|
|
|
|
09-24-2005, 06:14 AM
|
#1 |
Bagle blitz unleashed
"Hackers have spammed out multiple new variants of the Bagle Trojan to
millions of email addresses this week. The attacks came in two waves on Monday and Tuesday and forced many anti-virus firms to issue multiple signature updates over a greatly compressed period.' http://www.securityfocus.com/news/11325 Imhotep Imhotep |
|
|
|
09-24-2005, 09:47 AM
|
#2 |
|
Posts: n/a
|
Re: Bagle blitz unleashed
On Sat, 24 Sep 2005 01:14:45 -0400, Imhotep <>
wrote: >"Hackers have spammed out multiple new variants of the Bagle Trojan to >millions of email addresses this week. The attacks came in two waves on >Monday and Tuesday and forced many anti-virus firms to issue multiple >signature updates over a greatly compressed period.' > >http://www.securityfocus.com/news/11325 I believe you remove ALL executable attachments from email rather than scanning them for malware. -- Jim Watt http://www.gibnet.com Jim Watt |
|
|
|
09-24-2005, 02:15 PM
|
#3 |
|
Posts: n/a
|
Re: Bagle blitz unleashed
"Jim Watt" <_way> wrote in message news:... > On Sat, 24 Sep 2005 01:14:45 -0400, Imhotep <> > wrote: > > >"Hackers have spammed out multiple new variants of the Bagle Trojan to > >millions of email addresses this week. The attacks came in two waves on > >Monday and Tuesday and forced many anti-virus firms to issue multiple > >signature updates over a greatly compressed period.' > > > >http://www.securityfocus.com/news/11325 > > I believe you remove ALL executable attachments from email > rather than scanning them for malware. If they're the one's I /think/ they are, then they're packaged as ZIPs. I've been seeing a fairly constant stream (one or two a day). No peaks. Couldn't find the original story at El Reg (they usually attribute), but I did find something interesting: http://www.theregister.co.uk/2005/09..._security_bug/ Fairly standard "arbitrary command" vuln. -- Hairy One Kenobi Disclaimer: the opinions expressed in this opinion do not necessarily reflect the opinions of the highly-opinionated person expressing the opinion in the first place. So there! Hairy One Kenobi |
|
|
|
09-24-2005, 05:16 PM
|
#4 |
|
Posts: n/a
|
Re: Bagle blitz unleashed
On Sat, 24 Sep 2005 10:47:30 +0200, Jim Watt <_way>
wrote: >On Sat, 24 Sep 2005 01:14:45 -0400, Imhotep <> >wrote: > >>"Hackers have spammed out multiple new variants of the Bagle Trojan to >>millions of email addresses this week. The attacks came in two waves on >>Monday and Tuesday and forced many anti-virus firms to issue multiple >>signature updates over a greatly compressed period.' >> >>http://www.securityfocus.com/news/11325 > >I believe you remove ALL executable attachments from email >rather than scanning them for malware. The best advice to average users is to delete all unsolicted email attackments. There are various ways of hiding actual file extensions. Some malware comes as: purtygurl.jpg .exe for one example where spaces are used to hide the .exe extension. Another trick is to use the scrap file extension .SHS which Windows hides: purtygurl.jpg.shs appears in Windows as: purtygurl.jpg and the actual scrap file _ is_ executeable. The same can be done with .SHB files. Perhaps the most powerful piece of social engineering of late has been the malware with a message seeming to come from your ISP containing a attackment which you are encouraged to open. The variations on this theme are amazingly real looking, and it's no wonder average users will unzip and open and Run the attackment. Art http://home.epix.net/~artnpeg Art |
|
|
|
09-24-2005, 05:22 PM
|
#5 |
|
Posts: n/a
|
Re: Bagle blitz unleashed
Jim Watt wrote:
> On Sat, 24 Sep 2005 01:14:45 -0400, Imhotep <> > wrote: > >>"Hackers have spammed out multiple new variants of the Bagle Trojan to >>millions of email addresses this week. The attacks came in two waves on >>Monday and Tuesday and forced many anti-virus firms to issue multiple >>signature updates over a greatly compressed period.' >> >>http://www.securityfocus.com/news/11325 > > I believe you remove ALL executable attachments from email > rather than scanning them for malware. > > -- > Jim Watt > http://www.gibnet.com I do (in a corporate environment), it just makes sense...I guess it is people at home that may not have that option.... Imhitep Imhotep |
|
|
|
09-24-2005, 06:57 PM
|
#6 |
|
Posts: n/a
|
Re: Bagle blitz unleashed
On Sat, 24 Sep 2005 13:15:30 GMT, "Hairy One Kenobi"
<abuse@[127.0.0.1]> wrote: > >"Jim Watt" <_way> wrote in message >news:.. . >> On Sat, 24 Sep 2005 01:14:45 -0400, Imhotep <> >> wrote: >> >> >"Hackers have spammed out multiple new variants of the Bagle Trojan to >> >millions of email addresses this week. The attacks came in two waves on >> >Monday and Tuesday and forced many anti-virus firms to issue multiple >> >signature updates over a greatly compressed period.' >> > >> >http://www.securityfocus.com/news/11325 >> >> I believe you remove ALL executable attachments from email >> rather than scanning them for malware. > >If they're the one's I /think/ they are, then they're packaged as ZIPs. I filter them too and receive them by appointment only  Although zips were a godsend in the days of BBS's they are past their best-by date today. Most of the files I want to receive are already compressed anyway. -- Jim Watt http://www.gibnet.com Jim Watt |
|
|
|
09-24-2005, 07:03 PM
|
#7 |
|
Posts: n/a
|
Re: Bagle blitz unleashed
On Sat, 24 Sep 2005 16:16:14 GMT, Art <> wrote:
>Perhaps the most powerful piece of social engineering of late has >been the malware with a message seeming to come from your ISP >containing a attackment which you are encouraged to open. The >variations on this theme are amazingly real looking, and it's no >wonder average users will unzip and open and Run the attackment. Yeah I got one from 'the support team' at my domain. I got a really neat message from an Ebay user with an address to complain about anything suspicious, the complaint site of course required one to sign in with a username and password ... Not phishy of course -- Jim Watt http://www.gibnet.com Jim Watt |
|
|
|
09-24-2005, 08:01 PM
|
#8 |
|
Posts: n/a
|
Re: Bagle blitz unleashed
From: "Imhotep" <>
| "Hackers have spammed out multiple new variants of the Bagle Trojan to | millions of email addresses this week. The attacks came in two waves on | Monday and Tuesday and forced many anti-virus firms to issue multiple | signature updates over a greatly compressed period.' | | http://www.securityfocus.com/news/11325 | | Imhotep I'll take by Bagle with cream cheese with a side of blintzes  -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm David H. Lipman |
|
|
|
09-25-2005, 02:44 AM
|
#9 |
|
Posts: n/a
|
Re: Bagle blitz unleashed
David H. Lipman wrote:
> From: "Imhotep" <> > > | "Hackers have spammed out multiple new variants of the Bagle Trojan to > | millions of email addresses this week. The attacks came in two waves on > | Monday and Tuesday and forced many anti-virus firms to issue multiple > | signature updates over a greatly compressed period.' > | > | http://www.securityfocus.com/news/11325 > | > | Imhotep > > I'll take by Bagle with cream cheese with a side of blintzes > ummmmm blintzes..... Imhotep |
|
|
 |
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| New releases: Star Wars Re-release, Raymond & PBS blitz: Updated complete downloadable R1 DVD DB & info lists | Doug MacLean | DVD Video | 1 | 10-04-2005 01:59 PM |
| New releases: Unleashed, Monster-In-Law and StewieGriffin: Updated complete downloadable R1 DVD DB and info lists | Doug MacLean | DVD Video | 3 | 07-12-2005 05:58 AM |
| New releases: Pink Panther Blitz, Cry Baby & Titus: Updated complete downloadable R1 DVD DB & info lists | Doug MacLean | DVD Video | 0 | 04-26-2005 05:50 AM |
| Ginger Snaps II: Unleashed | Colin Caulkins | DVD Video | 3 | 04-26-2004 04:01 AM |
| New releases: Fox two pack blitz, WB 3 packs: Updated complete downloadable R1 DVD DB & info lists | Doug MacLean | DVD Video | 0 | 08-19-2003 05:39 AM |
