[Alsfastball] New Bagle Variant Called 'Worst of the Year'
Al Doran
aldoran at pmihrm.com
Thu Jul 22 11:53:35 EDT 2004
New Bagle Variant Called 'Worst of the Year'
(we have received at least 50 of these in the last 24 hours, most Spoofed
(forged) with the email addresses of people we know - but the emphasis is
on FORGED - they did not come from the address that appears as the sender -
so don't blame them - OR me.)..
http://www.eweek.com/article2/0,1759,1624970,00.asp?kc=ewnws072004dtx1k000059
Another version of the tenacious Bagle virus is on the loose, and some
security experts and administrators say it is among the more persistent
viruses they've seen all year.
Bagle.AI, which was discovered Monday, is quite similar to the
<http://www.eweek.com/article2/0,1759,1623365,00.asp>dozens of other
variants in its family, and there seems to be little reason for its success
rate. It arrives via e-mail, usually with a subject line of "Re:" and a
spoofed sending address. The body text is random, as is the name of the
attachment.
The attachment has one of several file extensions, including .scr, .exe,
.zip, .cpl and .com. In some instances, the Zip file is password-protected,
in which case the body of the infected e-mail includes a password, pass and
key, all of which are random numbers, according to McAfee Inc.'s analysis
of the worm. The name of the attachment often contains the term MP3 in one
form or another.
Once it executes, Bagle.AI copies itself to the Windows System directory in
a file named WinXP.exe and opens TCP port 1080 and UDP port 1040. It
appears that the worm uses these ports to communicate with its creator and
report back each time it infects a new machine.
McAfee, based in Santa Clara, Calif., said it received more than 150
submissions of Bagle.AI on Monday. Bill Franklin, president of Miami-based
Zero Spam Network Corp., which provides a managed e-mail security and
anti-spam service, said his company's servers have been bombarded by copies
of the new variant all day.
"This is by far the worst one of the year," Franklin said.
The latest member of the Bagle family is the fourth variant to be released
since Thursday, when
<http://www.eweek.com/article2/0,1759,1624336,00.asp>Bagle.AF hit the
Internet.
Check out eWEEK.com's Security Center at
<http://security.eweek.com>http://security.eweek.com for security news,
views and analysis.
Als Fastball List
*Email: fastball at pmihrm.com
http://www.alsfastball.com/
http://www.ISCfastball.com/
NEWS: http://www.escribe.com/sports/alsfastball/
TEMP: http://www.fastpitchwest.com/alsfatball.htm
More information about the Alsfastball
mailing list