RE: new outbreak warning - Bagle

["Perrymon, Josh L." <PerrymonJ () bek com>]

What am I missing about this worm?  

How many companies allow *.exe attachments @ the perimeter? Then allow 6777
outbound.

I'm speculating that small shops / home users are the largest targets. But
*shouldn't* enterprise 
solutions stop this.


Say that a remote user with no desktop firewall and old defs got infected...
THEN---  the user connects to the core switch..  It's only going to spread 
with the emails collected off the HD right?

Because it doesn't exploit another *wndoze vuln it has an .exe payload...?


-JP

-----Original Message-----
From: Gadi Evron [mailto:ge () egotistical reprehensible net]
Sent: Sunday, January 18, 2004 11:01 PM
To: bugtraq () securityfocus com
Cc: full-disclosure () lists netsys com
Subject: new outbreak warning - Bagle


This possible worm outbreak warning was received on TH-Research (The 
Trojan Horses Research Mailing List) from Moosoft Development 
(www.moosoft.com) a few hours ago.

AV and AT firms have had a few hours to update their databases.

Info can be found only on Kaspersky's web page, so far:
http://www.viruslist.com/eng/alert.html?id=783050

Let's hope it is stopped before it can do too much damage!

This email comes and an heads-up and FYI so you can take measures to 
stop it.

        Gadi Evron

The Trojan Horses Research Mailing List - http://ecompute.org/th-list

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html