lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <400D7827.1040807@verizon.net>
From: hescomingsoon at verizon.net (William Warren)
Subject: RE: new outbreak warning - Bagle

A large number of enterprises allow exe(at least until blaster) and even 
allowed netbios into their firewalls(because they did not want to change 
the defulat exchange prots)..that is how csx and maryland DOT got taken 
down by blaster..:) this bagel worm could prove quite interesting.

Perrymon, Josh L. wrote:

>What am I missing about this worm?  
>
>How many companies allow *.exe attachments @ the perimeter? Then allow 6777
>outbound.
>
>I'm speculating that small shops / home users are the largest targets. But
>*shouldn't* enterprise 
>solutions stop this.
>
>
>Say that a remote user with no desktop firewall and old defs got infected...
>THEN---  the user connects to the core switch..  It's only going to spread 
>with the emails collected off the HD right?
>
>Because it doesn't exploit another *wndoze vuln it has an .exe payload...?
>
>
>-JP
>
>-----Original Message-----
>From: Gadi Evron [mailto:ge@...tistical.reprehensible.net]
>Sent: Sunday, January 18, 2004 11:01 PM
>To: bugtraq@...urityfocus.com
>Cc: full-disclosure@...ts.netsys.com
>Subject: new outbreak warning - Bagle
>
>
>This possible worm outbreak warning was received on TH-Research (The 
>Trojan Horses Research Mailing List) from Moosoft Development 
>(www.moosoft.com) a few hours ago.
>
>AV and AT firms have had a few hours to update their databases.
>
>Info can be found only on Kaspersky's web page, so far:
>http://www.viruslist.com/eng/alert.html?id=783050
>
>Let's hope it is stopped before it can do too much damage!
>
>This email comes and an heads-up and FYI so you can take measures to 
>stop it.
>
>	Gadi Evron
>
>The Trojan Horses Research Mailing List - http://ecompute.org/th-list
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>  
>

-- 
May God Bless you and everything you touch.

My "foundation" verse: 
Isaiah 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ