Full Disclosure mailing list archives
Re: RE: new outbreak warning - Bagle
From: William Warren <hescomingsoon () verizon net>
Date: Tue, 20 Jan 2004 13:49:11 -0500
A large number of enterprises allow exe(at least until blaster) and even allowed netbios into their firewalls(because they did not want to change the defulat exchange prots)..that is how csx and maryland DOT got taken down by blaster..:) this bagel worm could prove quite interesting.
Perrymon, Josh L. wrote:
What am I missing about this worm?How many companies allow *.exe attachments @ the perimeter? Then allow 6777 outbound. I'm speculating that small shops / home users are the largest targets. But*shouldn't* enterprise solutions stop this.Say that a remote user with no desktop firewall and old defs got infected...THEN--- the user connects to the core switch.. It's only going to spread with the emails collected off the HD right?Because it doesn't exploit another *wndoze vuln it has an .exe payload...? -JP -----Original Message----- From: Gadi Evron [mailto:ge () egotistical reprehensible net] Sent: Sunday, January 18, 2004 11:01 PM To: bugtraq () securityfocus com Cc: full-disclosure () lists netsys com Subject: new outbreak warning - BagleThis possible worm outbreak warning was received on TH-Research (The Trojan Horses Research Mailing List) from Moosoft Development (www.moosoft.com) a few hours ago.AV and AT firms have had a few hours to update their databases. Info can be found only on Kaspersky's web page, so far: http://www.viruslist.com/eng/alert.html?id=783050 Let's hope it is stopped before it can do too much damage!This email comes and an heads-up and FYI so you can take measures to stop it.Gadi Evron The Trojan Horses Research Mailing List - http://ecompute.org/th-list _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- May God Bless you and everything you touch.My "foundation" verse: Isaiah 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- new outbreak warning - Bagle Gadi Evron (Jan 18)
- <Possible follow-ups>
- RE: new outbreak warning - Bagle Perrymon, Josh L. (Jan 19)
- Re: RE: new outbreak warning - Bagle Gadi Evron (Jan 19)
- Re: RE: new outbreak warning - Bagle William Warren (Jan 20)
- Re:RE: new outbreak warning - Bagle ITSecurity Officer (Jan 19)