nanog mailing list archives
Re: Bugbear.b (worm du jour)
From: Eric Anderson <anderson () cs uoregon edu>
Date: Thu, 5 Jun 2003 19:09:46 -0700
Maybe I should clarify: By "very slowly" I meant that this should spread significantly more slowly than something which is able to exploit a vulnerability and start executing as soon as it finds a susceptible host. If it's been in the wild for 12 hours without compromising most of the vulnerable hosts, that's slow relative to what's possible. Thus spake Jack Bates (jbates () brightok net): [snip]
That is a very bad assumption to make. Not all AV software can detect the various variations of it yet. In addition, there are many EU's that will still run any executable that shows up in their inbox. Many reports of the Microsoft Patch scam being used with this one. It is multi-part mime, so my current stripping methods will protect the mailboxes on my system. -Jack
Current thread:
- Bugbear.b (worm du jour) Eric Anderson (Jun 05)
- Re: Bugbear.b (worm du jour) Jack Bates (Jun 05)
- Re: Bugbear.b (worm du jour) Eric Anderson (Jun 05)
- Re: Bugbear.b (worm du jour) Valdis . Kletnieks (Jun 06)
- Re: Bugbear.b (worm du jour) Jack Bates (Jun 05)