Full Disclosure mailing list archives
RE: new outbreak warning - Bagle
From: "Perrymon, Josh L." <PerrymonJ () bek com>
Date: Mon, 19 Jan 2004 15:46:50 -0600
What am I missing about this worm? How many companies allow *.exe attachments @ the perimeter? Then allow 6777 outbound. I'm speculating that small shops / home users are the largest targets. But *shouldn't* enterprise solutions stop this. Say that a remote user with no desktop firewall and old defs got infected... THEN--- the user connects to the core switch.. It's only going to spread with the emails collected off the HD right? Because it doesn't exploit another *wndoze vuln it has an .exe payload...? -JP -----Original Message----- From: Gadi Evron [mailto:ge () egotistical reprehensible net] Sent: Sunday, January 18, 2004 11:01 PM To: bugtraq () securityfocus com Cc: full-disclosure () lists netsys com Subject: new outbreak warning - Bagle This possible worm outbreak warning was received on TH-Research (The Trojan Horses Research Mailing List) from Moosoft Development (www.moosoft.com) a few hours ago. AV and AT firms have had a few hours to update their databases. Info can be found only on Kaspersky's web page, so far: http://www.viruslist.com/eng/alert.html?id=783050 Let's hope it is stopped before it can do too much damage! This email comes and an heads-up and FYI so you can take measures to stop it. Gadi Evron The Trojan Horses Research Mailing List - http://ecompute.org/th-list _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- new outbreak warning - Bagle Gadi Evron (Jan 18)
- <Possible follow-ups>
- RE: new outbreak warning - Bagle Perrymon, Josh L. (Jan 19)
- Re: RE: new outbreak warning - Bagle Gadi Evron (Jan 19)
- Re: RE: new outbreak warning - Bagle William Warren (Jan 20)
- Re:RE: new outbreak warning - Bagle ITSecurity Officer (Jan 19)