Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Sober.I worm is here
From: "Todd Towles" <toddtowles () brookshires com>
Date: Fri, 19 Nov 2004 12:36:52 -0600

It arrives at .doc, .txt and .word? 

Where are you seeing that?

 It can't be very dangerous as a TEXT file. As far as I know it uses the
normal "double extensions" tricks. Any good email filter should pick
this up and you should be fine. Anyone that just clicks on random
attachments in their e-mail and doesn't have anti-virus, should get
infected. 

At least, they are letting someone that knows something use your
computer for something..lol j/k

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Danny
Sent: Friday, November 19, 2004 11:07 AM
To: KF_lists
Cc: etomcat () freemail hu; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Sober.I worm is here

On Fri, 19 Nov 2004 11:22:31 -0500, KF_lists 
<kf_lists () secnetops com> wrote:
can you define "medium sized epidemic"?
Any new features / functionality?

Not too much, except for the fact that it also arrives with 
the following attachment extenstions: .doc, .txt, and .word

Which are not typically blocked by layer 7 aware firewalls. 
Whereas, the biggies .scr, .pif, .exe, .com, .bat, etc., are 
usually blocked.

...D

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]