Computer Virus Alert

amar · Post by **amar** » Thu Jan 27, 2005 6:42 am

Dear Trend Micro customer,

As of January 27, 2005 1:42 AM PST (Pacific Standard Time/GMT -8:00),
TrendLabs has declared a Medium Risk Virus Alert to control the spread
of WORM_BAGLE.AZ. TrendLabs has received several infection reports
indicating that this malware is spreading in US, China, and Japan.

This WORM_BAGLE variant arrives on a system as an email attachment. It
sends copies of itself to all email addresses it gathers from files
with certain extensions but skips those addresses that contain particular
strings.

===============================
Users must be wary of the email it sends that have the following
details:

Subject: (any of the following)
Delivery service mail
Delivery by mail
Registration is accepted
Is delivered mail
You are made active
Thanks for use of our software.
Before use read the help

Message body: (any of the following)
Delivery service mail
Delivery by mail
Registration is accepted
Is delivered mail
You are made active
Thanks for use of our software.
Before use read the help

Attachments: (any of the following file names)
guupd02.exe
Jol03.exe
siupd02.exe
upd02.exe
viupd02.exe
wsd01.exe
zupd02.exe

(with any of the following extensions)
COM
CPL
EXE
SCR
===============================

The email is spoofed and may appear to have come from a familiar email
address. As a general rule, users should avoid opening the attachments
of unsolicited email.

This worm drops a copy of itself using the following file names into
the Windows system folder:

sysformat.exe
sysformat.exeopen
sysformat.exeopenopen
It also looks for folders that have the string shar then drops copies
of itself using file names with EXE extensions into those folders.

In addition, this worm terminates several processes, most of which are
related to antivirus and security programs.

TrendLabs has uploaded the following:

TMCM Outbreak Prevention Policy 140
Official Pattern Release 2.375.00
Damage Cleanup Template 495

For more information on WORM_BAGLE.AZ, you can visit our Web site at:
http://www.trendmicro.com/vinfo/virusen ... M_BAGLE.AZ
Contact av_query@support.trendmicro.com for inquiries and to report
infections in your region.

Joseph E. Smith · Post by **Joseph E. Smith** » Thu Jan 27, 2005 6:44 am

Thanks for the heads up Amar!

peeplj · Post by **peeplj** » Thu Jan 27, 2005 7:02 am

I had one of these arrive in my inbox, it made it past Norton AV, so do be careful.

--James

Jack · Post by **Jack** » Thu Jan 27, 2005 7:40 pm

I don't understand it.

Jerry Freeman · Post by **Jerry Freeman** » Thu Jan 27, 2005 8:36 pm

Thanks for the tip, Amar. (Why don't you change the title to something like, "Computer Virus Alert ..." so people will know it's important.)

I went to Symantec's website, and it appears that this virus is now in their current virus definitions, so I did a live update.
http://securityresponse.symantec.com/av ... ba@mm.html

Again, thanks for the tip.

Best wishes,
Jerry

Unseen122 · Post by **Unseen122** » Thu Jan 27, 2005 9:16 pm

Thanks for the warning. I never open this stuff but now I have a reason to be careful.

feadogin · Post by **feadogin** » Fri Jan 28, 2005 10:46 am

I got two emails with this virus this morning so watch out, all! (Don't worry, I did not open them).

Justine

Guitar Kat =^..^= · Post by **Guitar Kat =^..^=** » Fri Jan 28, 2005 3:51 pm

Nothing in Canada yet. I'll keep you posted.

But, those worms sound really deadly... playing with your system files, etc.