Posted on 10/29/2004 7:33:36 AM PDT by FourPeas
IT security experts have warned that a newly intercepted mutant of the infamous mass-mailing Bagle worm, dubbed Bagle.bb, has begun to spread rapidly across the internet.
Over one million email infections were reported within a few hours of the virus being discovered in the wild on Friday morning. The peak infection rate was between 8am and 9am, when virus infection rates trebled from the hour previously, according to email security company BlackSpider Technologies.
This latest Bagle variant, a mass-mailing worm containing its own SMTP engine, comes packed with PeX with the attachment in the executable of a name, McAfee's Avert antivirus team warned.
Bagle.bb harvests addresses from local files and uses them in the 'From' field to send itself. This produces a message with a spoofed 'From' address. The attachment comes in the form of an executable and opens TCP port 81 for remote access of the user's computer.
According to Avert, users should be very wary and delete any email containing the following:
From: [spoofed address]
Subject:
Re:
Re: Hello
Re: Thank you!
Re: Thanks :)
Re: Hi
Message Body:
:)
:))
Attachment: The attachment is an executable of name:
Price
Joke
After being executed, Bagle.bb copies itself into the Windows System directory (C:\WINNT\SYSTEM32\WINGO.EXE). The following Registry key is added to hook system startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run "wingo" = C:\WINNT\SYSTEM32\WINGO.EXE
The following Registry key is also added to store data (within a 'TimeKey' key): HKEY_CURRENT_USER\Software\Params
Bagle.bb also copies itself to folders containing 'shar' in the name, such as common peer-to-peer applications Kazaa, Bearshare, Limewire, etc.
Luis Corrons, head of PandaLabs, said the virus "is here to pick up the cyber war that started a few months ago between several groups of virus creators. This time, it is a malicious code that uses social engineering and can spread extremely rapidly."
I understand that many FReepers dislike Windows and/or Microsoft immensely, however, for some of us it's a part of life. This will likely be the third night this week that Mr. FourPeas may not be home to see his young boys because of various hacks/worms/viruses. Yes, believe it or not, people who seem to be otherwise reasonably intelligent adults become absolute morons when someone sends them an unexpected attachment with a name like "price" or "joke".
I spent many of those sleepless night cleaning up after complete morons also. What always pissed me off was most of them made more money than I did...
My mom is one of the most inexperienced computer users on the face of the planet. It only took me 5 minutes to teach her how to not get infected. I don't share any sympathy for people who get owned by hackers.
Thanks for the heads up. I never open anything if I don't know the sender. I'm passing this info along.
that's REALLY funny.
However, I think an equally bad threat is from so-called adware or spyware that installs itself on your computer and tracks your movements on the Internet. This stuff is nasty and visiting even a single site can clog your computer. My wife had more than 300 pieces of this junk on her laptop causing it to crash. Some of this stuff--so called scum-ware or malware-- even hijacks your browser, installs unending pop up ads or even porn links. Unfortunately most anti-virus programs don't catch this stuff or do not effectively remove it.
The best way to avoid this junk is to stop using Internet Explorer as your browser--try Firefox or Opera and periodically cleaning out your computer with either Spybot or Ad Aware.
Virus Alert!
I just got an advisary from McAfee that Bagel.BD has just been upped to medium.. they're kicking them out today kids! :)
Can't reproduce in penguin DNA.
Malware is a problem that corporations are just beginning to understand. Yet one more utility for IT to install and support.
I know. But there are quite a few on my ping list who haven't evolved into the better OS.
Good information. I'm passing that along as well.
This deserves repeating. A telephone call to verify an attachment is so much easier than trying to cleanse your system.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.