[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] RE: new outbreak warning - Bagle

To: "Perrymon, Josh L." <PerrymonJ@bek.com>
Subject: Re: [Full-Disclosure] RE: new outbreak warning - Bagle
From: Gadi Evron <ge@linuxbox.org>
Date: Tue, 20 Jan 2004 00:28:12 -0800

Say that a remote user with no desktop firewall and old defs got infected... THEN--- the user connects to the core switch.. It's only going to spread with the emails collected off the HD right?

Because it doesn't exploit another *wndoze vuln it has an .exe payload...?

If it exploited the address book like some of these worms, it wouldn't be as big as it is. It scans the HDD locally, causing no net lag and uses what it finds.

Its simplicity that gets us every time.

The weakest spot gets by our efforts to stop these things. And this is it.

Gadi Evron

The Trojan Horses Research Mailing List - http://ecompute.org/th-list

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] RE: new outbreak warning - Bagle
  - From: "Perrymon, Josh L." <PerrymonJ@bek.com>

Prev by Date: Re: [Full-Disclosure] PHRACK 63 is OUT!
Next by Date: [Full-Disclosure] a method for bypassing cookie restrictions in web browsers
Previous by thread: [Full-Disclosure] RE: new outbreak warning - Bagle
Next by thread: Re: [Full-Disclosure] RE: new outbreak warning - Bagle
Index(es):
- Date
- Thread