[Full-Disclosure] RE: new outbreak warning - Bagle

[Gadi Evron]

> Say that a remote user with no desktop firewall and old defs got infected...
> THEN---  the user connects to the core switch..  It's only going to spread 
> with the emails collected off the HD right?
> 
> Because it doesn't exploit another *wndoze vuln it has an .exe payload...?

If it exploited the address book like some of these worms, it wouldn't 
be as big as it is. It scans the HDD locally, causing no net lag and 
uses what it finds.

Its simplicity that gets us every time.

The weakest spot gets by our efforts to stop these things. And this is it.

	Gadi Evron

The Trojan Horses Research Mailing List - http://ecompute.org/th-list