[Esd-l] Can anyone confirm that Beagle is successfully trapped?
Peter Hanecak
hanecak at megaloman.com
Tue Jan 20 07:18:00 PST 2004
Hello,
On Tue, 20 Jan 2004, John D. Hardin wrote:
> All:
>
> I haven't seen it, so I don't know if it uses any tricks that might
> bypass the sanitizer. It sounds like a simple enough .EXE attachment
> attack, but if anyone's actually caught one it'd be nice to have
> confirmation.
if you mean something like that:
-------------------------------------------------------------------
>From xxx at yyy.edu Tue Jan 20 16:15:01 2004
Date: Tue, 20 Jan 2004 09:27:22 +0200
From: xxx at yyy.edu
To: zzz at www.com
Subject: Hi
Test =)
fanjggsnlkbkenm
--
Test, yep.
[ Part 2: "SECURITY NOTICE" ]
SECURITY NOTICE:
The mail system has removed a file attachment from this message.
The attachment has been discarded.
Please contact your system administrator for details.
Filename: pjtjd.exe
-------------------------------------------------------------------
than it looks like sanitizer is working on that Beagle.
I was just starting to wonder that it quite silent recently and right
after that I received few of those like above. :|
Peter
--
===================================================================
Peter Hanecak <hanecak at megaloman.com>
GPG pub.key: http://www.megaloman.com/gpg/hanecak-megaloman.txt
===================================================================
More information about the esd-l
mailing list