this one also spreads via network shares, then creates an AT job that will
run itself on the 59th minute of every hour to further propigate.
very worm like if you ask me.
exibar
----- Original Message -----
From: "Dude VanWinkle" <dudevanwinkle@gmail.com>
To: "Gadi Evron" <ge@linuxbox.org>
Cc: <funsec@linuxbox.org>; <full-disclosure@lists.grok.org.uk>;
<bugtraq@securityfocus.com>
Sent: Tuesday, January 24, 2006 1:52 PM
Subject: Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay
February3rd (Snort signatures included)
On 1/24/06, Gadi Evron <ge@linuxbox.org> wrote:
now known as the TISF BlackWorm task force.
Why do you call a .scr you have to manually install a "worm"? Why not
"BlackVirus"
the worm moniker is very misleading (actually got me worried for a
sec). The "email worm" is also misleading, because it only propagates
through port 25, but that is not the point of entry. The point of
entry is the user running a visual basic script _willingly_.
Just so I know, what would you guys classify a real worm (blaster,
slammer, nimda, etc) as? Or would you just call it an "internet worm"
instead of an "email worm" and leave it at that?
thanks for the mis-info,
-JP
"still love ja tho"
-JP
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
