Home page logo

nanog logo nanog mailing list archives

Re: Bugbear.b (worm du jour)
From: Eric Anderson <anderson () cs uoregon edu>
Date: Thu, 5 Jun 2003 19:09:46 -0700

Maybe I should clarify:  By "very slowly" I meant that this should spread
significantly more slowly than something which is able to exploit a
vulnerability and start executing as soon as it finds a susceptible host.  If
it's been in the wild for 12 hours without compromising most of the vulnerable
hosts, that's slow relative to what's possible.

Thus spake Jack Bates (jbates () brightok net):


That is a very bad assumption to make. Not all AV software can detect 
the various variations of it yet. In addition, there are many EU's that 
will still run any executable that shows up in their inbox. Many reports 
of the Microsoft Patch scam being used with this one.

It is multi-part mime, so my current stripping methods will protect the 
mailboxes on my system.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]