Full Disclosure mailing list archives
Re: Who should i contact?
From: Joe Stewart <jstewart () lurhq com>
Date: Wed, 5 Jul 2006 08:48:34 -0400
On Wednesday 05 July 2006 04:09, screwedbytaxes () hushmail com wrote:
I've already asked the tax filing company for more information about any breaches they may have suffered and what other information may have been exposed. They asked for the source emails, which I provided, and I have not heard back. This was over a week ago. What should I do? What would you do?
Several Bagle variants have a function to collect email addresses from files on the infected system and upload them to the author for later spamming. This could be one potential vector for such a breach. However, before you go busting the filing company, are you sure that none of your own systems (which may have contained these addresses in an address book or a browser cache) were infected by Bagle at some point? -Joe _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Who should i contact? screwedbytaxes (Jul 05)
- Re: Who should i contact? Cardoso (Jul 05)
- Re: Who should i contact? Joe Stewart (Jul 05)
- Re: Who should i contact? Valdis . Kletnieks (Jul 05)
- Re: Who should i contact? H D Moore (Jul 05)
- <Possible follow-ups>
- Re: Who should i contact? screwedbytaxes (Jul 05)