Full Disclosure mailing list archives
Re: RE: new outbreak warning - Bagle
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 20 Jan 2004 00:28:12 -0800
Say that a remote user with no desktop firewall and old defs got infected...THEN--- the user connects to the core switch.. It's only going to spread with the emails collected off the HD right?Because it doesn't exploit another *wndoze vuln it has an .exe payload...?
If it exploited the address book like some of these worms, it wouldn't be as big as it is. It scans the HDD locally, causing no net lag and uses what it finds.
Its simplicity that gets us every time.
The weakest spot gets by our efforts to stop these things. And this is it.
Gadi Evron
The Trojan Horses Research Mailing List - http://ecompute.org/th-list
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- new outbreak warning - Bagle Gadi Evron (Jan 18)
- <Possible follow-ups>
- RE: new outbreak warning - Bagle Perrymon, Josh L. (Jan 19)
- Re: RE: new outbreak warning - Bagle Gadi Evron (Jan 19)
- Re: RE: new outbreak warning - Bagle William Warren (Jan 20)
- Re:RE: new outbreak warning - Bagle ITSecurity Officer (Jan 19)