Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bagle/Beagle/Tooso - New BN Variant emerges


  • Please log in to reply
1 reply to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:09:58 PM

Posted 16 April 2005 - 10:07 PM

This new variant emerged over the weekend and the Tooso trojan that is dropped will block AV and other security repairs making this virus even more difficult to clean.

Beagle.BN Description
http://www.symantec.com/avcenter/venc/data...agle.bn@mm.html

Tooso - Security Blocking Trojan dropped by Beagle.BN
http://securityresponse.symantec.com/avcen...an.tooso.g.html

EMAIL TO AVOID/BLOCK

Attempts to email a copy of Trojan.Tooso.G to the email addresses contained in the downloaded file. The email has the following characteristics:

From: <Spoofed>

Subject: <Blank>

Message: The password is; Password:

Attachment:
Make.zip
Price.zip
Forest.zip
Verses.zip
Fairy_tale.zip
It_about_you.zip
I_know_you.zip

Additional attachment:
An *.rar file contains an executable file named 123456.exe which is a copy of Trojan.Tooso.G. This is the executable that is responsible for downloading the mailer component.

BC AdBot (Login to Remove)

 


m

#2 harrywaldron

harrywaldron

    Security Reporter

  • Topic Starter

  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:09:58 PM

Posted 22 April 2005 - 07:57 AM

Symantec is reporting new Bagle/Tooso variant

Please continue to be careful out there, as I'm getting a few Tooso trojan horse messages in my personal email which are most likely from infected Bagle users. The Bagle variant is especially difficult to remove, you need a standalone cleaner (e.g., McAfee's Stinger) and SAFE MODE for the best cleaning environment.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users