Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: viruses being sent to this list
From: "Alerta Redsegura" <alerta () redsegura com>
Date: Mon, 22 Mar 2004 17:59:58 -0500

Gady Evron said:

...but as I am the latest victim of the latest spreading
mechanism for viruses - Full-Disclosure,...

The worm sent in your name is I-Worm.Bagle.n (W32/Bagle.N () mm),
it takes its email addresses from files with the following extensions:
 .wab, .txt, .msg, .htm, .shtm, .stm, .xml, .dbx, .mbx, .mdx, .eml, .nch,
.mmf, .ods, .cfg, .asp, .php, .wsh, .adb, .tbb, .sht, .xls, .oft, .uin,
.cgi, .mht, .dhtm, .jsp

So it is very likely that your email address was picked up automatically by
the worm on the infected machine, with no human intervention whatsoever.

This aside, I understand this list is directed to people with a
knowledge/background/experience in computer security, such that a .pif
attachment whether gets filtered before their email client or otherwise they
are clever enough not to open it.


IƱigo Koch
Red Segura

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]