[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] viruses being sent to this list

To: "Full-Disclosure" <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] viruses being sent to this list
From: "Alerta Redsegura" <alerta@xxxxxxxxxxxxx>
Date: Mon, 22 Mar 2004 17:59:58 -0500

Gady Evron said:

>...but as I am the latest victim of the latest spreading
>mechanism for viruses - Full-Disclosure,...

The worm sent in your name is I-Worm.Bagle.n (W32/Bagle.N@mm),
it takes its email addresses from files with the following extensions:
 .wab, .txt, .msg, .htm, .shtm, .stm, .xml, .dbx, .mbx, .mdx, .eml, .nch,
.mmf, .ods, .cfg, .asp, .php, .wsh, .adb, .tbb, .sht, .xls, .oft, .uin,
.cgi, .mht, .dhtm, .jsp

So it is very likely that your email address was picked up automatically by
the worm on the infected machine, with no human intervention whatsoever.

This aside, I understand this list is directed to people with a
knowledge/background/experience in computer security, such that a .pif
attachment whether gets filtered before their email client or otherwise they
are clever enough not to open it.


Regards,


Iñigo Koch
Red Segura

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] viruses being sent to this list
  - From: Gadi Evron

Prev by Date: Re: [Full-Disclosure] When do exploits get used?
Next by Date: Re: [Full-Disclosure] viruses being sent to this list
Previous by thread: Re: [Full-Disclosure] viruses being sent to this list
Next by thread: Re: [Full-Disclosure] viruses being sent to this list
Index(es):
- Date
- Thread