High Risk: New Trojan: Bagle Trojan
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: High Risk: New Trojan: Bagle Trojan

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Medium Risk: New Trojan: Bagle Trojan

    From Full Disclosure Jan 18, 2004:

    This possible worm outbreak warning was received on TH-Research (The
    Trojan Horses Research Mailing List) from Moosoft Development
    (www.moosoft.com) a few hours ago.

    AV and AT firms have had a few hours to update their databases.

    Info can be found only on Kaspersky's web page, so far:
    http://www.viruslist.com/eng/alert.html?id=783050

    Let's hope it is stopped before it can do too much damage!

    This email comes and an heads-up and FYI so you can take measures to
    stop it.

    Gadi Evron

    The Trojan Horses Research Mailing List - http://ecompute.org/th-list
    Further info:

    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Why don't people wise up?

    http://www.diamondcs.com.au

    Get Registry Prot....................use it.......it will warn you of attempts to change the Registry...just say "no"

    If something INTELLIGENT does not work......try it again and say yes............

    And if you think that "something intelligent" is the crap attachment that "Mary in finance" just sent you.....you BOTH deserve to be fired..........maybe I should crusade in that direction..............instant dismissals, loss of pension rights? thrown out of school/college...unemployable?...........a new crime?...."crass stupidity in possession of a computer"?

    There is so much good advice given on this site............but no one seems to listen?


    Guess I am getting cynical?

    Cheers

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I think we were having this discussion elsewhere. It's called the Microsoft Society/Generation.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Why not wise up even more and DON'T OPEN ATTACHMENTS????

    you are just asking way to much nihil.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  5. #5
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    He likes to confuse people with common sense

    EDIT: Thanks Mittens!!

  6. #6
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    Now listed as High Risk

    We're seeing lots of this attempting to get through the mail server....

    To no avail I might add.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Further information appeared on Full Disclosure this morning:

    New information on the worm:

    Status of the web pages this worm tries to connect to is still unclear.

    Some vendors report it downloading a certain Trojan, but we see no
    information on that so far since the web pages status is still unclear,
    as mentioned.

    Mcafee also reports it listening on port 6777.

    The worm tries to connect to the following hacked box: 151.201.0.39.

    Finally now all AV products "speak" of this worm.
    Response times for detecting/cleaning/webpages updates were not so good.

    As I mentioned earlier, Kaspersky and The Cleaner (MooSoft) were the
    noticeable exceptions.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    Ahhhhh pretty picture..oooooooo click here
    ooooo faster downloads.mmmmmm click here
    eeeek prevent nasty bill gates spying in me.. click here
    Wooot.. The screen is flashing I have won something...Click here
    Cure that and cure 80% of pc problems.. if *nix platform becomes the dominant Platform.. it to will suffer the same commercial crap.. but the end user and their Blue Haze Glaze, and CBS mentality.. the story will continue.. just the scenery will be different (pse note this is not a Pro M$ comment)
    As has been commented.. the weakest link.. the user..

    my last 2 virus infections.. my stupidity.. (well my daughter realy.. she opened the email's.. but I hadn't updated the AV.. did I.. or was it AVG's fault.. nah my fault.. I know.. that ***** at the news stand, who ran out of PC World Mags that week. yeh all of my recent virus infections are his fault)..

    Try this.. Since MSBlaster hit.. every PC sold through our store.. has had the relevent patches installed.. that is untill Christmas.. you see I went to sales full time.. suddenly all pc's sold had blaster.. guess who's fault??? ... Boss says Charge the customer, it isn't a hardware fault, or the customer can take it up with the supplier.. .. I make up a brochure and a CD and give it to customers.. Boss removes same from the shop.. if the customer system is infected.. to bad.. they pay the Service section to have it removed.. I tell him where to stick his time clock..

    Bottom line .. User stupidity Second.. Retail oppertunity is the primary cause..

    Oh yes ams MsM.. Thanks for the headsup..

    Appreciated..

    Cheers (still Dirty) Undies
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Und3ertak3r,

    Chill out, your boss is a "Richard Cranium Esquire", if you sell something defective, you are in trouble, I think that your boss is living on borrowed time?

    Hey, if it gets through to the media that your store is selling stuff that is already infected when it comes out of the box, or even not properly patched? he is in big trouble

    I do hope he knows how to lose, because he is about to..........big time

    It is a bloody irresponsible attitude anyway, I just hope that he does not have a wife and children..it's not their fault.

    Good luck mate

    Johnno

  10. #10
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    # 2004-01-19
    A new virus definition file is available at the download area.

    # 2004-01-18
    A new variant of the worm "worm/Bagle.A" is in the wild. A current virus definition file is available at the download area.
    H+BEDV AntiVir has released an update as well.
    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •