01-20-2004, 04:06 AM | #1 |
Ironworks Webmaster
Join Date: January 4, 2001
Location: Lakeland, Florida
Age: 51
Posts: 11,722
|
W32.Beagle.A@mm:
--------------------------------------------- http://securityresponse.symantec.com...agle.a@mm.html Computer users are being warned about a new virus which has spread at "an alarming rate". Internet security firm MessageLabs says it has detected more than 70,000 copies of the W32/Bagle-mm virus in the past 24 hours. The computer virus, or worm, which also appears as W32.Beagle.A@mm, is contained in infected emails as an attachment. The aim of the worm is to spread further by looking for new email addresses in the infected computer, such as in the user's list of contacts. Experts at MessageLabs say it appears the worm is also programmed to send details about all infected computers to website addresses in Germany, though the sites do not yet appear to be up and running. Paul Wood, chief information security analyst at the firm, said: "We have seen over 73,000 copies of Bagle, and this number is rising at an alarming rate." Infected emails include a file attachment ending .exe and the word "hi" in the subject line. The message contains the word "test" followed by the symbol =). Analysis shows the worm has a cut-off date of January 28, a ploy used by hackers in the past to avoid detection. The advice to users is to ensure they update their anti-virus software on a regular basis. --------------------------------------------- And This one: VBS.Zsyang.B@mm --------------------------------------------- http://securityresponse.symantec.com...yang.b@mm.html When VBS.Zsyang.B@mm is executed, it performs the following actions: Copies itself as %Windir%\lover.vbe. --------------------------------------------------------------------------- Note: %Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location. --------------------------------------------------------------------------- Adds the value: "kv3000"="%Windir%\lover.vbe" to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run so that the worm runs when you start Windows. Creates the key: HKEY_CURRENT_USER\Software\a and adds the value: "a"="1" If the value in step 3 does not exist, the worm will perform the following actions: Email itself to the first contact in Outlook address book. Attempt to delete %Windir%\regedit.exe. --------------- end Remember, ALWAYS keep your virus def's up to date. An old virus def is as good as no virus def. |
01-20-2004, 04:44 AM | #2 |
Jack Burton
Join Date: March 21, 2001
Location: Philippines, but now Harbor City Sydney
Age: 41
Posts: 5,556
|
well.. I actually recieved the attachment from someone I dont even know. Thank goodness yahoo's virus scan is up to date. It found it right away.
__________________
Catch me if you can.. |
01-20-2004, 04:54 AM | #3 |
Ma'at - Goddess of Truth & Justice
Join Date: September 15, 2002
Location: Kennewick, WA
Age: 52
Posts: 3,166
|
Hey, thanks for posting this Z!
__________________
|
01-20-2004, 07:22 AM | #4 |
Symbol of Moradin
Join Date: June 5, 2002
Location: Slovenia,Ljubljana
Age: 36
Posts: 8,554
|
Agree!
|
01-20-2004, 08:42 AM | #5 |
Ironworks Moderator
Join Date: March 1, 2001
Location: Upstate NY USA
Posts: 19,737
|
Thanks, Z. I've seen this one a few dozen times at work and home already and didn't open any of them. Didn't recognize the senders and thought it was a little odd to get so many 'hi' messages at once!
__________________
"Don't take life for granted." Animal (may he rest in peace) |
01-20-2004, 08:48 AM | #6 |
Takhisis Follower
Join Date: April 30, 2001
Location: szép Magyarország (well not right now)
Posts: 5,089
|
*Gets out fly swat* bah! nasty bugs!
__________________
Too set in his ways to ever relate If he could set that aside, there'd be heaven to pay But weathered and aged, time swept him to grave Love conquers all? Damn, I'd say that area's gray |
01-20-2004, 08:51 AM | #7 |
Symbol of Cyric
Join Date: March 28, 2003
Location: Australia
Age: 37
Posts: 1,124
|
At least it doesn't spread without you opening it.
There was an item on the news here in Australia that this virus may just be collecting information and is just a test for a new "better" virus to come, hence the name "test". So be prepared |
01-20-2004, 09:14 AM | #8 |
Takhisis Follower
Join Date: April 30, 2001
Location: szép Magyarország (well not right now)
Posts: 5,089
|
I'm shaking in my boots
[ 01-20-2004, 10:06 AM: Message edited by: Vaskez ] |
01-20-2004, 10:01 AM | #9 |
Guest
Posts: n/a
|
Thanks for the warning, Ziroc.
|
01-20-2004, 11:29 AM | #10 | |
Symbol of Cyric
Join Date: March 28, 2003
Location: Australia
Age: 37
Posts: 1,124
|
Quote:
What did annoy me though was that the news here mentioned not to open any files ending in .exe but if an exe is renamed to .com, .bat, .cmd or .scr it'll still execute. So watch out for all those extensions too |
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Virus Alert !!! | Mouse | General Conversation Archives (11/2000 - 01/2005) | 5 | 10-10-2002 10:43 AM |
New virus alert | Campino | General Conversation Archives (11/2000 - 01/2005) | 6 | 12-05-2001 03:10 AM |
Virus alert | *\Conan/* | General Conversation Archives (11/2000 - 01/2005) | 10 | 11-28-2001 02:12 PM |
VIRUS-ALERT get anti virus patch here | TheCrimsomBlade | General Conversation Archives (11/2000 - 01/2005) | 2 | 09-20-2001 12:17 AM |
VIRUS ALERT | Dragonrider | Wizards & Warriors Forum | 11 | 05-31-2001 10:41 PM |