No cap yet, I just started seeing the email come in this morning so it shouldn't be long. On Mon, 2004-01-19 at 11:23, Donahue, Pat wrote: > Anyone have a packet capture? > > -----Original Message----- > From: Gadi Evron [mailto:ge@egotistical.reprehensible.net] > Sent: Monday, January 19, 2004 3:45 PM > To: bugtraq@securityfocus.com; full-disclosure@lists.netsys.com > Subject: [Full-Disclosure] Bagle worm status + more blocking information > > > Although some AV firms web pages still call this a "not so serious" > threat, the latest checks and cross-checks between vendors which are > members of TH-Research (The Trojan Horses Research Mailing List) > conclude that this is a serious Outbreak. > > I believe new threat levels will be posted tomorrow morning, but it is > no longer a *possible* outbreak, it is BIG. > > > New information on the worm: > > Status of the web pages this worm tries to connect to is still unclear. > > Some vendors report it downloading a certain Trojan, but we see no > information on that so far since the web pages status is still unclear, > as mentioned. > > Mcafee also reports it listening on port 6777. > > The worm tries to connect to the following hacked box: 151.201.0.39. > > Finally now all AV products "speak" of this worm. > Response times for detecting/cleaning/webpages updates were not so good. > > As I mentioned earlier, Kaspersky and The Cleaner (MooSoft) were the > noticeable exceptions. > > FYI. > > Gadi Evron. > > The Trojan Horses Research Mailing List - http://ecompute.org/th-list > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Attachment:
signature.asc
Description: This is a digitally signed message part