|
-
January 19th, 2004, 03:49 PM
#11
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
January 20th, 2004, 11:39 AM
#12
BTW: I didn't say earlier .. THANK YOU MsMittens for the information.. It was very timely..
Certainly helped here (well to help customers that is)
Cheers
<edit> Noticed a local news report regarding this worm. Advice to Computer Users..
"Don't open emails ending in .exe"
"don't open emails with attachments"
ho hum.. can't even read the script?.. couldn't read/understand the press release from CA.. (good onya Ten Network Australia.. reaffirmed my oppinion of aussi media)
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
January 20th, 2004, 10:23 PM
#13
Yes MsMittens, thank you for the heads up. This one is receiving a fair amount of media attention, I've heard a few of the DJ's on the radio here at work mention it as well as being the subject of many Internet news sites.
We just caught our first instance of being sent this a few minutes ago - I was a little surprised that it hadn't shown up here yet... Caught and quarantined at the mail server of course 
-
January 21st, 2004, 07:48 AM
#14
The worm opens port 6777 to listen for commands. The backdoor function allows the attacker to download files and execute commands on the infected computer.
Great another toy for spammers and script kiddies to play with. 
-
January 21st, 2004, 08:13 PM
#15
Just received on Full Disclosure. Might be of benefit for some here:
Mail from Joe Stewart <jstewart@lurhq.com>
If you can't wait till January 28, Bagle has a remote uninstall command
which can be sent over port 6777, the port also used to upload the
second stage.
For instance, using perl and netcat, you could send the uninstall
command with the one-liner below:
PHP Code:
perl -e 'print "\x43\xff\xff\xff\x00\x00\x00\x00\x0412\x00"' \
| nc infected_host_IP 6777
When the command bytes above are received by an infected host, the virus
will exit and delete its executable (using a batch script after the
fact). The registry keys are not removed.
-Joe
-
January 22nd, 2004, 12:21 AM
#16
http://msn-cnet.com.com/2100-7349_3-...6&tag=msn_home
Looks like it's starting to calm down a little bit.
program's blueprint is similar to that of the Sobig virus, which started attacking computers a year ago. Like Sobig, Bagle uses its own home-brewed e-mail program to send messages quickly,
In other words, a copycat. The fact that it has it's own e-mail engine is interesting (from a computer forensics standpoint) I didn't know it had that capability...I can hardly wait until they learn to limit the number of packets their malware sends out. Past viri tend to choke themselves before they really get going ( before any body gets wound up... viri writers are already talking about this, I didn't invent it)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
)
Reply With Quote
