[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Sober.I worm is here
- To: "Danny" <nocmonkey@xxxxxxxxx>, "KF_lists" <kf_lists@xxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] Sober.I worm is here
- From: "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>
- Date: Fri, 19 Nov 2004 12:36:52 -0600
It arrives at .doc, .txt and .word?
Where are you seeing that?
It can't be very dangerous as a TEXT file. As far as I know it uses the
normal "double extensions" tricks. Any good email filter should pick
this up and you should be fine. Anyone that just clicks on random
attachments in their e-mail and doesn't have anti-virus, should get
infected.
At least, they are letting someone that knows something use your
computer for something..lol j/k
> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Danny
> Sent: Friday, November 19, 2004 11:07 AM
> To: KF_lists
> Cc: etomcat@xxxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxx
> Subject: Re: [Full-Disclosure] Sober.I worm is here
>
> On Fri, 19 Nov 2004 11:22:31 -0500, KF_lists
> <kf_lists@xxxxxxxxxxxxx> wrote:
> > can you define "medium sized epidemic"?
> > Any new features / functionality?
>
> Not too much, except for the fact that it also arrives with
> the following attachment extenstions: .doc, .txt, and .word
>
> Which are not typically blocked by layer 7 aware firewalls.
> Whereas, the biggies .scr, .pif, .exe, .com, .bat, etc., are
> usually blocked.
>
> ...D
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html