Worm_bagle.af (ab) - Medium Risk alert

#1 As of 4:15 PM July 15, 2004 (GMT -07:00; Daylight Savings Time), TrendLabs has declared a Medium Risk alert to control the spread of this new BAGLE variant that is spreading via email and network shares. Infection reports have been received from the U.S. and Canada.

This worm propagates via email using a built-in mailing engine that utilizes Simple Mail Transfer Protocol (SMTP). Its email arrives spoofed and appears to have been sent from email accounts that it has gathered from the system. It uses the same gathered accounts as the target email addresses that it propagates to.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AF

W32.Beagle.AB@mm is a mass-mailing worm that uses its own SMTP engine to spread through email and opens a backdoor on TCP port 1080. The email will have a variable subject and a file attachment. The attachment will have a .com, .cpl, .exe, .hta, .scr, .vbs, or .zip file extension.

The worm is packed with UPX.

http://www.symantec.com/avcenter/venc/data/w32.beagle.ab@mm.html

#2 Deutsche Infos findet ihr u. a. hier

http://www.golem.de/0407/32397.html
http://www.heise.de/newsticker/meldung/49143
http://www.onlinekosten.de/news/artikel/15033