Full Disclosure mailing list archives

RE: viruses being sent to this list

From: "Alerta Redsegura" <alerta () redsegura com>
Date: Mon, 22 Mar 2004 17:59:58 -0500

Gady Evron said:

...but as I am the latest victim of the latest spreading
mechanism for viruses - Full-Disclosure,...


The worm sent in your name is I-Worm.Bagle.n (W32/Bagle.N@mm),
it takes its email addresses from files with the following extensions:
 .wab, .txt, .msg, .htm, .shtm, .stm, .xml, .dbx, .mbx, .mdx, .eml, .nch,
.mmf, .ods, .cfg, .asp, .php, .wsh, .adb, .tbb, .sht, .xls, .oft, .uin,
.cgi, .mht, .dhtm, .jsp

So it is very likely that your email address was picked up automatically by
the worm on the infected machine, with no human intervention whatsoever.

This aside, I understand this list is directed to people with a
knowledge/background/experience in computer security, such that a .pif
attachment whether gets filtered before their email client or otherwise they
are clever enough not to open it.


Regards,


Iñigo Koch
Red Segura

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

viruses being sent to this list Gadi Evron (Mar 22)
- RE: viruses being sent to this list Alerta Redsegura (Mar 22)
- Re: viruses being sent to this list Tobias Weisserth (Mar 22)
  - Re: viruses being sent to this list Gadi Evron (Mar 22)
    - Re: viruses being sent to this list Steve Menard (Mar 22)
    - Re: viruses being sent to this list Troy (Mar 23)
- Re: viruses being sent to this list Nick FitzGerald (Mar 22)
- Re: viruses being sent to this list Byron Copeland (Mar 22)
  - Re: viruses being sent to this list Gadi Evron (Mar 22)
    - Re: viruses being sent to this list Jason Slagle (Mar 22)
    - Re: viruses being sent to this list Collin (Mar 23)
- Re: viruses being sent to this list Gadi Evron (Mar 22)

(Thread continues...)