nanog mailing list archives
Re: Hi (fwd)
From: Matthew Sullivan <matthew () sorbs net>
Date: Fri, 19 Mar 2004 08:06:45 +1000
william(at)elan.net wrote:
FYI - if you're on windows machine DON'T TRY TO FOLLOW URL in that postSomebody sent me a copy of the content and its vbscript that downloads an image converts it into executable and then probably uses some bug in microshit products to have it executed. I'm not that good with windows scripting so whoever of the security people here wants to see it futher if you can not get it yourself, let me know. Its possible this maybe zombie making virus using nanog to replicate (somebody's sick joke) but possiblyits more general with other lists too. Spammers and virus writers joined together are getting nastier and nastier.
It's another varient of Bagle...My analysis of it is at: http://www.au.sorbs.net/virus.explain.txt - since then Symantec has release it's more detailed explaination under the headings for Bagle.r and Bagle.s
/ Mat
Current thread:
- Re: Hi (fwd) william(at)elan.net (Mar 17)
- Re: Hi (fwd) Steven M. Bellovin (Mar 17)
- Re: Hi (fwd) Suresh Ramasubramanian (Mar 17)
- Re: Hi (fwd) Arnold Nipper (Mar 18)
- Re: Hi (fwd) Colin Neeson (Mar 17)
- Re: Hi (fwd) william(at)elan.net (Mar 17)
- Re: Hi (fwd) Matthew Sullivan (Mar 18)
- <Possible follow-ups>
- RE: Hi (fwd) Thor Larholm (Mar 18)