Also Grisoft (AVG) has an update.. (auto update works too ;))
http://www.grisoft.cz/virbase/virbas...ng=us&type=web
Printable View
Also Grisoft (AVG) has an update.. (auto update works too ;))
http://www.grisoft.cz/virbase/virbas...ng=us&type=web
BTW: I didn't say earlier .. THANK YOU MsMittens for the information.. It was very timely..
Certainly helped here (well to help customers that is)
Cheers
<edit> Noticed a local news report regarding this worm. Advice to Computer Users..
"Don't open emails ending in .exe"
"don't open emails with attachments"
ho hum.. can't even read the script?.. couldn't read/understand the press release from CA.. (good onya Ten Network Australia.. reaffirmed my oppinion of aussi media)
Yes MsMittens, thank you for the heads up. This one is receiving a fair amount of media attention, I've heard a few of the DJ's on the radio here at work mention it as well as being the subject of many Internet news sites.
We just caught our first instance of being sent this a few minutes ago - I was a little surprised that it hadn't shown up here yet... Caught and quarantined at the mail server of course :)
Great another toy for spammers and script kiddies to play with. :(Quote:
The worm opens port 6777 to listen for commands. The backdoor function allows the attacker to download files and execute commands on the infected computer.
Just received on Full Disclosure. Might be of benefit for some here:
Quote:
Mail from Joe Stewart <[email protected]>
If you can't wait till January 28, Bagle has a remote uninstall command
which can be sent over port 6777, the port also used to upload the
second stage.
For instance, using perl and netcat, you could send the uninstall
command with the one-liner below:
When the command bytes above are received by an infected host, the virusPHP Code:perl -e 'print "\x43\xff\xff\xff\x00\x00\x00\x00\x0412\x00"' \
| nc infected_host_IP 6777
will exit and delete its executable (using a batch script after the
fact). The registry keys are not removed.
-Joe
http://msn-cnet.com.com/2100-7349_3-...6&tag=msn_home
Looks like it's starting to calm down a little bit.
In other words, a copycat. The fact that it has it's own e-mail engine is interesting (from a computer forensics standpoint) I didn't know it had that capability...I can hardly wait until they learn to limit the number of packets their malware sends out. Past viri tend to choke themselves before they really get going ( before any body gets wound up... viri writers are already talking about this, I didn't invent it)Quote:
program's blueprint is similar to that of the Sobig virus, which started attacking computers a year ago. Like Sobig, Bagle uses its own home-brewed e-mail program to send messages quickly,