Technical User Services - Anti-Virus Information::
E-mail and the Virus Threat. Known Issues with VirusScan 4.5.1. TechLink Information & Downloads variant of the Bagle mass-mailing virus can be found at:
http://www-tus.csx.cam.ac.uk/virus/archive.htmlHOME |
Online security experts are increasing the threat level on a
fast-spreading e-mail virus capable of allowing an attacker to upload and execute malicious code on infected computers. Bagle.b and Netsky.b::
I dont find any trace of Bagle in the virus database. And a apple iBook G3 633 Mhz / upgraded to Mac OS 10.3.9 / 384 MB of RAM. nattyjtwo
http://forum.avast.com/index.php?topic=2924.0HOME |
Dissecting Netsky, Bagle.B, and Mydoom.F : TechGuides : Network Admin ::
quiet months on the virus/worm front, administrators have been out, but it does not pose as serious a threat to the systems integrity as Bagle.
http://www.zdnetasia.com/insight/network/0,39044847,39170938,00.htmHOME |
The mass-mailing W32/BAGLE-A worm, also known as Bagle or Beagle,
includes a backdoor component which listens on TCP port 6777 and lets an attacker execute arbitrary programs on infected systems, anti-virus experts warned on Tuesday.
MessageLabs described the Bagle virus as "high risk" while Network
Associates has assigned a "medium risk" assessment. Data Systems - TUHSC::
Systems. News & Announcements. Virus Alert. Virus Hoaxes The risk assessment of this threat has been upgraded to Low-Profiled due to media attention at:
http://www.som.tulane.edu/datasys/Bagle_ad.htmHOME |
Worm war behind recent virus releases, experts say::
The Bagle and Mydoom worms also open communication ports on infected systems Top 10 Reasons to Upgrade. Get this white paper now!
http://www.computerworld.com/securitytopics/security/virus/story/0,10801,90767,00.htmlHOME |
The virus, first quarantined in Germany, has been spotted in 138
countries with the highest distributions in Europe and Asia. Because of the long holiday weekend, distribution in the U.S. has been low.
The Bagle virus arrives as a .EXE attachment with a random name and with
the word "hi" in the subject line. If an unsuspecting user executes the
attachment, the worm copies itself to the Windows system folder with
instructions to run at logon.
Upon execution, the Bagle virus uses its own SMTP (define) engine to
send itself to addresses harvested from files on the hard disk and spoofs
the "From" field in e-mails it sends.
According to a Network Associates alert, the worm contains a potentially
dangerous remote access component which listens on TCP port 6777 for remote
connections. "It tries to notify the virus author of its readiness to accept
commands by contacting various websites and calling a script located on the
remote site," the company warned.
The company warned that home users are at higher risk of infection.
Network Associates and Sophos have posted disinfection instructions,
available here and here.
According to Sophos senior security analyst Chris Belthoff, home users were at a higher risk of infection because most enterprises are blocking .EXE attachments at the gateway. But, as with the destructive SoBig virus, workers at home offices who connect remotely to an enterprise network represent a danger.
"This virus can sneak into an enterprise environment through the home workers because it grabs all e-mail addresses to mail itself to. In many cases, it's a work-related address book that puts the attachment inside the network," Belthoff told internetnews.com.
He believes the virus is the work of a sophisticated spam network looking to take over computers and use them as spam zombies. "Eventually, mail server capabilities could be downloaded to infected machines. Once that backdoor is active, any type of code can be loaded on an infected machine."
 Stand by Your Standards
 Macromedia Debuts New Robo- Line | 