[Esd-l] Can anyone confirm that Beagle is successfully trapped?

Peter Hanecak hanecak at megaloman.com
Tue Jan 20 07:18:00 PST 2004


On Tue, 20 Jan 2004, John D. Hardin wrote:

> All:
> I haven't seen it, so I don't know if it uses any tricks that might
> bypass the sanitizer. It sounds like a simple enough .EXE attachment
> attack, but if anyone's actually caught one it'd be nice to have
> confirmation.

if you mean something like that:

>From xxx at yyy.edu Tue Jan 20 16:15:01 2004
Date: Tue, 20 Jan 2004 09:27:22 +0200
From: xxx at yyy.edu
To: zzz at www.com
Subject: Hi

 Test =)
Test, yep.

    [ Part 2: "SECURITY NOTICE" ]


The mail system has removed a file attachment from this message.
The attachment has been discarded.

Please contact your system administrator for details.

Filename: pjtjd.exe


than it looks like sanitizer is working on that Beagle.

I was just starting to wonder that it quite silent recently and right 
after that I received few of those like above. :|


  Peter Hanecak <hanecak at megaloman.com>
  GPG pub.key: http://www.megaloman.com/gpg/hanecak-megaloman.txt

More information about the esd-l mailing list