Blank virus blanks email - New Bagle
Results 1 to 5 of 5

Thread: Blank virus blanks email - New Bagle

  1. #1
    Senior Member
    Join Date
    Mar 2004

    Post Blank virus blanks email - New Bagle

    It's happened yet again. A new version of the Bagle Downloader is spreading like wildfire via email, according to email filtering firm MessageLabs. MessageLabs has intercepted almost 70,000 copies since the arrival of the virus at lunchtime on Tuesday. The virus appears to have originated from a Yahoo! group.

    The as-yet-unnamed Bagle downloader variant drops a Trojan that attempts to download updated malware from a long list of locations. Windows users who activate the file attached in the email invoke the virus, which harvests email addresses it finds on the computer's hard drive. The virus then forwards itself onto the list of email addresses it has discovered in infected computer.

    The virus typically spreads in email messages with empty subject lines and body texts

    Hmm. I got an e-mail with no subject, to body text and just an attachment. Hmm what to do, what to do. I know it happens all the time but it amazes me people still do this.

    It's like Wile E. Coyote sticking his head in the cannon to see why it didn't go off when the Road Runner went by. KABOOM!!
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Folks over at SANS had something too (

    New Bagel Virus(es?)

    We have received a few reports that readers are receiving what appears to be a new version of the Bagle virus in email this morning. The attachments (so far) appear to be named as a single digit number zip file (eg: "" or "") as a string (eg: "") with a payload of "16_05_2005.exe" or "19_04_2005.exe". The .zip file is approximately 18k and is 36352 when extracted. Upon execution, this file will be copied to C:\WINDOWS\System32\winshost.exe and will then drop another 11k file into C:\WINDOWS\System32\wiwshost.exe

    The registry key HKLM/Software/Microsoft/Windows/Current Version/Run is then updated to execute this winshost.exe file at boot.
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    AOs Resident Troll
    Join Date
    Nov 2003
    Oh come on it..go ahead click on it...

    Its calling you...come on click on it

    I cant wait to hear the excuses for this one

    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #4
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    The Great White North


    intercepted almost 70,000 copies
    I feel quite neglected, I have only had 132 copies hit my gateway.


  5. #5
    Senior Member
    Join Date
    Jan 2003
    Hey Hey,

    I got a copy through to my inbox today... It's the first time that AVG hasn't stripped one on me... So if anyone wants a copy of it.. I've got it sitting here.

    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts