On Wednesday 05 July 2006 04:09, [EMAIL PROTECTED] wrote: > I've already asked the tax filing company for more information > about any breaches they may have suffered and what other > information may have been exposed. They asked for the source > emails, which I provided, and I have not heard back. This was over > a week ago. > > What should I do? What would you do?
Several Bagle variants have a function to collect email addresses from files on the infected system and upload them to the author for later spamming. This could be one potential vector for such a breach. However, before you go busting the filing company, are you sure that none of your own systems (which may have contained these addresses in an address book or a browser cache) were infected by Bagle at some point? -Joe _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
