lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <NHBBKOKFNKAIECDLOKDCEELHEJAA.alerta@redsegura.com>
From: alerta at redsegura.com (Alerta Redsegura)
Subject: viruses being sent to this list

Gady Evron said:

>...but as I am the latest victim of the latest spreading
>mechanism for viruses - Full-Disclosure,...

The worm sent in your name is I-Worm.Bagle.n (W32/Bagle.N@mm),
it takes its email addresses from files with the following extensions:
 .wab, .txt, .msg, .htm, .shtm, .stm, .xml, .dbx, .mbx, .mdx, .eml, .nch,
.mmf, .ods, .cfg, .asp, .php, .wsh, .adb, .tbb, .sht, .xls, .oft, .uin,
.cgi, .mht, .dhtm, .jsp

So it is very likely that your email address was picked up automatically by
the worm on the infected machine, with no human intervention whatsoever.

This aside, I understand this list is directed to people with a
knowledge/background/experience in computer security, such that a .pif
attachment whether gets filtered before their email client or otherwise they
are clever enough not to open it.


Regards,


I?igo Koch
Red Segura


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ