There is a new virus making the round this week, it's Subject is " Hi " please use caution with your email. Try to find a more descriptive keyword. ____________________________ From: VirusEye@xxxxxxxxxxxxxxx Subject: MessageLabs Intelligence virus alert: W32/Bagle-mm, HIGH LEVEL W32/Bagle-mm spreading rapidly During 18th and 19th January 2004, MessageLabs, the email security company, intercepted a significant number of copies of a new virus known as W32/Bagle-mm. The majority of intercepted copies have been sent from Australia. Name: W32/Bagle-mm Aliases: I-Worm.Bagle, W32/Bagle@MM, W32.Beagle.A@mm, W32/Bagle-A, Bagle, WORM_BAGLE.A General The worm arrives as an attachment to an email and has a random filename, with a .exe extension. W32/Bagle-mm searches the infected machine for email addresses and then uses its own SMTP engine to send itself to the addresses found. Email Characteristics Subject: Hi Text: Test =) Attached file: <random name>.exe The attached file may appear as a calculator icon. The worm deliberately launches the Calculator application as a disguise. W32/Bagle-A copies itself to bbeagle.exe in the Windows system folder and sets the following registry entry to ensure the worm is run at logon: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\d3dupdate.exe The worm also sets the following registry entries: HKCU\Software\Windows98\uid HKCU\Software\Windows98\frun W32/Bagle-A includes a backdoor component which listens on TCP port 6777. This allows an attacker to upload and execute arbitrary programs on infected computers. From; F-Secure Detailed technical description of the worm as well as screenshots are available in the F-Secure Virus Description Database at http://www.f-secure.com/v-descs/bagle.shtml Disinfection Special Disinfection Tool F-Secure has developed a special disinfection tool for this worm. The tool will detect and remove an active Bagle infection from the computer. The Bagle removal tool can be downloaded in a ZIP file from: http://www.f-secure.com/tools/f-bagle.zip ftp://ftp.f-secure.com/anti-virus/tools/f-bagle.zip From Panda; Panda Software offers all users its free PQREMOVE application, designed to effectively clean any computer affected by Bagle.A. This tool can be downloaded from the following address: ** http://www.pandasoftware.com/download/utilities/ ** More information: Computer Associates http://www3.ca.com/virusinfo/virus.aspx?ID=38019 Sophos http://www.sophos.com/virusinfo/analyses/w32baglea.html Symantec http://www.symantec.com/avcenter/venc/data/w32.beagle.a@xxxxxxx Trend; http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.A ___________________________________________ Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <http://www3.telus.net/mikebike/mikes_virus_page.htm> A Technical Support Alliance & OWTA Charter Member For a web-based membership management utility and information on list policies, please see http://nibec.com/24hoursupport/ To unsubscribe, send a blank email to 24hoursupport-request@xxxxxxxxxxxxx with "unsubscribe" (without quotes) in the subject.