Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Sober.I worm is here

From: "Todd Towles" <toddtowles () brookshires com>
Date: Fri, 19 Nov 2004 12:36:52 -0600
It arrives at .doc, .txt and .word? 

Where are you seeing that?

 It can't be very dangerous as a TEXT file. As far as I know it uses the
normal "double extensions" tricks. Any good email filter should pick
this up and you should be fine. Anyone that just clicks on random
attachments in their e-mail and doesn't have anti-virus, should get
infected. 

At least, they are letting someone that knows something use your
computer for something..lol j/k


-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Danny
Sent: Friday, November 19, 2004 11:07 AM
To: KF_lists
Cc: etomcat () freemail hu; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Sober.I worm is here

On Fri, 19 Nov 2004 11:22:31 -0500, KF_lists 
<kf_lists () secnetops com> wrote:

can you define "medium sized epidemic"?
Any new features / functionality?


Not too much, except for the fact that it also arrives with 
the following attachment extenstions: .doc, .txt, and .word

Which are not typically blocked by layer 7 aware firewalls. 
Whereas, the biggies .scr, .pif, .exe, .com, .bat, etc., are 
usually blocked.

...D

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: