06-21-2006, 10:34 PM
The 4789 DAT files have been released early due to the prevalence of multiple W32/Bagle variants observed today.
Full details on the threats have been posted to the McAfee Avert Labs Threat Center:
W32/Bagle.fb@mm - http://vil.nai.com/vil/content/v_139997.htm
W32/Bagle.dldr - http://vil.nai.com/vil/content/v_129512.htm
The various 4789 daily DAT file packages can be found at http://www.mcafee.com/apps/downloads/secur...updates/dat.asp
Best Regards,
McAfee Avert Labs - Come visit our Blog - http://www.avertlabs.com/research/blog/
-----------------------------------------------------
Added by me:
To remove it, perform a complete scan of your downloaded email. At the corporate level (Exchange 2000/2003), perform a complete scan of the server at the mailbox level and ensure scanning for encrypted items / corrupted items is enabled.
We got hit pretty good with this, but only one known user instance so far. In that case, the user actually used the enclosed password for the encrpyted zip, extracted it, and then her personal McAfee Enterprise 8.0i caught it and deleted it from her extract destination instantly.
This is more for the other IT heads on here than the users, as MOST of you I wouldn't brand as stupid enough to actually open a passworded zip file from a misformatted sender. :rolleyes:
Full details on the threats have been posted to the McAfee Avert Labs Threat Center:
W32/Bagle.fb@mm - http://vil.nai.com/vil/content/v_139997.htm
W32/Bagle.dldr - http://vil.nai.com/vil/content/v_129512.htm
The various 4789 daily DAT file packages can be found at http://www.mcafee.com/apps/downloads/secur...updates/dat.asp
Best Regards,
McAfee Avert Labs - Come visit our Blog - http://www.avertlabs.com/research/blog/
-----------------------------------------------------
Added by me:
To remove it, perform a complete scan of your downloaded email. At the corporate level (Exchange 2000/2003), perform a complete scan of the server at the mailbox level and ensure scanning for encrypted items / corrupted items is enabled.
We got hit pretty good with this, but only one known user instance so far. In that case, the user actually used the enclosed password for the encrpyted zip, extracted it, and then her personal McAfee Enterprise 8.0i caught it and deleted it from her extract destination instantly.
This is more for the other IT heads on here than the users, as MOST of you I wouldn't brand as stupid enough to actually open a passworded zip file from a misformatted sender. :rolleyes: