FocusCanada Forums

FocusCanada Forums > Canadian Focus Community > Off Topic > New Email Virus - Rather Serious And Prolific
Full Version: New Email Virus - Rather Serious And Prolific
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

NOS2Go4Me

06-21-2006, 10:34 PM
The 4789 DAT files have been released early due to the prevalence of multiple W32/Bagle variants observed today.

Full details on the threats have been posted to the McAfee Avert Labs Threat Center:
W32/Bagle.fb@mm - http://vil.nai.com/vil/content/v_139997.htm
W32/Bagle.dldr - http://vil.nai.com/vil/content/v_129512.htm

The various 4789 daily DAT file packages can be found at http://www.mcafee.com/apps/downloads/secur...updates/dat.asp

Best Regards,

McAfee Avert Labs - Come visit our Blog - http://www.avertlabs.com/research/blog/

-----------------------------------------------------

Added by me:
To remove it, perform a complete scan of your downloaded email. At the corporate level (Exchange 2000/2003), perform a complete scan of the server at the mailbox level and ensure scanning for encrypted items / corrupted items is enabled.

We got hit pretty good with this, but only one known user instance so far. In that case, the user actually used the enclosed password for the encrpyted zip, extracted it, and then her personal McAfee Enterprise 8.0i caught it and deleted it from her extract destination instantly.

This is more for the other IT heads on here than the users, as MOST of you I wouldn't brand as stupid enough to actually open a passworded zip file from a misformatted sender. :rolleyes:

NefCanuck

06-22-2006, 02:19 AM
You'd hope so but geez, things like this make me cringe in fear from the flood of phone calls I'm probably gonna get from people who know me and who get whacked with this damn thing :angry:

Stoopid script kiddies, why don't they just go surf for pr0n or something <_<

NefCanuck

SVTmonkey

06-22-2006, 02:56 AM
My conspiracy theory is that it's companies like Norton and McAfee that pay people to write virus and scripts, just so they can keep fixing them. Bastards.

darkpuppet

06-22-2006, 03:12 AM
Too late...

my e-mail is getting pounded by spam the last couple of days.. so it's safe to assume that someone who knows me, or someone down the e-mail chain has a virus.

NOS2Go4Me

06-22-2006, 03:19 AM
The message body is quite simple, it simply says "I love you" or "I want you", then there's 5 stylized font numerals for the zip password.

The attached file is approximately 60-82KB, and there may be a second bogus gif (purpose unknown to me) to try and herd it through content scanners... you know, there's NO such things as mutliple virulent attachements... right? RIGHT? :rolleyes:

The easiest way to discern it is that the email alias makes up the sender's name, regardless of personal contacts or enterprise address lists and display names. In most of our instances, it's firstname.lastname (ie adam.weichel) and that's it. The reply mailto goes to valid aliases, so something tells me they might have got their hands on a spammer list or 5 to be hitting so many valid targets.
FocusCanada Forums > Canadian Focus Community > Off Topic > New Email Virus - Rather Serious And Prolific