Dear Trend Micro customer,
As of January 27, 2005 1:42 AM PST (Pacific Standard Time/GMT -8:00),
TrendLabs has declared a Medium Risk Virus Alert to control the spread
of WORM_BAGLE.AZ. TrendLabs has received several infection reports
indicating that this malware is spreading in US, China, and Japan.
This WORM_BAGLE variant arrives on a system as an email attachment. It
sends copies of itself to all email addresses it gathers from files
with certain extensions but skips those addresses that contain particular
strings.
===============================
Users must be wary of the email it sends that have the following
details:
Subject: (any of the following)
Delivery service mail
Delivery by mail
Registration is accepted
Is delivered mail
You are made active
Thanks for use of our software.
Before use read the help
Message body: (any of the following)
Delivery service mail
Delivery by mail
Registration is accepted
Is delivered mail
You are made active
Thanks for use of our software.
Before use read the help
Attachments: (any of the following file names)
guupd02.exe
Jol03.exe
siupd02.exe
upd02.exe
viupd02.exe
wsd01.exe
zupd02.exe
(with any of the following extensions)
COM
CPL
EXE
SCR
===============================
The email is spoofed and may appear to have come from a familiar email
address. As a general rule, users should avoid opening the attachments
of unsolicited email.
This worm drops a copy of itself using the following file names into
the Windows system folder:
sysformat.exe
sysformat.exeopen
sysformat.exeopenopen
It also looks for folders that have the string shar then drops copies
of itself using file names with EXE extensions into those folders.
In addition, this worm terminates several processes, most of which are
related to antivirus and security programs.
TrendLabs has uploaded the following:
TMCM Outbreak Prevention Policy 140
Official Pattern Release 2.375.00
Damage Cleanup Template 495
For more information on WORM_BAGLE.AZ, you can visit our Web site at:
http://www.trendmicro.com/vinfo/virusen ... M_BAGLE.AZ
Contact av_query@support.trendmicro.com for inquiries and to report
infections in your region.
Computer Virus Alert
- Joseph E. Smith
- Posts: 13780
- Joined: Sat Mar 06, 2004 2:40 pm
- antispam: No
- Location: ... who cares?...
- Contact:
- Jerry Freeman
- Posts: 6074
- Joined: Mon Dec 30, 2002 6:00 pm
- antispam: No
- Please enter the next number in sequence: 8
- Location: Now playing in Northeastern Connecticut
- Contact:
Thanks for the tip, Amar. (Why don't you change the title to something like, "Computer Virus Alert ..." so people will know it's important.)
I went to Symantec's website, and it appears that this virus is now in their current virus definitions, so I did a live update.
http://securityresponse.symantec.com/av ... ba@mm.html
Again, thanks for the tip.
Best wishes,
Jerry
I went to Symantec's website, and it appears that this virus is now in their current virus definitions, so I did a live update.
http://securityresponse.symantec.com/av ... ba@mm.html
Again, thanks for the tip.
Best wishes,
Jerry
- feadogin
- Posts: 1123
- Joined: Tue Aug 06, 2002 6:00 pm
- Please enter the next number in sequence: 1
- Location: San Francisco Bay Area
I got two emails with this virus this morning so watch out, all! (Don't worry, I did not open them).
Justine
Justine
<a href="http://lilypie.com"><img src="http://b2.lilypie.com/akpBm8.png" alt="Lilypie 2nd Birthday Ticker" border="0" /></a>
- Guitar Kat =^..^=
- Posts: 37
- Joined: Sun Jan 23, 2005 3:45 pm
- Please enter the next number in sequence: 1
- Location: Alberta, Canada
- Contact: