Bagle AT

Discussion in 'malware problems & news' started by gerardwil, Oct 29, 2004.

Thread Status:
Not open for further replies.
  1. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Major outbreak of bagle AT reported.

    Info about the virus:

    [font=Arial, sans-serif][size=-1][font=Arial, sans-serif][font=Arial, sans-serif][font=Arial, sans-serif][font=Arial, sans-serif] Bagle.AT is a mass-mailing worm with Peer-to-Peer spreading capabilities. In email Bagle.AT spreads using different subjects, email bodies and attachments. The attachment is an executable file with one the following extensions: .EXE .SCR .COM .CPL

    http://www.f-secure.com/v-descs/bagle_at.shtml

    Gerard
    [/font]
    [/font]
    [/font]
    [/font]
    [/size][/font]
     
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Trend Micro Alert: WORM_BAGLE.AT

    Dear Trend Micro customer,

    As of October 29, 2004, 2:07 AM (-7:00; Daylight Saving Time), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_BAGLE.AT. TrendLabs has received several infection reports indicating that this malware is spreading in Japan, Sweden, China and Germany.

    This worm uses its own SMTP engine to propagate via email. It arrives as either of the following attachments:
    • PRICE.CPL
    • PRICE.COM
    • PRICE.EXE
    • PRICE.SCR
    • JOKE.CPL
    • JOKE.COM
    • JOKE.EXE

    This worm searches the drive for folders with names containing the string "shared". It then drops itself in these shared folders using certain file names.

    TrendLabs has released the following EPS deliverables:

    TMCM Outbreak Prevention Policy 131 (as of 2:19 AM)
    Official Pattern Release 2.224.00 (as of 2:47 AM)

    The following EPS deliverables will soon be available

    Damage Cleanup Template 444
    NVP 144

    For more information on WORM_BAGLE.AT, you can visit our Web site at: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AT
    Contact av_query@support.trendmicro.com for inquiries and to report infections in your region.

    ----------------------------------------------o0o----
    IMPORTANT NOTE!
    TrendLabs will also be releasing a 3-digit pattern file (982) that corresponds with the pattern indicated in this email. This 3-digit pattern is a special release for users running non-NPF compliant products (i.e., old 3-digit pattern format) and is designed to provide protection against the most current malware threats. Users running non-NPF compliant products are still urged to apply the NPF solution <http://www.trendmicro.com/en/support/npf/overview.htm>. These users may also upgrade to the latest product version. Only NPF-compliant products will be able to update with regular pattern releases.
     
  3. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
  4. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
  5. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
Thread Status:
Not open for further replies.