[24hoursupport] Re: W32/Bagle-mm spreading rapidly

• From: "Tina" <cfunk@xxxxxxx>
• To: <24hoursupport@xxxxxxxxxxxxx>
• Date: Mon, 19 Jan 2004 18:27:19 -0600

 
  The e-mail does not even need to be opened.. If you see it in your mail, 
delete at once.  I know it showed up earlier today in my mail, unopened, and 
sent the virus out immediately to one of my groups in Yahoogroups..  I have all 
attachments sent to a folder in OE.. I disabled my System Restore and scanned 
my computer with my anti-virus program after updating my 'virus definitions' 
for the day (I have the virus definitions updated each day at 12:30 AM, and 
downloaded the new one about 1 hour ago..), and an on-line anti-virus program.. 
I think I am OK now, since the definitions are updated.. Just wanting you all 
to be aware, and update your virus definitions ASAP..
                        Hope this helps somebody..     Tina
  ----- Original Message ----- 
  From: Mike 
  To: 24hoursupport@xxxxxxxxxxxxx 
  Sent: Monday, January 19, 2004 5:58 PM
  Subject: [24hoursupport] W32/Bagle-mm spreading rapidly


  There is a new virus making the round this week,

   it's Subject is "  Hi  " please use caution with your email. 

  Try to find a more descriptive keyword.
  ____________________________

  From: VirusEye@xxxxxxxxxxxxxxx
  Subject: MessageLabs Intelligence virus alert: W32/Bagle-mm, HIGH LEVEL

  W32/Bagle-mm spreading rapidly

  During 18th and 19th January 2004, MessageLabs, the email security
  company, intercepted a significant number of copies of a new virus known
  as W32/Bagle-mm. The majority of intercepted copies have been sent from
  Australia.


  Name:  W32/Bagle-mm  

  Aliases:  I-Worm.Bagle, W32/Bagle@MM, W32.Beagle.A@mm, 
  W32/Bagle-A, Bagle, WORM_BAGLE.A

  General

  The worm arrives as an attachment to an email and has a random filename,
  with a .exe extension.

  W32/Bagle-mm searches the infected machine for email addresses and then
  uses its own SMTP engine to send itself to the addresses found.

  Email Characteristics

  Subject: Hi
  Text: Test =)
     
  Attached file: <random name>.exe 


  The attached file may appear as a calculator icon. 
  The worm deliberately launches the Calculator application as a disguise. 

  W32/Bagle-A copies itself to bbeagle.exe in the Windows system folder and
  sets the following registry entry to ensure the worm is run at logon: 

  HKCU\Software\Microsoft\Windows\CurrentVersion\Run\d3dupdate.exe 

  The worm also sets the following registry entries: 

  HKCU\Software\Windows98\uid
  HKCU\Software\Windows98\frun 

  W32/Bagle-A includes a backdoor component which listens on TCP port 6777. 
  This allows an attacker to upload and execute arbitrary programs on infected
  computers. 

  From; F-Secure

  Detailed technical description of the worm as well as screenshots are
  available in the F-Secure Virus Description Database at
  http://www.f-secure.com/v-descs/bagle.shtml

  Disinfection 

  Special Disinfection Tool 

  F-Secure has developed a special disinfection tool for this worm. 
  The tool will detect and remove an active Bagle infection from the
  computer.


  The Bagle removal tool can be downloaded in a ZIP file from: 

  http://www.f-secure.com/tools/f-bagle.zip 

  ftp://ftp.f-secure.com/anti-virus/tools/f-bagle.zip 

  From Panda;
   Panda Software offers all users its free PQREMOVE application, 
  designed to effectively clean any computer affected by Bagle.A.

  This tool can be downloaded from the following address:
  **  http://www.pandasoftware.com/download/utilities/  **

  More information:
  Computer Associates
  http://www3.ca.com/virusinfo/virus.aspx?ID=38019

  Sophos
  http://www.sophos.com/virusinfo/analyses/w32baglea.html

  Symantec
  http://www.symantec.com/avcenter/venc/data/w32.beagle.a@xxxxxxx

  Trend;
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.A
  ___________________________________________

  Mike ~ It is a good day if I learned something new.
  Editor MikesWhatsNews see a sample on my web page
  http://www3.telus.net/mikebike 
  <http://www3.telus.net/mikebike/mikes_virus_page.htm>
  A Technical Support Alliance & OWTA Charter Member 



  For a web-based membership management utility and information on list 
policies, please see http://nibec.com/24hoursupport/

  To unsubscribe, send a blank email to 24hoursupport-request@xxxxxxxxxxxxx 
with "unsubscribe" (without quotes) in the subject.



  ---
  Outgoing mail is certified Virus Free.
  Checked by AVG anti-virus system (http://www.grisoft.com).
  Version: 6.0.564 / Virus Database: 356 - Release Date: 1/19/2004
For a web-based membership management utility and information on list policies, 
please see http://nibec.com/24hoursupport/

To unsubscribe, send a blank email to 24hoursupport-request@xxxxxxxxxxxxx with 
"unsubscribe" (without quotes) in the subject.

• Follow-Ups:
  • [24hoursupport] Re: W32/Bagle-mm spreading rapidly
    • From: Fuzzy Logic

• References:
  • [24hoursupport] W32/Bagle-mm spreading rapidly
    • From: Mike

Other related posts:

• » [24hoursupport] W32/Bagle-mm spreading rapidly
• » [24hoursupport] Re: W32/Bagle-mm spreading rapidly
• » [24hoursupport] Re: W32/Bagle-mm spreading rapidly
• » [24hoursupport] Re: W32/Bagle-mm spreading rapidly
• » [24hoursupport] Re: W32/Bagle-mm spreading rapidly
• » [24hoursupport] Re: W32/Bagle-mm spreading rapidly

1. Home
2. 24hoursupport
3. Archive
4. 01-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---