-
April 28th, 2004, 02:37 PM
#1
Heads Up - W32/Bagle.aa@MM now in the wild (was New Virus)
Edit: Subject Changed - See below for further details /Edit
Some has opened something they shouldn't..
Mass mailer - With a variety of subjects, including...
Re: Text Message
See attached. (NOTE LIVE VIRUS)
Anyone heard of this...
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
April 28th, 2004, 02:45 PM
#2
Talk to TheHorse13. Yesterday in IRC he mentioned Details.cpl being received. A use of strings command on Linux resulted in the attached file.
-
April 28th, 2004, 02:53 PM
#3
Re: New Virus
Originally posted here by steve.milner
Mass mailer - With a variety of subjects, including...
Re: Text Message
Sounds like this one.
Edit: Scratch that. Dumped your file and it doesn't even remotely look like W32/NetSky-AB. Will get back soon...
Oliver's Law:
Experience is something you don't get until just after you need it.
-
April 28th, 2004, 03:10 PM
#4
It's This : http://us.mcafee.com/virusInfo/defau...virus_k=124875
W32/Bagle.aa@MM
Sigh - Time to use the Beta Dat files & see how it does....
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
April 28th, 2004, 03:12 PM
#5
Hmm
AVG and eTrust EZ armor didn't spot it, and I updated them both today.
From some of the strings it appears to come from 29a, but I havent had a chance to find their website to see if they mention it.
Cheers
-
April 28th, 2004, 03:14 PM
#6
You might wanna search for a file called cplstub.exe in your %windir%. That's the file it drops.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
April 28th, 2004, 03:32 PM
#7
Originally posted here by MsMittens
Talk to TheHorse13. Yesterday in IRC he mentioned Details.cpl being received. A use of strings command on Linux resulted in the attached file.
Looks very similar to my strings list...
It is confrimed as W32/Bagle.aa@MM!
McAfee beta DAT picks it up, but not their current one (4353)
DAT file 4354, to be released late today or tommorrow will detect it.
So far We've seen no adverse effects with using the beta DAT if anyone else wants to take the risk.
More user education required.
You might wanna search for a file called cplstub.exe in your %windir%. That's the file it drops.
Yup, I know, and it opens a port & contacts a number of sites....
<sigh> That'll be my nice spam free email address out in the wild - I just bet you!
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
April 28th, 2004, 04:03 PM
#8
After looking over a large sample of e-mails, my little group of e-mails turned out to be a tweaked version of this:
http://www.symantec.com/avcenter/ven...agle.w@mm.html
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
April 28th, 2004, 04:37 PM
#9
The updated AntiVir files, (downloaded 5 minutes ago), detects it immediately.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
April 28th, 2004, 04:44 PM
#10
Originally posted here by Tiger Shark
The updated AntiVir files, (downloaded 5 minutes ago), detects it immediately.
Yeah & they've raised it to medium risk, looks like my phone call to them may have been worthwhile.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|