[Full-Disclosure] RE: new outbreak warning - Bagle
ge at linuxbox.org
Tue Jan 20 08:28:12 GMT 2004
> Say that a remote user with no desktop firewall and old defs got infected...
> THEN--- the user connects to the core switch.. It's only going to spread
> with the emails collected off the HD right?
> Because it doesn't exploit another *wndoze vuln it has an .exe payload...?
If it exploited the address book like some of these worms, it wouldn't
be as big as it is. It scans the HDD locally, causing no net lag and
uses what it finds.
Its simplicity that gets us every time.
The weakest spot gets by our efforts to stop these things. And this is it.
The Trojan Horses Research Mailing List - http://ecompute.org/th-list
Full-Disclosure is hosted and sponsored by Secunia.