Worm_Bagle.At ~ Virus Alert

Consigliere's Virus Alert

29th October 2004

A s of October 29, 2004, 2:07 AM (-7:00; Daylight Saving Time), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_BAGLE.AT. TrendLabs has received several infection reports indicating that this malware is spreading in Japan, Sweden, China and Germany.

T his worm uses its own SMTP engine to propagate via email. It arrives as either of the following attachments:

L ike other BAGLE variants, the success of this worm may be attributed to its plain and brief email messages that bear the following details:

From:<spoofed>
Subject any of the following
• Re:
• Re: Hello
• Re: Hi
• Re: Thank you!
• Re: Thanks :)
Message body: any of the following
• :)
• :))
Attachment: any of the following
• PRICE
• JOKE
with the following extension names
• COM
• CPL
• EXE
• SCR

T his worm searches the drive for folders with names containing the string "shared". It then drops itself in these shared folders using certain file names.

TrendLabs has released the following EPS deliverables:

TMCM Outbreak Prevention Policy 131 (as of 2:19 AM)
Official Pattern Release 2.224.00 (as of 2:47 AM)

The following EPS deliverables will soon be available

Damage Cleanup Template 444
NVP 144

F or more information on WORM_BAGLE.AT, you can visit TrendMicro™.com Virus Protection at:
WORM_BAGLE.AT ]

Contact: av_query@support.trendmicro.com ] for inquiries and to report infections in your region.

----------------------------------------------o0o----

IMPORTANT NOTE!
TrendLabs will also be releasing a 3-digit pattern file (982) that corresponds with the pattern indicated in this email. This 3-digit pattern is a special release for users running non-NPF compliant products (i.e., old 3-digit pattern format) and is designed to provide protection against the most current malware threats. Users running non-NPF compliant products are still urged to apply the NPF solution . These users may also upgrade to the latest product version. Only NPF-compliant products will be able to update with regular pattern releases

-----------------------------------------------------

T his message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM).

To view TrendMicro's © permission marketing policy:
http://www.rsvp0.net ]
Copyright 1989-2004 Trend Micro, Inc. All rights reserved
Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014

S elect the below button and a form will appear for you to fill out and send this page to your friends.


get this gear!

This Site Was Built And Is Maintained Exclusively by
The Webmaster @ Consigliere Ltd.

Copyright © Consigliere Ltd., All Rights Reserved. 2001-