Bagle variant 10

By Per Hansson ยท 4 replies
Mar 3, 2004
  1. The tenth variant of the virus Bagle has now been released. This one is a bit smarter than the others in three ways. It lists it's sender address as your domain, so for Techspot I for example got an e-mail from (which is a nonexistant address btw)

    The content of the e-mail is changed to reflect this, so it reads as it comes from the Techspot division bla bla....

    The smartest thing is that in the e-mail the password is given for the attached compressed encrypted file, what this means is that any e-mail gateways will fail to find the virus since it is encrypted, thus bypassing any security measures and allowing the virus to end up at the local workstations inside your networks. Take big note of this admins!

    Here is a page on F-Secure with further details on the virus.
  2. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    Heh heh, once again it relies on people who not only click on attachments but in this case even decrypt the file :stickout:
  3. ---agissi---

    ---agissi--- TechSpot Paladin Posts: 1,978   +15

    I'd hope most people who do open attachments from spam are smart enough only to do it once....
  4. Masque

    Masque TechSpot Chancellor Posts: 1,058

    I see at least one a day in my inbox......damned annoying if you ask me. But not as much so as if I'd open it. ;)
  5. SNGX1275

    SNGX1275 TS Forces Special Posts: 10,742   +421

    My university got hit pretty good with this one, I got about 10 of them one night, had about 5 the next morning, and then got another one today. It was even more clever it said this
    But the UMR servers are taking care of this now, there still is an attachment, but its not the zip anymore, its just a 224B text (which is what you get when the virus has been removed by umr servers).
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...