Help
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Posted 17 July 2004 - 09:17 PM
TrendLabs HQ has received several infection reports from the US of this BAGLE worm spreading via email and network shares.
Bagle.AG - new variant to watch
http://secunia.com/virus_information/10711/bagle.ag/
http://vil.nai.com/vil/content/v_126795.htm
http://www.trendmicro.com/vinfo/virusencyc...e=WORM_BAGLE.AG
This is a mass-mailing worm with the following characteristics:
* contains its own SMTP engine to construct outgoing messages
* harvests email addresses from the victim machine
* the From: address of messages is spoofed
* attachment can be a password-protected zip file, with the password included in the message body.
* contains a remote access component (notification is sent to hacker)
* copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)
* shuts down security programs
The details are as follows:
From : (address is spoofed)
Subject :
Password: %s
Pass - %s
Key - %s
Re:
Re:
foto3
fotogalary
fotoinfo
Lovely animals
Animals
Predators
The snake
Screen
Body Text: (blank)
Attachment: (.EXE, .SCR, .COM, .ZIP, .CPL)
foto3
foto2
foto1
Secret
Doll
Garry
Cat
Dog
Fish
Password-protected ZIP files may also contain a second, randomly-named file with one of the following extensions:
.ini
.cfg
.txt
.vxd
.def
.dll
Bagle.AG - new variant to watch
http://secunia.com/virus_information/10711/bagle.ag/
http://vil.nai.com/vil/content/v_126795.htm
http://www.trendmicro.com/vinfo/virusencyc...e=WORM_BAGLE.AG
This is a mass-mailing worm with the following characteristics:
* contains its own SMTP engine to construct outgoing messages
* harvests email addresses from the victim machine
* the From: address of messages is spoofed
* attachment can be a password-protected zip file, with the password included in the message body.
* contains a remote access component (notification is sent to hacker)
* copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)
* shuts down security programs
The details are as follows:
From : (address is spoofed)
Subject :
Password: %s
Pass - %s
Key - %s
Re:
Re:
foto3
fotogalary
fotoinfo
Lovely animals
Animals
Predators
The snake
Screen
Body Text: (blank)
Attachment: (.EXE, .SCR, .COM, .ZIP, .CPL)
foto3
foto2
foto1
Secret
Doll
Garry
Cat
Dog
Fish
Password-protected ZIP files may also contain a second, randomly-named file with one of the following extensions:
.ini
.cfg
.txt
.vxd
.def
.dll
Back to top
