| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <400D2BE9.2070101@jackhammer.org> From: pdt at jackhammer.org (Paul Tinsley) Subject: Bagle worm status + more blocking information Do we know if it respects system proxy settings or attempts direct port 80 access to the websites mentioned by the A/V vendors? Gadi Evron wrote: > Although some AV firms web pages still call this a "not so serious" > threat, the latest checks and cross-checks between vendors which are > members of TH-Research (The Trojan Horses Research Mailing List) > conclude that this is a serious Outbreak. > > I believe new threat levels will be posted tomorrow morning, but it is > no longer a *possible* outbreak, it is BIG. > > > New information on the worm: > > Status of the web pages this worm tries to connect to is still unclear. > > Some vendors report it downloading a certain Trojan, but we see no > information on that so far since the web pages status is still > unclear, as mentioned. > > Mcafee also reports it listening on port 6777. > > The worm tries to connect to the following hacked box: 151.201.0.39. > > Finally now all AV products "speak" of this worm. > Response times for detecting/cleaning/webpages updates were not so good. > > As I mentioned earlier, Kaspersky and The Cleaner (MooSoft) were the > noticeable exceptions. > > FYI. > > Gadi Evron. > > The Trojan Horses Research Mailing List - http://ecompute.org/th-list > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists