Moparmike
Member
Request Float: New virus spreading around!
Mods, could I get a float for a day or two? I have already recieved 3 copies of this in the last half-hour. Thanks.
Most of the Anti-Virus venders are calling it
Bagle.B. This virus harvests email addresses from infected computers and
uses those addresses as the To: address while spoofing the From:
address. The primary characteristics of the emails it sends are as follows:
* Subject: ID <6 random characters>... thanks
* Body:
* Yours ID <9 random characters>
* - -
* Thank
* Attachment: <7 random characters>.exe
If the attachment is opened, it will create a backdoor on tcp port 8866 and
will search 4 websites for email addresses to announce the IP address of
the infected computer to would-be hackers. Afterwards the infected
computer will start mass-mailing the virus laden emails to any email
addresses it finds on the infected computer.
For more technical details please check the following websites.
Symantec - http://www.sarc.com/avcenter/venc/data/[email protected]
McAfee -
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101030
Sophos - http://www.sophos.com/virusinfo/analyses/w32tanxa.html
Internet Storm Center - http://isc.sans.org/
(or your favorite Anti-Virus Vendor's website)
Mods, could I get a float for a day or two? I have already recieved 3 copies of this in the last half-hour. Thanks.
Most of the Anti-Virus venders are calling it
Bagle.B. This virus harvests email addresses from infected computers and
uses those addresses as the To: address while spoofing the From:
address. The primary characteristics of the emails it sends are as follows:
* Subject: ID <6 random characters>... thanks
* Body:
* Yours ID <9 random characters>
* - -
* Thank
* Attachment: <7 random characters>.exe
If the attachment is opened, it will create a backdoor on tcp port 8866 and
will search 4 websites for email addresses to announce the IP address of
the infected computer to would-be hackers. Afterwards the infected
computer will start mass-mailing the virus laden emails to any email
addresses it finds on the infected computer.
For more technical details please check the following websites.
Symantec - http://www.sarc.com/avcenter/venc/data/[email protected]
McAfee -
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101030
Sophos - http://www.sophos.com/virusinfo/analyses/w32tanxa.html
Internet Storm Center - http://isc.sans.org/
(or your favorite Anti-Virus Vendor's website)