lug-bg: New worm on the loose!!!
- Subject: lug-bg: New worm on the loose!!!
- From: Peter Georgiev <peterg@xxxxxxxxxxx>
- Date: Tue, 20 Jan 2004 14:01:02 +0200
Здрасти банда,
След като тази гад се промъкна до LUG-BG снощи, днес се разрових
по мрежата и ви пращам кратко описание, тъй като в списъка
има доста хора, използващи MUA под Win.
Червейчето е ново, спамърско и гадно, но за късмет троянската му
част май не работи.
С три думи - Update antivirus software!
Докато не са ви изпищяли потребителите...
Mass-mailing worm W32.Beagle.A@mm is kicking up a storm, as its expiry
date of January 28th is multiplying fears among security experts, who
believe that more robust versions of the worm could be slated for
release soon
The worm accesses remote Web sites and sends emails to any address that
it can find. It also appears that the writer originally intended to
incorporate a backdoor functionality into the worm. However, due to
certain bugs in the code, the backdoor feature fails to function.
W32.Beagle has already started to spread rapidly across networks in
Australia, with Symantec classifying the worm's geographical
distribution as ‘high’.
The worm is bundled in an email, which has the following
characteristics:
The worm arrives in an e-mail file attachment with a randomly generated
name and EXE extension. E-mail messages containing the worm have the
subject "Hi" and a message body that reads: "Test =)" followed by some
randomly generated characters and then "Test, yep," said F-Secure Corp.
of Helsinki.
Subject: Hi
Filename: .exe
File size: 15,872 bytes
Also known as WORM_BAGLE.A (Trend Micro), it affects Windows versions
2000, 95, 98, Me, NT, XP and Server 2003. However, DOS, Linux,
Macintosh, Microsoft IIS, OS/2, UNIX, and Windows 3.x users will not be
affected.
When the worm is executed, it inserts the file %System%beagle.exe, and
snoops for activity on port 6777.
Bagle spreads via e-mail using its own SMTP engine. It generates a list
of addresses to send itself to by scanning and searching .wab, .txt,
.htm, and .html files on an affected machine. It also uses these
addresses in order to 'spoof' the 'From' address.
Users who suspect that their machines may be infected with the virus
should look for a file called bbeagle.exe in their Windows System
directory. The file disguises itself with Microsoft's familiar
calculator icon.
Antivirus sites like Computer Associates, Network Associates, and
Symantec, have posted software updates as well as manual removal
instructions to counter the threat.
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|