Worm_bagle.ac - Yellow alert

#0
09.08.2004, 22:45
Member

Beiträge: 78
#1 As of August 9, 2004, 11:30 AM PST, TrendLabs has declared a YELLOW alert to control the spread of WORM_BAGLE.AC. Several infection reports indicates that this mass-mailing worm is spreading in the United States.

This memory-resident worm is downloaded by TROJ_BAGLE.AC.

It drops copies of itself using the following filenames in the Windows system folder:

* WINDLL.EXE
* WINDLL.EXEOPEN
* WINDLL.EXEOPENOPEN

It sends out .ZIP compressed files containing TR[img]OJ_BAGLE.AC and HTML_BAGLE.AC.

The email it sends has the following details:

From: <spoofed>

Subject: <none>

Message body: new price

Attachment: <any of the following>
price.zip
price2.zip
price_new.zip
price_08.zip
08_price.zip
newprice.zip
new_price.zip
new__price.zip

This PEX-compressed worm runs on Windows 95, 98, ME, NT, 2000, and XP.

http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_BAGLE.AC
Dieser Beitrag wurde am 09.08.2004 um 22:47 Uhr von pcfreak editiert.
Seitenanfang Seitenende