hackfix-virusnews: New Bagle worm drops in and downloads
- From: "Christy" <snowz@xxxxxxxxxx>
- To: hackfix-virusnews@xxxxxxxxxxxxx
- Date: Thu, 02 Sep 2004 03:13:27 -0400
New Bagle worm drops in and downloads
By John Leyden
Published Wednesday 1st September 2004 12:01 GMT
A new Bagle dropper and downloader, Bagle-AQ, was
bulk mailed to numerous internet users yesterday. The
malware arrives in email with subject and email body
"foto" and attachment called foto.zip that poses as a
file containing photographs.
This zip file contains a HTML file and an executable
called foto1.exe. The executable is a dropper. If
activated it will kill DLL files related to the
updating components of various anti-virus programs.
It also attempts download an updated payload every
six hours from one of more than 130 separate
websites. This payload contains a mass-mailing worm
that uses its own SMTP engine to spread. It also
opens backdoors on TCP port 80 and UDP port 80,
allowing infected computers to be used as email
relays. Only Windows machines are affected.
Read more here:
http://www.theregister.co.uk/2004/09/01/bagle_download
er/
=A9 Copyright 2004
~*~*~*~*~
To unsubscribe from our list send an email
to hackfix-virusnews-request@xxxxxxxxxxxxx?Subject=unsubscribe.
For a complete list of email commands for our list send
an email to ecartis@xxxxxxxxxxxxx with a subject line of
"info hackfix-virusnews" without the quotes.
~*~*~*~*~
Other related posts:
- » hackfix-virusnews: New Bagle worm drops in and downloads
