From; Trend Micro Newsletters Editor: Dear Trend Micro customer, As of March 1, 2005, 3:43 AM (GMT - 08:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_BAGLE.BE. TrendLabs has received numerous infection reports indicating that this malware is spreading in New Zealand and Australia. Initial analysis shows that this worm drops a copy of itself as WINDLHHL.EXE in the Windows system folder upon execution. It then mass-mails copies of TROJ_BAGLE.BE, which is resposible for downloading WORM_BAGLE.BE. The email that it sends out has the following details: Subject: <blank> Message Body: price Attachment: <.ZIP copy of the TROJ_BAGLE.BE TrendLabs will be releasing the following EPS deliverables: TMCM Outbreak Prevention Policy 153 Official Pattern Release 2.456.00 Damage Cleanup Template 544 For more information on WORM_BAGLE.BE, you can visit our Web site at: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.BE You can modify subscription settings for Trend Micro newsletters at: http://www.trendmicro.com/subscriptions/default.asp ----------------------------------------------o0o---- IMPORTANT NOTE! TrendLabs will also be releasing a 3-digit pattern file 990 that corresponds with the pattern indicated in this email. This 3-digit pattern is a special release for users running non-NPF compliant products (i.e., old 3-digit pattern format) and is designed to provide protection against the most current malware threats. Users running non-NPF compliant products are still urged to apply the NPF solution <http://www.trendmicro.com/en/support/npf/overview.htm>. These users may also upgrade to the latest product version. Only NPF-compliant products will be able to update with regular pattern releases. ______________________________________________________________________ This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM). To view our permission marketing policy: http://www.rsvp0.net Copyright 1989-2004 Trend Micro, Inc. All rights reserved Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014 *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member