[RC5] Virus alert !

Andrew MacKenzie andy at edespot.com
Fri Oct 11 14:59:21 EDT 2002


After *any* intrusion, compromise, or virus/worm has been on your system
it's probably a good idea to change your passwords.  Actually, unless you
know *exactly* what the worm did you wouldn't want to trust your system at
all anymore.

But that's for the truly paranoid.  :-)

+++ waldo kitty [dnet] [Fri, Oct 11, 2002 at 11:18:14AM -0400]:
> 
> yup, did that... and its only passwords for the "outside", as i
> understand it... anything you access on the internet (yahoo, lycos,
> hotmail, etc) as well as your ISP logon and email password... do you
> concur for a w98se box?  yes, NT/2000/XP are a bit different but if no
> netbios is allowed to pass to the internet, is it safe without changing
> the local passwords, taking into account the same stuff as above?
> 
> Scott Dodson wrote:
> > 
> > On 10-Oct-2002, waldo kitty wrote:
> > >
> > > you can rely on the TOPmost received line to tell where the mail came
> > > from to your mail server... i didn't say anything about the originating
> > > machine or user... sorry, yes, maybe "sender" might imply that but that
> > > is not what i was attempting to imply... in any case, with bugbear, it
> > > uses its own SMTP engine and since it is located on the infected user's
> > > machine, guess what info you do have at hand <<wink>>
> > >
> > > BTW: i surprised one of my old clients yesterday when i called them 5
> > > minutes after they deleted a "wierd" email... i called them because
> > > their machine had just sent me bugbear... i recognised the name of the
> > > machine and the ip number... let's just say that they were very shocked
> > > and surprised that i was able to tell that from the email headers...
> > > they admitted that their machine was behaving strangly in those last few
> > > minutes and i was able to pick up a quick clean up job since they were
> > > unable to do anything much with bugbear running...
> > 
> > Be sure to tell them to make sure none of the passwords associated with
> > that machine are valid anymore.  Bugbear captures passwords.  Rather nasty.
> > :(
> > 
> > --
> > 
> > Scott Dodson            PGP KEY id 0x5F9A9E5E
> > sdodson at sdodson.com     sdodson at distributed.net
> > --
> > To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
> > rc5-digest subscribers replace rc5 with rc5-digest
> 
> -- 
>        _\/
>       (@@)                      Waldo Kitty, Waldo's Place USA
> __ooO_( )_Ooo_____________________ telnet://bbs.wpusa.dynip.com
> _|_____|_____|_____|_____|_____|_____ http://www.wpusa.dynip.com
> ____|_____|_____|_____|_____|_____|_____ ftp://ftp.wpusa.dynip.com
> _|_Eat_SPAM_to_email_me!_YUM!__|_____|_____ wkitty42 (at) alltel.net
> --
> To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
> rc5-digest subscribers replace rc5 with rc5-digest

-- 
// Andrew MacKenzie  |  http://www.edespot.com
// Once more unto the breach, dear friends, once more
//     -- Shakespeare, "Henry V"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.distributed.net/pipermail/rc5/attachments/20021011/e15b66b3/attachment-0001.bin


More information about the rc5 mailing list