[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Virus alert

Subject: Virus alert
From: juliemac57 at hotmail.com (Julie Macfarlane)
Date: Fri Oct 29 18:25:33 2004

As a precaution...

As of  October 29, 2004 9:40 AM (GMT -7:00; Daylight Saving Time), TrendLabs 
has
declared a Medium Risk Virus Alert to control the spread of WORM_BAGLE.AU.
TrendLabs has received several infection reports indicating that this 
malware is
spreading in US, Japan, Sweden, Germany, Mexico, France, Argentina, Chile,
Brazil, and Canada.

Like other BAGLE variants, the success of this worm may be attributed to its
plain and brief email messages that bear the following details:

From:<spoofed>
Subject any of the following
• Re:
• Re: Hello
• Re: Hi
• Re: Thank you!
• Re: Thanks :)

Message body: any of the following
• :)
• :))

Attachment:
any of the following
• PRICE
• JOKE

with the following extension names
• COM
• CPL
• EXE
• SCR

This worm scans an infected system for files with certain extension names to
acquire its target recipients. It then uses its own SMTP engine and the 
domain
servers of its harvested email addresses for its mailing routine. 
Unsuspecting
users may then receive email messages from trusted acquaintances and readily
execute the attachment, thus launching this worm.

When run, it proceeds to drop copies of itself in folders with names 
containing
the text string shar, or in shared folders. It also uses file names that 
appear
legitimate and attractive. This enables this worm to propagate through the
network as other users may accidentally download a copy of this worm 
thinking it
is a normal application or a text file.

This worm also compromises system security by terminating several antivirus 
and
security-related applications if found active on a system. It also connects 
to a
list of Web sites where it may download components. It also opens port 81
possibly for its backdoor activities.

Continuing a notable BAGLE routine, it attacks another worm family known as
NETSKY. It deletes several registry entries and file names associated with
NETSKY. It also creates several mutexes that prevent the execution of NETSKY
variants on the infected machine.




Julie Macfarlane
1981 MKI 2L 16v w 2Y
Amsterdam NY

Follow-Ups:
- Virus alert
  - From: tberk at sbcglobal.net (T Berk)

Prev by Date: strut bearings, whats a good replacment?
Next by Date: Dates? Re: cincy '05 - r.u. ready? i might be...
Previous by thread: strut bearings, whats a good replacment?
Next by thread: Virus alert
Index(es):
- Date
- Thread