Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Spyware and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

 
Reply to this topicStart new topic
> Bagle.AG - new variant to watch
harrywaldron
post Jul 17 2004, 09:17 PM
Post #1


Security Reporter
****

Group: News Reporters
Posts: 493
Joined: 10-April 04
From: Roanoke, Virginia
Member No.: 107



TrendLabs HQ has received several infection reports from the US of this BAGLE worm spreading via email and network shares.

Bagle.AG - new variant to watch
http://secunia.com/virus_information/10711/bagle.ag/
http://vil.nai.com/vil/content/v_126795.htm
http://www.trendmicro.com/vinfo/virusencyc...e=WORM_BAGLE.AG

This is a mass-mailing worm with the following characteristics:

* contains its own SMTP engine to construct outgoing messages
* harvests email addresses from the victim machine
* the From: address of messages is spoofed
* attachment can be a password-protected zip file, with the password included in the message body.
* contains a remote access component (notification is sent to hacker)
* copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)
* shuts down security programs

The details are as follows:

From : (address is spoofed)
Subject :

Password: %s
Pass - %s
Key - %s
Re:
Re:
foto3
fotogalary
fotoinfo
Lovely animals
Animals
Predators
The snake
Screen
Body Text: (blank)


Attachment: (.EXE, .SCR, .COM, .ZIP, .CPL)

foto3
foto2
foto1
Secret
Doll
Garry
Cat
Dog
Fish

Password-protected ZIP files may also contain a second, randomly-named file with one of the following extensions:

.ini
.cfg
.txt
.vxd
.def
.dll


--------------------
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



Lo-Fi Version Time is now: 9th January 2009 - 07:23 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Malware Removal Guides

© 2003-2008 All Rights Reserved Bleeping Computer LLC.