Re: [Full-Disclosure] [Fwd: [TH-research] Dumaru.J/Y Worm - Possible Outbreak]

[Gadi Evron <ge@egotistical.reprehensible.net>]

> Why are yiu suggesting that this is a pssible "outbreak", and what exactly do you mean by that?

Because it is an outbreak, it just isn't clear yet how serious it is and 
since I learned in the army to learn from my mistakes and to be as 
accurate as I can, verifying what I write from different sources, I do 
not wish to "jump the gun".

> Dumaru has been around for a while now, but I'm not aware of it being any particular problem for corporations, and it doesn't really seem to have a payload other than self mailing in environments where a self contained smtp engine can mail out over port 25.

It's a new one.

> Also, why we have a significant problem with nomenclature AV wise in general, these days I have a problem with calling a mass mailer a worm.  Why don't you just call it. Mass mailer?

I try and limit the "terms" I use to the very few and basic. Different 
malware can be called quite a few things, with characteristics of some 
other thingies yet again. But you have a good point there.

> If anyone has curiosity about mass mailer prevalence, www.messagelabs.com/viruseye is a good place to look.

Danke. :)

> Best
>
> Gaby

    Gadi
--
      Gadi Evron,
      ge@linuxbox.org.

The Trojan Horses Research mailing list - http://ecompute.org/th-list

My resume (Hebrew) - http://www.math.org.il/resume.rtf

PGP key for ge@linuxbox.org -
http://vapid.reprehensible.net/~ge/Gadi_Evron.asc
Note: this key is used mainly for files and attachments, I sign email 
messages using:
http://vapid.reprehensible.net/~ge/Gadi_Evron_sign.asc

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html