004-01-19 at 11:23, Donahue, Pat wrote: > Anyone have a packet capture? > > -----Original Message----- > From: Gadi Evron [mailto:ge@...tistical.reprehensible.net] > Sent: Monday, January 19, 2004 3:45 PM > To: bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com > Subject: [Full-Disclosure] Bagle worm status + more blocking information > > > Although some AV firms web pages still call this a "not so serious" > threat, the latest checks and cross-checks between vendors which are > members of TH-Research (The Trojan Horses Research Mailing List) > conclude that this is a serious Outbreak. > > I believe new threat levels will be posted tomorrow morning, but it is > no longer a *possible* outbreak, it is BIG. > > > New information on the worm: > > Status of the web pages this worm tries to connect to is still unclear. > > Some vendors report it downloading a certain Trojan, but we see no > information on that so far since the web pages status is still unclear, > as mentioned. > > Mcafee also reports it listening on port 6777. > > The worm tries to connect to the following hacked box: 151.201.0.39. > > Finally now all AV products "speak" of this worm. > Response times for detecting/cleaning/webpages updates were not so good. > > As I mentioned earlier, Kaspersky and The Cleaner (MooSoft) were the > noticeable exceptions. > > FYI. > > Gadi Evron. > > The Trojan Horses Research Mailing List - http://ecompute.org/th-list > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040119/ff7515ca/attachment.bin
Powered by blists - more mailing lists