also @ TechSpot: Samsung considers LCD unit spinoff to focus on OLED
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Sign up or Login to participate.
Go Back   TechSpot OpenBoards > TechSpot Community > General Discussion
Reload this Page Bagle variant 10

Collaborate in the cloud with Office, Exchange, SharePoint, and Lync

Bagle variant 10
Thread Tools Search this Thread
  #1  
Old 03-03-2004
Per Hansson's Avatar
TechSpot Server Guru
  
Location: Sweden
Member since: Feb 2002, 1,513 posts
System specs
Bagle variant 10
The tenth variant of the virus Bagle has now been released. This one is a bit smarter than the others in three ways. It lists it's sender address as your domain, so for Techspot I for example got an e-mail from support@techspot.com (which is a nonexistant address btw)

The content of the e-mail is changed to reflect this, so it reads as it comes from the Techspot division bla bla....

The smartest thing is that in the e-mail the password is given for the attached compressed encrypted file, what this means is that any e-mail gateways will fail to find the virus since it is encrypted, thus bypassing any security measures and allowing the virus to end up at the local workstations inside your networks. Take big note of this admins!

Here is a page on F-Secure with further details on the virus.
__________________
"The one who says it cannot be done should never interrupt the one who is doing it."
  #2  
Old 03-03-2004
Mictlantecuhtli's Avatar
TechSpot Special Forces
  
Location: Finland
Member since: Feb 2002, 4,886 posts
System specs
Heh heh, once again it relies on people who not only click on attachments but in this case even decrypt the file
  #3  
Old 03-03-2004
---agissi---'s Avatar
TechSpot Paladin
  
Location: Montana
Member since: Mar 2002, 2,304 posts
I'd hope most people who do open attachments from spam are smart enough only to do it once....
  #4  
Old 03-04-2004
Masque's Avatar
TechSpot Chancellor
  
Location: Auburn, MI, USA
Member since: Dec 2003, 1,212 posts
System specs
I see at least one a day in my inbox......damned annoying if you ask me. But not as much so as if I'd open it.
  #5  
Old 03-04-2004
SNGX1275's Avatar
TechSpot Forces Special
  
Location: Rolla, Missouri, USA
Member since: Feb 2002, 10,813 posts
System specs
My university got hit pretty good with this one, I got about 10 of them one night, had about 5 the next morning, and then got another one today. It was even more clever it said this
Quote:
Dear user, the management of UMR.EDU mailing system wants to let you know that,

Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

For more information see the attached file.

For security purposes the attached file is password protected. Password is "02327".

Best wishes,
The UMR.EDU team http://www.uMR.EDU
But the UMR servers are taking care of this now, there still is an attachment, but its not the zip anymore, its just a 224B text (which is what you get when the virus has been removed by umr servers).
Closed Thread

Similar Topics
Topic Replies Forum
Worm Bagle.genc-logs included 0 Virus and Malware Removal
Win32/Bagle.gen!C / 8-Steps Complete 10 Virus and Malware Removal
New Bagle worm variant 0 General Discussion
Bagle Virus Still At Large 1 General Discussion
Two New Bagle Worm Variants 0 General Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
All times are GMT -4. The time now is 08:17 PM.